On 04/18/2017 07:24 PM, Mat Martineau wrote:
Now that the restricted keyring patches have been applied to
and are on track for the v4.12 merge window, ELL needs to be updated for
the final API.
There are two significant changes from the previous API:
1. Key restrictions are now applied in a separate step after a keyring
is created, not at creation time.
2. The first key added to an empty, "chain" restricted keyring no longer
bypasses the signature check.
The latter required a change to l_keyring_new() so that the root key
could be added to a keyring after it is created but before it is
restricted. There's a new l_keyring_restrict() function to restrict an
ell/key.c | 76 ++++++++++++++++++++++++++++++++++++++++-----------------------
ell/key.h | 13 ++++++-----
ell/tls.c | 48 ++++++++++++++++++++++++++++++++++------
3 files changed, 96 insertions(+), 41 deletions(-)
All applied, thanks.