artulab
projects / openbsd / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: c091a50) | patch
Enforce X509v3 SKIs to be the SHA-1 hash of the Subject Public Key
authorjob <job@openbsd.org>
Mon, 6 Mar 2023 21:00:41 +0000 (21:00 +0000)
committerjob <job@openbsd.org>
Mon, 6 Mar 2023 21:00:41 +0000 (21:00 +0000)
commit548c1072a21ed37cc42d721f0843c257941a5937
tree16899127a556e8f3e8085db33bf42edb07255cb7tree | snapshot
parentc091a50e78e28633312fc899ee2f60dc8b927a3acommit | diff
Enforce X509v3 SKIs to be the SHA-1 hash of the Subject Public Key

In the RPKI-context (RFC 6487 section 4.8.2), SKIs are not at all
arbitary identifiers: they must be the SHA-1 hash of the
'Subject Public Key'. Add a SPK digest calculation and comparison
to the X509v3 extension containing the SKI.

OK tb@
usr.sbin/rpki-client/x509.c diff | blob | history
OpenBSD src
by Ahmet Artu Yildirim