From: job <job@openbsd.org>
Date: Sat, 17 Jun 2023 04:46:11 +0000 (+0000)
Subject: Warn when CMS signing-time attribute is missing
X-Git-Url: http://artulab.com/gitweb/?a=commitdiff_plain;h=1bce4d342de120c2806b3391da80a1a27c14d9a9;p=openbsd

Warn when CMS signing-time attribute is missing

OK tb@
---

diff --git a/usr.sbin/rpki-client/cms.c b/usr.sbin/rpki-client/cms.c
index e78d2fb534e..3fa59592602 100644
--- a/usr.sbin/rpki-client/cms.c
+++ b/usr.sbin/rpki-client/cms.c
@@ -1,4 +1,4 @@
-/*	$OpenBSD: cms.c,v 1.35 2023/06/12 18:22:02 job Exp $ */
+/*	$OpenBSD: cms.c,v 1.36 2023/06/17 04:46:11 job Exp $ */
 /*
  * Copyright (c) 2019 Kristaps Dzonsons <kristaps@bsd.lv>
  *
@@ -225,6 +225,9 @@ cms_parse_validate_internal(X509 **xp, const char *fn, const unsigned char *der,
 	if (has_bst)
 		warnx("%s: unsupported CMS signing-time attribute", fn);
 
+	if (!has_st)
+		warnx("%s: missing CMS signing-time attribute", fn);
+
 	if (CMS_unsigned_get_attr_count(si) != -1) {
 		cryptowarnx("%s: RFC 6488: CMS has unsignedAttrs", fn);
 		goto out;