aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
Diffstat
-rw-r--r--src/libstrongswan/plugins/x509/x509_crl.c2
-rw-r--r--src/pki/commands/signcrl.c4
2 files changed, 3 insertions, 3 deletions
diff --git a/src/libstrongswan/plugins/x509/x509_crl.c b/src/libstrongswan/plugins/x509/x509_crl.c
index 4bd0470d3..9a0010299 100644
--- a/src/libstrongswan/plugins/x509/x509_crl.c
+++ b/src/libstrongswan/plugins/x509/x509_crl.c
@@ -388,7 +388,7 @@ METHOD(certificate_t, issued_by, bool,
{
return FALSE;
}
- if (!(x509->get_flags(x509) & X509_CA))
+ if (!(x509->get_flags(x509) & (X509_CA | X509_CRL_SIGN)))
{
return FALSE;
}
diff --git a/src/pki/commands/signcrl.c b/src/pki/commands/signcrl.c
index 24bf9123f..87d585363 100644
--- a/src/pki/commands/signcrl.c
+++ b/src/pki/commands/signcrl.c
@@ -262,9 +262,9 @@ static int sign_crl()
goto error;
}
x509 = (x509_t*)ca;
- if (!(x509->get_flags(x509) & X509_CA))
+ if (!(x509->get_flags(x509) & (X509_CA | X509_CRL_SIGN)))
{
- error = "CA certificate misses CA basicConstraint";
+ error = "CA certificate misses CA basicConstraint / CRLSign keyUsage";
goto error;
}
public = ca->get_public_key(ca);
generated by cgit v1.2.3 (git 2.25.1) at 2025-09-15 08:39:11 +0000