pefile: Validate PKCS#7 trust chain

Validate the PKCS#7 trust chain against the contents of the system keyring.

Signed-off-by: David Howells <dhowells@redhat.com>
Acked-by: Vivek Goyal <vgoyal@redhat.com>
This commit is contained in:
David Howells 2014-07-01 16:02:52 +01:00
parent af316fc442
commit 98801c002f
1 changed files with 1 additions and 1 deletions

View File

@ -449,7 +449,7 @@ int verify_pefile_signature(const void *pebuf, unsigned pelen,
if (ret < 0)
goto error;
ret = -ENOANO; // Not yet complete
ret = pkcs7_validate_trust(pkcs7, trusted_keyring, _trusted);
error:
pkcs7_free_message(ctx.pkcs7);