Don't reject all binaries without a certificate database. - efi-boot-shim.git - (mirror of https://github.com/vyos/efi-boot-shim.git)

diff options

author	Peter Jones <pjones@redhat.com>	2013-10-22 13:40:08 -0400
committer	Peter Jones <pjones@redhat.com>	2013-10-22 13:40:08 -0400
commit	8044a321f94e0196dbc1ff7764944f5710438e29 (patch)
tree	c1e31d59fd391537d77bf1b13171ebca24118a8e /Cryptlib/OpenSSL/crypto/ecdh/ech_lib.c
parent	a0df78b73f922bde50e753d46e9276777bf883ac (diff)
download	efi-boot-shim-8044a321f94e0196dbc1ff7764944f5710438e29.tar.gz efi-boot-shim-8044a321f94e0196dbc1ff7764944f5710438e29.zip

Don't reject all binaries without a certificate database.

If a binary isn't signed, but its hash is enrolled in db, it won't have a certificate database. So in those cases, don't check it against certificate databases in db/dbx/etc, but we don't need to reject it outright. Signed-off-by: Peter Jones <pjones@redhat.com>

Diffstat (limited to 'Cryptlib/OpenSSL/crypto/ecdh/ech_lib.c')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: