artulab
projects / openbsd / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: de5a631) | patch
rpki-client: disallow AIA in self-signed certs
authortb <tb@openbsd.org>
Tue, 14 Mar 2023 07:09:11 +0000 (07:09 +0000)
committertb <tb@openbsd.org>
Tue, 14 Mar 2023 07:09:11 +0000 (07:09 +0000)
commitf31ce3c9b2726c25a5697e4c398f48b203ad8788
tree9156819e44ed8ff35bd284a8431c5a307b778a8etree | snapshot
parentde5a631d41e67978c4ed3c75d2de6376caa7936acommit | diff
rpki-client: disallow AIA in self-signed certs

Per RFC 6487, 4.8.7, self-signed certificates must not have an Authority
Info Access extension. In normal operation this is ensured by ta_parse()
and cert_parse(), respectively. In filemode, only partial checks are
performed, so this is not guaranteed.

Issue flagged by and ok job
usr.sbin/rpki-client/x509.c diff | blob | history
OpenBSD src
by Ahmet Artu Yildirim