artulab
projects / openbsd / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 7793203) | patch
Improve CRL extension checking
authortb <tb@openbsd.org>
Thu, 16 Nov 2023 11:17:52 +0000 (11:17 +0000)
committertb <tb@openbsd.org>
Thu, 16 Nov 2023 11:17:52 +0000 (11:17 +0000)
commit4b65a0852354f4df9b135db521d0e5a932e410d1
treef1bf21d2e768bf7a705415ee3fe32b8dd9f3ea7btree | snapshot
parent7793203b0d96fb398f56b84dc63d1b5f7c9d0765commit | diff
Improve CRL extension checking

RFC 6487 section 5 requires AKI and CRL Number and no other numbers to be
present in a CRL. We only checked for AKI and ignored other extensions.

Pointed out by Haya Schulmann et al

ok claudio
usr.sbin/rpki-client/crl.c diff | blob | history
OpenBSD src
by Ahmet Artu Yildirim