[shibboleth-sp2] 02/119: Relax use restriction on signing keys to match expected 2.0 rules.

[Ferenc Wágner]

This is an automated email from the git hooks/post-receive script.

wferi-guest pushed a commit to annotated tag 1.3.1
in repository shibboleth-sp2.

commit 3045d554d746403fe6e9ecd6e1ca44b3c62b236a
Author: Scott Cantor <cantor.2 at osu.edu>
Date:   Wed Dec 13 18:10:39 2006 +0000

    Relax use restriction on signing keys to match expected 2.0 rules.
---
 shib/ShibbolethTrust.cpp | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/shib/ShibbolethTrust.cpp b/shib/ShibbolethTrust.cpp
index 5c686b7..0bfd4b6 100644
--- a/shib/ShibbolethTrust.cpp
+++ b/shib/ShibbolethTrust.cpp
@@ -278,7 +278,7 @@ bool ShibbolethTrust::validate(void* certEE, const Iterator<void*>& certChain, c
         Iterator<const IKeyDescriptor*> kd_i=role->getKeyDescriptors();
         while (kd_i.hasNext()) {
             const IKeyDescriptor* kd=kd_i.next();
-            if (kd->getUse()!=IKeyDescriptor::signing)
+            if (kd->getUse()==IKeyDescriptor::encryption)
                 continue;
             DSIGKeyInfoList* KIL=kd->getKeyInfo();
             if (!KIL)

-- 
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/pkg-shibboleth/shibboleth-sp2.git