(1) Retain a signature in an asymmetric-type key and associate with it the
identifiers that will match a key that can be used to verify it.
(2) Differentiate an X.509 cert that cannot be used versus one that cannot
be verified due to unavailable crypto. This is noted in the
structures involved.
(3) Determination of the self-signedness of an X.509 cert is improved to
include checks on the subject/issuer names and the key
algorithm/signature algorithm types.
(4) Self-signed X.509 certificates are consistency checked early on if the
appropriate crypto is available.
Signed-off-by: David Howells <dhowells@redhat.com>
projects / linux-beck.git / commit