commit | 1c380ab9c5d55b5ace5ebefe6969e64d8259c970 | [log] [tgz] |
---|---|---|
author | Kenny Root <kroot@google.com> | Wed Jun 10 15:51:41 2015 -0700 |
committer | Kenny Root <kroot@google.com> | Wed Jun 10 16:12:17 2015 -0700 |
tree | 183b77cabf6e4ddefd819f855d3413cba2646628 | |
parent | 0d5d3541c94c2fc81d1668bb6b0f4e2d3a666746 [diff] |
Do not blacklist serial numbers that are too short Baseline Requirements say the serial number must have 20-bits of entropy, but some certificates are issued not in compliance. This causes issues where they are falsely marked as blacklisted. Until there is issuer + serial number matching, we can just use the pubkey matching for the certificates that are blacklisted with non-compliant serial numbers. Bug: 21736046 Change-Id: I66b1e94f2c67ddd3b6fe690331f8fb12e16a8bc0