artulab
projects / openbsd / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: b1d7ea0) | patch
rpki-client: if anything changed, choose the freshly-fetched TA
authortb <tb@openbsd.org>
Fri, 7 Jun 2024 13:24:35 +0000 (13:24 +0000)
committertb <tb@openbsd.org>
Fri, 7 Jun 2024 13:24:35 +0000 (13:24 +0000)
commit18165bc13c7966b229afd32897def7011e79b278
treeb5593bf173fa512c5c74de501a1e6821d56ade8dtree | snapshot
parentb1d7ea00e49d088a388bcbb38b3739b78420a468commit | diff
rpki-client: if anything changed, choose the freshly-fetched TA

Instead of just looking at the serial number it's easier to use X509_cmp().
This compares the certs' hashes computed during the extension caching. This
is currently SHA-512 for LibreSSL and SHA-1 for OpenSSL, which is good
enough. After all, the TA certs were signed by a trusted source and if you
choose to use OpenSSL this won't be the worst of your problems.

ok job
usr.sbin/rpki-client/parser.c diff | blob | history
OpenBSD src
by Ahmet Artu Yildirim