From 2cd211bcc612ad8cb99c778461ca02a9f3e5e44b Mon Sep 17 00:00:00 2001
From: David Michael <david.michael@coreos.com>
Date: Thu, 16 Feb 2017 15:08:30 -0800
Subject: [PATCH 08/29] pesigcheck: Verify with the cert as an object signer

---
 src/certdb.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/certdb.c b/src/certdb.c
index 2a08042..b7c99bb 100644
--- a/src/certdb.c
+++ b/src/certdb.c
@@ -339,7 +339,7 @@ check_cert(pesigcheck_context *ctx, SECItem *sig, efi_guid_t *sigtype,
 	}
 	/* Verify the signature */
 	result = SEC_PKCS7VerifyDetachedSignatureAtTime(cinfo,
-						certUsageSSLServer,
+						certUsageObjectSigner,
 						digest, HASH_AlgSHA256,
 						PR_FALSE, atTime);
 	if (!result) {
-- 
2.13.4