Only public keys, with certificates signed by an existing
'trusted' key on the system trusted keyring, should be added
to a trusted keyring. This patch adds support for verifying
a certificate's signature.
This is derived from David Howells pkcs7_request_asymmetric_key() patch.
- on error free key - Dmitry
- validate trust only for not already trusted keys - Dmitry
- formatting cleanup
- define get_system_trusted_keyring() to fix kbuild issues
Signed-off-by: Mimi Zohar <email@example.com>
Signed-off-by: David Howells <firstname.lastname@example.org>
Acked-by: Dmitry Kasatkin <email@example.com>