artulab
projects / openbsd / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 33bec48) | patch
rpki-client: only allow a single rpkiNotify SIA accessMethod
authortb <tb@openbsd.org>
Tue, 4 Jun 2024 14:07:10 +0000 (14:07 +0000)
committertb <tb@openbsd.org>
Tue, 4 Jun 2024 14:07:10 +0000 (14:07 +0000)
commit24ad82f48b9bde5d99f106561b43b3d824d534d2
tree494bc0f1ba93fd67f0c489fe910794862600108etree | snapshot
parent33bec4867d5f5b70e9d49054138dd2d132aa862fcommit | diff
rpki-client: only allow a single rpkiNotify SIA accessMethod

RFC 8182, section 3.2 is not super explicit about it, but there should
only be one rpkiNotify accessMethod, and it should contain a location
with a URI of type https. Check this and reject certs that contain more
than one.

ok claudio
usr.sbin/rpki-client/cert.c diff | blob | history
OpenBSD src
by Ahmet Artu Yildirim