match guard fix for rsapss

Signed-off-by: Isaac Matthews <[email protected]>
keylime · Nov 9, 2023 · 3355c69 · 3355c69
1 parent f1fe817
commit 3355c69
Showing 1 changed file with 2 additions and 2 deletions.
diff --git a/keylime-agent/src/crypto.rs b/keylime-agent/src/crypto.rs
@@ -94,7 +94,7 @@ pub(crate) fn check_x509_key(
     cert: &X509,
     tpm_key: tss_esapi::structures::Public,
 ) -> Result<bool> {
-    // Id:RSA_PSS only added in rust-openssl from v0.10.59
+    // Id:RSA_PSS only added in rust-openssl from v0.10.59; remove this let and use Id::RSA_PSS after update
     // Id taken from https://boringssl.googlesource.com/boringssl/+/refs/heads/master/include/openssl/nid.h#4039
     let id_rsa_pss: Id = Id::from_raw(912);
     match cert
@@ -114,7 +114,7 @@ pub(crate) fn check_x509_key(
 
             Ok(key_der_str.contains(&cert_n_str))
         }
-        id_rsa_pss => {
+        cert_id if cert_id == id_rsa_pss => {
             let cert_n =
                 cert.public_key().unwrap().rsa().unwrap().n().to_vec(); //#[allow_ci]
             let mut cert_n_str = format!("{:?}", cert_n);