x509: Don't include authKeyIdentifier in self-signed certificates
authorTobias Brunner <tobias@strongswan.org>
Wed, 9 Apr 2014 13:28:54 +0000 (15:28 +0200)
committerTobias Brunner <tobias@strongswan.org>
Wed, 9 Apr 2014 14:06:18 +0000 (16:06 +0200)
As the comment indicates this was the intention in
d7be2906433a7dcfefc1fd732587865688dbfe1b all along.

src/libstrongswan/plugins/x509/x509_cert.c

index cdffd34..9fd869e 100644 (file)
@@ -2174,7 +2174,7 @@ static bool generate(private_x509_cert_t *cert, certificate_t *sign_cert,
        }
 
        /* add the keyid authKeyIdentifier for non self-signed certificates */
-       if (sign_key)
+       if (sign_cert)
        {
                chunk_t keyid;