From 2e5628f8804d4f4fc01547995ef12120a52bf8c5 Mon Sep 17 00:00:00 2001 From: tb Date: Mon, 8 Jul 2024 15:31:58 +0000 Subject: [PATCH] Ensure that the rpkiManifest is a file in the caRepository discussed with jca and job ok claudio --- usr.sbin/rpki-client/cert.c | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/usr.sbin/rpki-client/cert.c b/usr.sbin/rpki-client/cert.c index 44a2eea36f7..6d6d6efda32 100644 --- a/usr.sbin/rpki-client/cert.c +++ b/usr.sbin/rpki-client/cert.c @@ -1,4 +1,4 @@ -/* $OpenBSD: cert.c,v 1.149 2024/07/08 15:31:11 tb Exp $ */ +/* $OpenBSD: cert.c,v 1.150 2024/07/08 15:31:58 tb Exp $ */ /* * Copyright (c) 2022 Theo Buehler * Copyright (c) 2021 Job Snijders @@ -615,7 +615,8 @@ sbgp_sia(const char *fn, struct cert *cert, X509_EXTENSION *ext) goto out; } - if (strstr(cert->mft, cert->repo) != cert->mft) { + if (strstr(cert->mft, cert->repo) != cert->mft || + cert->mft + strlen(cert->repo) != mftfilename) { warnx("%s: RFC 6487 section 4.8.8: SIA: " "conflicting URIs for caRepository and rpkiManifest", fn); goto out; -- 2.20.1