swtpm_cert: Fix broken certificate verification

The certificate chain could not be verified due to a wrong
API call for getting the authority key id where the key id
was gotten instead.

Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>

diff --git a/src/swtpm_cert/ek-cert.c b/src/swtpm_cert/ek-cert.c
index b8e9dab45c88ba61e31e0526ce5c93b9cc2fc28e..f2b456d7a79e7d0d7f0c4902a34cd0e28f101dd9 100644 (file)
--- a/src/swtpm_cert/ek-cert.c
+++ b/src/swtpm_cert/ek-cert.c
@@ -902,7 +902,7 @@ if (_err != GNUTLS_E_SUCCESS) {             \
     /* 3.5.11 Subject Directory Attributes -- missing */
 
     /* 3.5.12 Authority Key Id */
-    err = gnutls_x509_crt_get_key_id(sigcert, 0, id, &id_size);
+    err = gnutls_x509_crt_get_authority_key_id(sigcert, id, &id_size, NULL);
     if (err == GNUTLS_E_SUCCESS && id_size > 0) {
         err = gnutls_x509_crt_set_authority_key_id(crt, id, id_size);
         CHECK_GNUTLS_ERROR(err, "Could not set the authority key id: %s\n",