diff options
| author | David Howells <[email protected]> | 2015-07-20 20:16:33 +0000 |
|---|---|---|
| committer | David Howells <[email protected]> | 2015-08-12 16:01:01 +0000 |
| commit | ed8c20762a314124cbdd62e9d3e8aa7aa2a16020 (patch) | |
| tree | c92b41d3ff5f5971061631459029edadae904df6 /scripts/extract-cert.c | |
| parent | PKCS#7: Support CMS messages also [RFC5652] (diff) | |
| download | kernel-ed8c20762a314124cbdd62e9d3e8aa7aa2a16020.tar.gz kernel-ed8c20762a314124cbdd62e9d3e8aa7aa2a16020.zip | |
sign-file: Generate CMS message as signature instead of PKCS#7
Make sign-file use the OpenSSL CMS routines to generate a message to be
used as the signature blob instead of the PKCS#7 routines. This allows us
to change how the matching X.509 certificate is selected. With PKCS#7 the
only option is to match on the serial number and issuer fields of an X.509
certificate; with CMS, we also have the option of matching by subjectKeyId
extension. The new behaviour is selected with the "-k" flag.
Without the -k flag specified, the output is pretty much identical to the
PKCS#7 output.
Whilst we're at it, don't include the S/MIME capability list in the message
as it's irrelevant to us.
Signed-off-by: David Howells <[email protected]>
Reviewed-By: David Woodhouse <[email protected]
Diffstat (limited to 'scripts/extract-cert.c')
0 files changed, 0 insertions, 0 deletions