artulab
projects / openbsd / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 2666065) | patch
rpki-client: check for duplicate certificate extensions
authortb <tb@openbsd.org>
Fri, 23 Jun 2023 07:40:28 +0000 (07:40 +0000)
committertb <tb@openbsd.org>
Fri, 23 Jun 2023 07:40:28 +0000 (07:40 +0000)
commit76281e496c3671bb6099f1e9ed1300009eb705f9
tree78879be927ed739ae7ac160e155a43e9ff58822atree | snapshot
parent26660650b9a0e3e3ff15ad045e8981d12325e03acommit | diff
rpki-client: check for duplicate certificate extensions

RFC 5280 disallows multiple extensions with the same OID. Since libcrypto
does not check that currently, do this by hand. This only deals with CA
certs for now, EE certs could do that similarly.

Found with BBN test corpora

ok job
usr.sbin/rpki-client/cert.c diff | blob | history
OpenBSD src
by Ahmet Artu Yildirim