The branch, master has been updated
via b12a33e2251 third_party/heimdal: import
lorikeet-heimdal-202311290849 (commit 84fb4579594a5fd8f8462450777eb24d5832be07)
via f65a17e7abb lib:crypto: Use bytearray macros
from 83edfcff5cc vfs_ceph: call 'ceph_fgetxattr' only if valid fd
https://git.samba.org/?p=samba.git;a=shortlog;h=master
- Log -----------------------------------------------------------------
commit b12a33e225197ec71285586ec44140b421f2e5c6
Author: Andrew Bartlett <abart...@samba.org>
Date: Wed Nov 29 22:46:28 2023 +1300
third_party/heimdal: import lorikeet-heimdal-202311290849 (commit
84fb4579594a5fd8f8462450777eb24d5832be07)
Some of our pending PRs for Heimdal were recently accepted,
so this brings in a new update (mostly improved spelling).
Signed-off-by: Andrew Bartlett <abart...@samba.org>
Reviewed-by: Joseph Sutton <josephsut...@catalyst.net.nz>
Autobuild-User(master): Andrew Bartlett <abart...@samba.org>
Autobuild-Date(master): Thu Nov 30 21:25:56 UTC 2023 on atb-devel-224
commit f65a17e7abb83b2d352fd7f75d3a32b7a729b76c
Author: Andreas Schneider <a...@samba.org>
Date: Thu Nov 30 08:32:45 2023 +0100
lib:crypto: Use bytearray macros
Do not use old macros which are not descriptive by the name.
Signed-off-by: Andreas Schneider <a...@samba.org>
Reviewed-by: Joseph Sutton <josephsut...@catalyst.net.nz>
-----------------------------------------------------------------------
Summary of changes:
lib/crypto/gnutls_sp800_108.c | 4 +-
third_party/heimdal/kdc/kerberos5.c | 17 +++---
third_party/heimdal/kdc/krb5tgs.c | 2 +-
third_party/heimdal/kdc/pkinit.c | 10 ++--
third_party/heimdal/kuser/kinit.c | 2 +-
third_party/heimdal/lib/base/json.c | 2 +-
third_party/heimdal/lib/hdb/ext.c | 8 +--
third_party/heimdal/lib/hx509/cert.c | 26 ++++-----
third_party/heimdal/lib/hx509/cms.c | 64 +++++++++++-----------
third_party/heimdal/lib/hx509/crypto-ec.c | 2 +-
third_party/heimdal/lib/hx509/crypto.c | 4 +-
third_party/heimdal/lib/hx509/hx509_err.et | 2 +-
third_party/heimdal/lib/hx509/req.c | 2 +-
third_party/heimdal/lib/hx509/revoke.c | 32 +++++------
third_party/heimdal/lib/hx509/test_cms.in | 2 +-
third_party/heimdal/lib/kadm5/bump_pw_expire.c | 7 ++-
third_party/heimdal/lib/krb5/cache.c | 4 +-
third_party/heimdal/lib/krb5/crypto.c | 10 ++--
third_party/heimdal/lib/krb5/digest.c | 2 +-
third_party/heimdal/lib/krb5/init_creds_pw.c | 34 ++++++------
third_party/heimdal/lib/krb5/krb5.conf.5 | 3 +-
third_party/heimdal/lib/krb5/krb5_err.et | 2 +-
third_party/heimdal/lib/krb5/pac.c | 4 +-
third_party/heimdal/lib/krb5/pkinit.c | 16 +++---
third_party/heimdal/lib/krb5/store.c | 34 ++++++------
third_party/heimdal/lib/roken/parse_time-test.c | 1 +
third_party/heimdal/lib/wind/utf8.c | 8 +--
third_party/heimdal/po/heimdal_krb5/de.po | 2 +-
.../heimdal/po/heimdal_krb5/heimdal_krb5.pot | 2 +-
third_party/heimdal/po/heimdal_krb5/sv_SE.po | 2 +-
30 files changed, 159 insertions(+), 151 deletions(-)
Changeset truncated at 500 lines:
diff --git a/lib/crypto/gnutls_sp800_108.c b/lib/crypto/gnutls_sp800_108.c
index dc04354d3d2..65710657bae 100644
--- a/lib/crypto/gnutls_sp800_108.c
+++ b/lib/crypto/gnutls_sp800_108.c
@@ -41,7 +41,7 @@ static NTSTATUS samba_gnutls_sp800_108_derive_key_part(
static const uint8_t zero = 0;
int rc;
- RSIVAL(buf, 0, i);
+ PUSH_BE_U32(buf, 0, i);
rc = gnutls_hmac(hmac_hnd, buf, sizeof(buf));
if (rc < 0) {
return gnutls_error_to_ntstatus(rc,
@@ -69,7 +69,7 @@ static NTSTATUS samba_gnutls_sp800_108_derive_key_part(
return gnutls_error_to_ntstatus(
rc, NT_STATUS_HMAC_NOT_SUPPORTED);
}
- RSIVAL(buf, 0, L);
+ PUSH_BE_U32(buf, 0, L);
rc = gnutls_hmac(hmac_hnd, buf, sizeof(buf));
if (rc < 0) {
return gnutls_error_to_ntstatus(
diff --git a/third_party/heimdal/kdc/kerberos5.c
b/third_party/heimdal/kdc/kerberos5.c
index 76cecd3e12f..5991711a289 100644
--- a/third_party/heimdal/kdc/kerberos5.c
+++ b/third_party/heimdal/kdc/kerberos5.c
@@ -1125,7 +1125,7 @@ pa_enc_ts_validate(astgs_request_t r, const PA_DATA *pa)
ret = pa_enc_ts_decrypt_kvno(r, kvno, &enc_data, &ts_data, &pa_key);
if (ret == KRB5KDC_ERR_ETYPE_NOSUPP) {
char *estr;
- _kdc_set_e_text(r, "No key matching entype");
+ _kdc_set_e_text(r, "No key matching enctype");
if(krb5_enctype_to_string(r->context, enc_data.etype, &estr))
estr = NULL;
if(estr == NULL)
@@ -1143,6 +1143,7 @@ pa_enc_ts_validate(astgs_request_t r, const PA_DATA *pa)
kvno);
goto out;
}
+
if (ret == KRB5KDC_ERR_PREAUTH_FAILED) {
krb5_error_code ret2;
const char *msg = krb5_get_error_message(r->context, ret);
@@ -1211,7 +1212,7 @@ pa_enc_ts_validate(astgs_request_t r, const PA_DATA *pa)
krb5_data_free(&ts_data);
if(ret){
ret = KRB5KDC_ERR_PREAUTH_FAILED;
- _kdc_r_log(r, 4, "Failed to decode PA-ENC-TS_ENC -- %s",
+ _kdc_r_log(r, 4, "Failed to decode PA-ENC-TS-ENC -- %s",
r->cname);
goto out;
}
@@ -1846,7 +1847,7 @@ get_pa_etype_info2(krb5_context context,
}
/*
- * Return 0 if the client have only older enctypes, this is for
+ * Return 0 if the client has only older enctypes, this is for
* determining if the server should send ETYPE_INFO2 or not.
*/
@@ -2895,7 +2896,7 @@ _kdc_as_rep(astgs_request_t r)
if(r->client->flags.postdate && r->server->flags.postdate)
r->et.flags.may_postdate = f.allow_postdate;
else if (f.allow_postdate){
- _kdc_set_e_text(r, "Ticket may not be postdate");
+ _kdc_set_e_text(r, "Ticket may not be postdateable");
ret = KRB5KDC_ERR_POLICY;
goto out;
}
@@ -2936,7 +2937,7 @@ _kdc_as_rep(astgs_request_t r)
_kdc_fix_time(&b->till);
t = *b->till;
- /* be careful not overflowing */
+ /* be careful not to overflow */
/*
* Pre-auth can override r->client->max_life if configured.
@@ -3075,7 +3076,7 @@ _kdc_as_rep(astgs_request_t r)
}
/*
- * Check and session and reply keys
+ * Check session and reply keys
*/
if (r->session_key.keytype == ETYPE_NULL) {
@@ -3085,7 +3086,7 @@ _kdc_as_rep(astgs_request_t r)
}
if (r->reply_key.keytype == ETYPE_NULL) {
- _kdc_set_e_text(r, "Client have no reply key");
+ _kdc_set_e_text(r, "Client has no reply key");
ret = KRB5KDC_ERR_CLIENT_NOTYET;
goto out;
}
@@ -3169,7 +3170,7 @@ _kdc_as_rep(astgs_request_t r)
goto out;
/*
- * Check if message too large
+ * Check if message is too large
*/
if (r->datagram_reply && r->reply->length >
config->max_datagram_reply_length) {
krb5_data_free(r->reply);
diff --git a/third_party/heimdal/kdc/krb5tgs.c
b/third_party/heimdal/kdc/krb5tgs.c
index af80450c4b0..d744f5610f3 100644
--- a/third_party/heimdal/kdc/krb5tgs.c
+++ b/third_party/heimdal/kdc/krb5tgs.c
@@ -1789,7 +1789,7 @@ server_lookup:
break;
if(i == b->etype.len) {
kdc_log(context, config, 4,
- "Addition ticket have not matching etypes");
+ "Addition ticket has no matching etypes");
krb5_clear_error_message(context);
ret = KRB5KDC_ERR_ETYPE_NOSUPP;
kdc_audit_addreason((kdc_request_t)priv,
diff --git a/third_party/heimdal/kdc/pkinit.c b/third_party/heimdal/kdc/pkinit.c
index 255441ce071..c853359bbc2 100644
--- a/third_party/heimdal/kdc/pkinit.c
+++ b/third_party/heimdal/kdc/pkinit.c
@@ -534,8 +534,8 @@ _kdc_pk_rd_padata(astgs_request_t priv,
}
/*
- * If the client sent more then 10 EDI, don't bother
- * looking more then 10 of performance reasons.
+ * If the client sent more than 10 EDIs, don't bother
+ * looking at more than 10 for performance reasons.
*/
maxedi = edi->len;
if (maxedi > 10)
@@ -873,7 +873,7 @@ pk_mk_pa_reply_enckey(krb5_context context,
*kdc_cert = NULL;
/*
- * If the message client is a win2k-type but it send pa data
+ * If the message client is a win2k-type but it sends pa data
* 09-binding it expects a IETF (checksum) reply so there can be
* no replay attacks.
*/
@@ -1533,7 +1533,7 @@ _kdc_pk_mk_pa_reply(astgs_request_t r, pk_client_params
*cp)
krb5_data_free(&ocsp.data);
ocsp.expire = 0;
} else if (ocsp.expire > 180) {
- ocsp.expire -= 180; /* refetch the ocsp before it expire */
+ ocsp.expire -= 180; /* refetch the ocsp before it expires */
ocsp.next_update = ocsp.expire;
} else {
ocsp.next_update = kdc_time;
@@ -1808,7 +1808,7 @@ _kdc_pk_check_client(astgs_request_t r,
if (strcmp(*subject_name, acl->val[0].subject) != 0)
continue;
- /* Don't support isser and anchor checking right now */
+ /* Don't support issuer and anchor checking right now */
if (acl->val[0].issuer)
continue;
if (acl->val[0].anchor)
diff --git a/third_party/heimdal/kuser/kinit.c
b/third_party/heimdal/kuser/kinit.c
index 8df1c1b796f..9a2fac642ad 100644
--- a/third_party/heimdal/kuser/kinit.c
+++ b/third_party/heimdal/kuser/kinit.c
@@ -221,7 +221,7 @@ static struct getargs args[] = {
NP_("use this credential cache as FAST armor cache", ""), "cache" },
{ "use-referrals", 0, arg_flag, &use_referrals_flag,
- NP_("only use referrals, no dns canalisation", ""), NULL },
+ NP_("only use referrals, no dns canonicalisation", ""), NULL },
{ "windows", 0, arg_flag, &windows_flag,
NP_("get windows behavior", ""), NULL },
diff --git a/third_party/heimdal/lib/base/json.c
b/third_party/heimdal/lib/base/json.c
index 4fa0f2d5aff..ed4ea683308 100644
--- a/third_party/heimdal/lib/base/json.c
+++ b/third_party/heimdal/lib/base/json.c
@@ -976,7 +976,7 @@ parse_string(struct parse_ctx *ctx)
/* NUL-terminate for rk_base64_decode() and plain paranoia */
if (p0 != NULL && p == pend) {
/*
- * Work out how far p is into p0 to re-esablish p after
+ * Work out how far p is into p0 to re-establish p after
* the realloc()
*/
size_t p0_to_pend_len = (pend - p0);
diff --git a/third_party/heimdal/lib/hdb/ext.c
b/third_party/heimdal/lib/hdb/ext.c
index 48683ef1607..465a235f744 100644
--- a/third_party/heimdal/lib/hdb/ext.c
+++ b/third_party/heimdal/lib/hdb/ext.c
@@ -43,7 +43,7 @@ hdb_entry_check_mandatory(krb5_context context, const
hdb_entry *ent)
return 0;
/*
- * check for unknown extensions and if they where tagged mandatory
+ * check for unknown extensions and if they were tagged mandatory
*/
for (i = 0; i < ent->extensions->len; i++) {
@@ -52,7 +52,7 @@ hdb_entry_check_mandatory(krb5_context context, const
hdb_entry *ent)
continue;
if (ent->extensions->val[i].mandatory) {
krb5_set_error_message(context, HDB_ERR_MANDATORY_OPTION,
- "Principal have unknown "
+ "Principal has unknown "
"mandatory extension");
return HDB_ERR_MANDATORY_OPTION;
}
@@ -592,7 +592,7 @@ hdb_validate_key_rotation(krb5_context context,
if (new_kr->base_kvno <= last_kvno) {
krb5_set_error_message(context, EINVAL,
"New key rotation base kvno must be larger "
- "the last kvno for the current key "
+ "than the last kvno for the current key "
"rotation (%u)", last_kvno);
return EINVAL;
}
@@ -751,7 +751,7 @@ hdb_entry_add_key_rotation(krb5_context context,
((kr->epoch - prev_kr->epoch) / prev_kr->period))) {
krb5_set_error_message(context, EINVAL,
"New key rotation base kvno must be larger "
- "the last kvno for the current key "
+ "than the last kvno for the current key "
"rotation (%u)", last_kvno);
return EINVAL;
}
diff --git a/third_party/heimdal/lib/hx509/cert.c
b/third_party/heimdal/lib/hx509/cert.c
index e7e2423c54d..4fcb4ba8da9 100644
--- a/third_party/heimdal/lib/hx509/cert.c
+++ b/third_party/heimdal/lib/hx509/cert.c
@@ -237,13 +237,13 @@ hx509_set_warn_dest(hx509_context context,
heim_log_facility *fac)
/**
* Selects if the hx509_revoke_verify() function is going to require
- * the existans of a revokation method (OCSP, CRL) or not. Note that
- * hx509_verify_path(), hx509_cms_verify_signed(), and other function
+ * the existence of a revocation method (OCSP, CRL) or not. Note that
+ * hx509_verify_path(), hx509_cms_verify_signed(), and other functions
* call hx509_revoke_verify().
*
* @param context hx509 context to change the flag for.
- * @param flag zero, revokation method required, non zero missing
- * revokation method ok
+ * @param flag zero, revocation method required, non zero missing
+ * revocation method ok
*
* @ingroup hx509_verify
*/
@@ -555,7 +555,7 @@ hx509_cert_ref(hx509_cert cert)
}
/**
- * Allocate an verification context that is used fo control the
+ * Allocate an verification context that is used to control the
* verification process.
*
* @param context A hx509 context.
@@ -952,7 +952,7 @@ hx509_cert_find_subjectAltName_otherName(hx509_context
context,
ret = add_to_list(list, &sa.val[j].u.otherName.value);
if (ret) {
hx509_set_error_string(context, 0, ret,
- "Error adding an exra SAN to "
+ "Error adding an extra SAN to "
"return list");
hx509_free_octet_string_list(list);
free_GeneralNames(&sa);
@@ -2436,7 +2436,7 @@ hx509_verify_path(hx509_context context,
/*
* The subject name of the proxy certificate should be
- * CN=XXX,<proxy issuer>, prune of CN and check if its
+ * CN=XXX,<proxy issuer>. Prune off CN and check if it's
* the same over the whole chain of proxy certs and
* then check with the EE cert when we get to it.
*/
@@ -2496,7 +2496,7 @@ hx509_verify_path(hx509_context context,
} else {
/*
* Now we are done with the proxy certificates, this
- * cert was an EE cert and we we will fall though to
+ * cert was an EE cert and we will fall though to
* EE checking below.
*/
type = EE_CERT;
@@ -2505,9 +2505,9 @@ hx509_verify_path(hx509_context context,
HEIM_FALLTHROUGH;
case EE_CERT:
/*
- * If there where any proxy certificates in the chain
+ * If there were any proxy certificates in the chain
* (proxy_cert_depth > 0), check that the proxy issuer
- * matched proxy certificates "base" subject.
+ * matched the proxy certificate's "base" subject.
*/
if (proxy_cert_depth) {
@@ -2598,7 +2598,7 @@ hx509_verify_path(hx509_context context,
}
/*
- * Verify that no certificates has been revoked.
+ * Verify that no certificates have been revoked.
*/
if (ctx->revoke_ctx) {
@@ -2681,7 +2681,7 @@ hx509_verify_path(hx509_context context,
goto out;
}
/*
- * Verify that the sigature algorithm is not weak. Ignore
+ * Verify that the signature algorithm is not weak. Ignore
* trust anchors since they are provisioned by the user.
*/
@@ -2708,7 +2708,7 @@ out:
* @param signer the certificate that made the signature.
* @param alg algorthm that was used to sign the data.
* @param data the data that was signed.
- * @param sig the sigature to verify.
+ * @param sig the signature to verify.
*
* @return An hx509 error code, see hx509_get_error_string().
*
diff --git a/third_party/heimdal/lib/hx509/cms.c
b/third_party/heimdal/lib/hx509/cms.c
index 8615f03ee81..1723f3a6424 100644
--- a/third_party/heimdal/lib/hx509/cms.c
+++ b/third_party/heimdal/lib/hx509/cms.c
@@ -117,8 +117,8 @@ hx509_cms_wrap_ContentInfo(const heim_oid *oid,
* @param in the encoded buffer.
* @param oid type of the content.
* @param out data to be wrapped.
- * @param have_data since the data is optional, this flags show dthe
- * diffrence between no data and the zero length data.
+ * @param have_data since the data is optional, this flag shows the
+ * difference between no data and the zero length data.
*
* @return Returns an hx509 error code.
*
@@ -250,7 +250,7 @@ unparse_CMSIdentifier(hx509_context context,
break;
}
default:
- ret = asprintf(str, "certificate have unknown CMSidentifier type");
+ ret = asprintf(str, "certificate has unknown CMSidentifier type");
break;
}
/*
@@ -331,7 +331,7 @@ find_CMSIdentifier(hx509_context context,
/**
* Decode and unencrypt EnvelopedData.
*
- * Extract data and parameteres from from the EnvelopedData. Also
+ * Extract data and parameters from the EnvelopedData. Also
* supports using detached EnvelopedData.
*
* @param context A hx509 context.
@@ -342,7 +342,7 @@ find_CMSIdentifier(hx509_context context,
* EnvelopedData stucture.
* @param length length of the data that data point to.
* @param encryptedContent in case of detached signature, this
- * contains the actual encrypted data, othersize its should be NULL.
+ * contains the actual encrypted data, otherwise it should be NULL.
* @param time_now set the current time, if zero the library uses now as the
date.
* @param contentType output type oid, should be freed with der_free_oid().
* @param content the data, free with der_free_octet_string().
@@ -437,7 +437,7 @@ hx509_cms_unenvelope(hx509_context context,
hx509_cert_free(cert);
if (ret == 0)
- break; /* succuessfully decrypted cert */
+ break; /* successfully decrypted cert */
cert = NULL;
ret2 = unparse_CMSIdentifier(context, &ri->rid, &str);
if (ret2 == 0) {
@@ -531,17 +531,17 @@ out:
}
/**
- * Encrypt end encode EnvelopedData.
+ * Encrypt and encode EnvelopedData.
*
* Encrypt and encode EnvelopedData. The data is encrypted with a
* random key and the the random key is encrypted with the
- * certificates private key. This limits what private key type can be
+ * certificate's private key. This limits what private key type can be
* used to RSA.
*
* @param context A hx509 context.
* @param flags flags to control the behavior.
* - HX509_CMS_EV_NO_KU_CHECK - Don't check KU on certificate
- * - HX509_CMS_EV_ALLOW_WEAK - Allow weak crytpo
+ * - HX509_CMS_EV_ALLOW_WEAK - Allow weak crypto
* - HX509_CMS_EV_ID_NAME - prefer issuer name and serial number
* @param cert Certificate to encrypt the EnvelopedData encryption key
* with.
@@ -773,12 +773,12 @@ find_attribute(const CMSAttributes *attr, const heim_oid
*oid)
*
* @param context A hx509 context.
* @param ctx a hx509 verify context.
- * @param flags to control the behaivor of the function.
+ * @param flags to control the behavior of the function.
* - HX509_CMS_VS_NO_KU_CHECK - Don't check KeyUsage
* - HX509_CMS_VS_ALLOW_DATA_OID_MISMATCH - allow oid mismatch
* - HX509_CMS_VS_ALLOW_ZERO_SIGNER - no signer, see below.
* @param data pointer to CMS SignedData encoded data.
- * @param length length of the data that data point to.
+ * @param length length of the data that data points to.
* @param signedContent external data used for signature.
* @param pool certificate pool to build certificates paths.
* @param contentType free with der_free_oid().
@@ -829,7 +829,7 @@ hx509_cms_verify_signed(hx509_context context,
* - HX509_CMS_VS_ALLOW_DATA_OID_MISMATCH - allow oid mismatch
* - HX509_CMS_VS_ALLOW_ZERO_SIGNER - no signer, see below.
* @param data pointer to CMS SignedData encoded data.
- * @param length length of the data that data point to.
+ * @param length length of the data that data points to.
* @param signedContent external data used for signature.
* @param pool certificate pool to build certificates paths.
* @param contentType free with der_free_oid().
@@ -939,7 +939,7 @@ hx509_cms_verify_signed_ext(hx509_context context,
ret = HX509_CMS_MISSING_SIGNER_DATA;
hx509_set_error_string(context, 0, ret,
"SignerInfo %zu in SignedData "
- "missing sigature", i);
+ "missing signature", i);
continue;
}
@@ -972,22 +972,22 @@ hx509_cms_verify_signed_ext(hx509_context context,
sa.val = signer_info->signedAttrs->val;
sa.len = signer_info->signedAttrs->len;
- /* verify that sigature exists */
+ /* verify that signature exists */
attr = find_attribute(&sa, &asn1_oid_id_pkcs9_messageDigest);
if (attr == NULL) {
ret = HX509_CRYPTO_SIGNATURE_MISSING;
hx509_set_error_string(context, 0, ret,
- "SignerInfo have signed attributes "
+ "SignerInfo has signed attributes "
"but messageDigest (signature) "
"is missing");
- goto next_sigature;
+ goto next_signature;
}
if (attr->value.len != 1) {
ret = HX509_CRYPTO_SIGNATURE_MISSING;
hx509_set_error_string(context, 0, ret,
- "SignerInfo have more then one "
+ "SignerInfo has more than one "
"messageDigest (signature)");
- goto next_sigature;
+ goto next_signature;
}
ret = decode_MessageDigest(attr->value.val[0].data,
@@ -998,7 +998,7 @@ hx509_cms_verify_signed_ext(hx509_context context,
hx509_set_error_string(context, 0, ret,
"Failed to decode "
"messageDigest (signature)");
- goto next_sigature;
+ goto next_signature;
}
ret = _hx509_verify_signature(context,
@@ -1010,7 +1010,7 @@ hx509_cms_verify_signed_ext(hx509_context context,
if (ret) {
hx509_set_error_string(context, HX509_ERROR_APPEND, ret,
"Failed to verify messageDigest");
- goto next_sigature;
+ goto next_signature;
}
/*
@@ -1024,8 +1024,8 @@ hx509_cms_verify_signed_ext(hx509_context context,
if (attr->value.len != 1) {
ret = HX509_CMS_DATA_OID_MISMATCH;
hx509_set_error_string(context, 0, ret,
- "More then one oid in signedAttrs");
- goto next_sigature;
+ "More than one oid in signedAttrs");
+ goto next_signature;
}
ret = decode_ContentType(attr->value.val[0].data,
@@ -1036,7 +1036,7 @@ hx509_cms_verify_signed_ext(hx509_context context,
hx509_set_error_string(context, 0, ret,
"Failed to decode "
"oid in signedAttrs");
- goto next_sigature;
+ goto next_signature;
}
match_oid = &decode_oid;
}
@@ -1050,7 +1050,7 @@ hx509_cms_verify_signed_ext(hx509_context context,
if (match_oid == &decode_oid)
der_free_oid(&decode_oid);
hx509_clear_error_string(context);
- goto next_sigature;
--
Samba Shared Repository
