summaryrefslogtreecommitdiffstats
path: root/src/util/cert/nss/cert.c
diff options
context:
space:
mode:
Diffstat (limited to 'src/util/cert/nss/cert.c')
-rw-r--r--src/util/cert/nss/cert.c20
1 files changed, 11 insertions, 9 deletions
diff --git a/src/util/cert/nss/cert.c b/src/util/cert/nss/cert.c
index fbd063cf5..9c1c965dd 100644
--- a/src/util/cert/nss/cert.c
+++ b/src/util/cert/nss/cert.c
@@ -223,7 +223,7 @@ done:
errno_t cert_to_ssh_key(TALLOC_CTX *mem_ctx, const char *ca_db,
const uint8_t *der_blob, size_t der_size,
- bool do_ocsp,
+ struct cert_verify_opts *cert_verify_opts,
uint8_t **key, size_t *key_size)
{
CERTCertDBHandle *handle;
@@ -259,7 +259,7 @@ errno_t cert_to_ssh_key(TALLOC_CTX *mem_ctx, const char *ca_db,
handle = CERT_GetDefaultCertDB();
- if (do_ocsp) {
+ if (cert_verify_opts->do_ocsp) {
rv = CERT_EnableOCSPChecking(handle);
if (rv != SECSuccess) {
DEBUG(SSSDBG_OP_FAILURE, "CERT_EnableOCSPChecking failed: [%d].\n",
@@ -278,13 +278,15 @@ errno_t cert_to_ssh_key(TALLOC_CTX *mem_ctx, const char *ca_db,
goto done;
}
- rv = CERT_VerifyCertificateNow(handle, cert, PR_TRUE,
- certificateUsageSSLClient, NULL, NULL);
- if (rv != SECSuccess) {
- DEBUG(SSSDBG_CRIT_FAILURE, "CERT_VerifyCertificateNow failed [%d].\n",
- PR_GetError());
- ret = EACCES;
- goto done;
+ if (cert_verify_opts->do_verification) {
+ rv = CERT_VerifyCertificateNow(handle, cert, PR_TRUE,
+ certificateUsageSSLClient, NULL, NULL);
+ if (rv != SECSuccess) {
+ DEBUG(SSSDBG_CRIT_FAILURE, "CERT_VerifyCertificateNow failed [%d].\n",
+ PR_GetError());
+ ret = EACCES;
+ goto done;
+ }
}
cert_pub_key = CERT_ExtractPublicKey(cert);
generated by cgit (git 2.34.1) at 2024-06-23 22:05:15 +0000