diff options
| -rw-r--r-- | src/encrypted_kdm.cc | 8 |
1 files changed, 6 insertions, 2 deletions
diff --git a/src/encrypted_kdm.cc b/src/encrypted_kdm.cc index 13a9eb05..207dff67 100644 --- a/src/encrypted_kdm.cc +++ b/src/encrypted_kdm.cc @@ -547,8 +547,12 @@ EncryptedKDM::EncryptedKDM ( /* Use the "assume trust" thumbprint */ kre.authorized_device_info.certificate_thumbprints.push_back ("2jmj7l5rSw0yVb/vlWAYkK/YBwk="); } else if (formulation == DCI_SPECIFIC) { - /* Use the recipient and other trusted device thumbprints */ - kre.authorized_device_info.certificate_thumbprints.push_back (recipient.thumbprint ()); + /* As I read the standard we should use the recipient + /and/ other trusted device thumbprints here. MJD + reports that this doesn't work with his setup; + a working KDM does not include the recipient's + thumbprint (recipient.thumbprint()). + */ BOOST_FOREACH (Certificate const & i, trusted_devices) { kre.authorized_device_info.certificate_thumbprints.push_back (i.thumbprint ()); } |