artulab
projects / openbsd / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: f409a94) | patch
rpki-client: explicitly enable policy checks
authortb <tb@openbsd.org>
Wed, 18 Jan 2023 00:27:10 +0000 (00:27 +0000)
committertb <tb@openbsd.org>
Wed, 18 Jan 2023 00:27:10 +0000 (00:27 +0000)
commitbc7ae01a57de1d9f7a00f00e5ac4aff08735613b
treecf588e6d9daa2b33405ad27bcb1fe4d8a7fd12fctree | snapshot
parentf409a94a6906a3bea00c67b68b748e0912bf767ccommit | diff
rpki-client: explicitly enable policy checks

In x509_verify.c r1.62, beck disabled policy checks by default in the new
X.509 verifier to match the behavior of the legacy validator and OpenSSL.
In order to keep policy checks as mandated by RFC 7318, we need to opt
into them explicitly.

ok beck
usr.sbin/rpki-client/validate.c diff | blob | history
OpenBSD src
by Ahmet Artu Yildirim