artulab
projects / openbsd / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 05b5e63) | patch
rpki-client: fix and move more KU/EKU to x509_get_purpose()
authortb <tb@openbsd.org>
Mon, 10 Jun 2024 10:50:13 +0000 (10:50 +0000)
committertb <tb@openbsd.org>
Mon, 10 Jun 2024 10:50:13 +0000 (10:50 +0000)
commit36d6639c6eec0fb07a314b47dc572bf5a3144bbc
treec7a2bf6b41fceb9d190b1d27d98ea7dbdd93321dtree | snapshot
parent05b5e636eff28cdeb15bce5cf6c972a384512286commit | diff
rpki-client: fix and move more KU/EKU to x509_get_purpose()

Now all key usage and extended key usage handling is at the same place.
This fixes a bug for BGPsec Router certs where key usage was ignored.
Another omission that is fixed here is that criticality of the key usage
extension was not checked. Drop a comment about possible use of EKU that
was in the TA/CA code path but would only apply to EE certs.

ok claudio
usr.sbin/rpki-client/cert.c diff | blob | history
usr.sbin/rpki-client/x509.c diff | blob | history
OpenBSD src
by Ahmet Artu Yildirim