sbverify: fix verification with intermediate certificates
sbverify is currently failing if an intermediate certificate is added
on signing but the binary is verified with the singing certificate.
It fails with X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY.
This is happening because the x509_STORE only contains the signing
certificate but the pkcs7 bundle in the binary contains the issuer
certificate as well. Fix this by unconditionally approving any
locally missing certificates on verify.
Signed-off-by: James Bottomley <James.Bottomley@HansenPartnership.com>
1 file changed