artulab
projects / openbsd / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 3e8d4b7) | patch
Improve x509_get_purpose()
authortb <tb@openbsd.org>
Sat, 8 Jun 2024 13:31:37 +0000 (13:31 +0000)
committertb <tb@openbsd.org>
Sat, 8 Jun 2024 13:31:37 +0000 (13:31 +0000)
commiteb6f3761ff01eb013de5d1be31161006320d32a2
tree45d624843ad20fe551b27ccacba5bc641cdaa0bctree | snapshot
parent3e8d4b7d11b7f3c38b1f4a7e16e6df3072397025commit | diff
Improve x509_get_purpose()

Instead of only differentiating between CA and BGPsec Router certs,
make it recognize TA and EE certs as well. TAs and CAs have the cA
boolean in the basic constraints, while EE and BGPsec router certs
do not.

TAs are self-signed, CAs not self-issued, all other certs with the
cA boolean are invalid. EE certs do not have an extended key usage
and BGPsec certs contain the id-kp-bgpsec-router OID.

Handle the new purposes where needed.
                                                                                                    ok job
usr.sbin/rpki-client/cert.c diff | blob | history
usr.sbin/rpki-client/filemode.c diff | blob | history
usr.sbin/rpki-client/main.c diff | blob | history
usr.sbin/rpki-client/x509.c diff | blob | history
OpenBSD src
by Ahmet Artu Yildirim