-/* $OpenBSD: cert.c,v 1.85 2022/08/19 12:45:53 tb Exp $ */
+/* $OpenBSD: cert.c,v 1.86 2022/09/03 13:01:43 tb Exp $ */
/*
* Copyright (c) 2022 Theo Buehler <tb@openbsd.org>
* Copyright (c) 2021 Job Snijders <job@openbsd.org>
p.fn);
goto out;
}
+ for (i = 0; i < p.res->asz; i++) {
+ if (p.res->as[i].type == CERT_AS_INHERIT) {
+ warnx("%s: inherited AS numbers in BGPsec cert",
+ p.fn);
+ goto out;
+ }
+ }
if (sia_present) {
warnx("%s: unexpected SIA extension in BGPsec cert",
p.fn);
-/* $OpenBSD: validate.c,v 1.42 2022/08/30 18:56:49 job Exp $ */
+/* $OpenBSD: validate.c,v 1.43 2022/09/03 13:01:43 tb Exp $ */
/*
* Copyright (c) 2019 Kristaps Dzonsons <kristaps@bsd.lv>
*
char buf1[64], buf2[64];
for (i = 0; i < cert->asz; i++) {
- if (cert->as[i].type == CERT_AS_INHERIT) {
- if (cert->purpose == CERT_PURPOSE_BGPSEC_ROUTER)
- return 0; /* BGPsec doesn't permit inheriting */
+ if (cert->as[i].type == CERT_AS_INHERIT)
continue;
- }
min = cert->as[i].type == CERT_AS_ID ?
cert->as[i].id : cert->as[i].range.min;
max = cert->as[i].type == CERT_AS_ID ?
projects / openbsd / commitdiff