artulab
projects / openbsd / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 24ad82f) | patch
rpki-client: reject certs with unexpected SIA accessMethods
authortb <tb@openbsd.org>
Tue, 4 Jun 2024 14:10:53 +0000 (14:10 +0000)
committertb <tb@openbsd.org>
Tue, 4 Jun 2024 14:10:53 +0000 (14:10 +0000)
commit78268cf82339967be4573ca1c53c04816d2ee01c
treecb5511bf34ff002d82096d7206775e0f3fbcc49atree | snapshot
parent24ad82f48b9bde5d99f106561b43b3d824d534d2commit | diff
rpki-client: reject certs with unexpected SIA accessMethods

RFC 6487, section 4.8.8.1 only lists caRepository and rpkiManifest, and
RFC 8182 added rpkiNotify for RRDP. All other access methods (which would
be children of id-ad), are not allowed and do not really make sense here.

ok claudio
usr.sbin/rpki-client/cert.c diff | blob | history
OpenBSD src
by Ahmet Artu Yildirim