Downgrade CMS signing-time being after notAfter to a warning

author job <job@openbsd.org>

Mon, 12 Jun 2023 18:22:02 +0000 (18:22 +0000)

committer job <job@openbsd.org>

Mon, 12 Jun 2023 18:22:02 +0000 (18:22 +0000)
author job <job@openbsd.org>
Mon, 12 Jun 2023 18:22:02 +0000 (18:22 +0000)
committer job <job@openbsd.org>
Mon, 12 Jun 2023 18:22:02 +0000 (18:22 +0000)
diff --git a/usr.sbin/rpki-client/cms.c b/usr.sbin/rpki-client/cms.c

index eb8a201..e78d2fb 100644 (file)
--- a/usr.sbin/rpki-client/cms.c
+++ b/usr.sbin/rpki-client/cms.c
@@ -1,4 +1,4 @@
-/*     $OpenBSD: cms.c,v 1.34 2023/05/30 11:09:08 tb Exp $ */
+/*     $OpenBSD: cms.c,v 1.35 2023/06/12 18:22:02 job Exp $ */
  /*
   * Copyright (c) 2019 Kristaps Dzonsons <kristaps@bsd.lv>
   *
@@ -315,11 +315,9 @@ cms_parse_validate_internal(X509 **xp, const char *fn, const unsigned char *der,
  
         if (!x509_get_notafter(*xp, fn, &notafter))
                 goto out;
-       if (*signtime > notafter) {
+       if (*signtime > notafter)
                 warnx("%s: dating issue: CMS signing-time after X.509 notAfter",
                     fn);
-               goto out;
-       }
  
         if (CMS_SignerInfo_get0_signer_id(si, &kid, NULL, NULL) != 1 ||
             kid == NULL) {
author	job <job@openbsd.org>
	Mon, 12 Jun 2023 18:22:02 +0000 (18:22 +0000)
committer	job <job@openbsd.org>
	Mon, 12 Jun 2023 18:22:02 +0000 (18:22 +0000)