From 41c63c605608f8248d74c41be1af585c0072afde Mon Sep 17 00:00:00 2001
From: tb <tb@openbsd.org>
Date: Fri, 4 Feb 2022 16:08:53 +0000
Subject: [PATCH] Add id-cp-ipAddr-asNumber OID to x509_init_oid()

Unfortunately, NID_ipAddr_asNumber is not available in LibreSSL < 3.3
and OpenSSL, so load its OID by hand to help -portable. This will be
used for certificate policy checks.

ok claudio
---
 usr.sbin/rpki-client/x509.c | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/usr.sbin/rpki-client/x509.c b/usr.sbin/rpki-client/x509.c
index 9ba84544b63..0899e0df382 100644
--- a/usr.sbin/rpki-client/x509.c
+++ b/usr.sbin/rpki-client/x509.c
@@ -1,4 +1,4 @@
-/*	$OpenBSD: x509.c,v 1.33 2022/02/02 12:10:40 tb Exp $ */
+/*	$OpenBSD: x509.c,v 1.34 2022/02/04 16:08:53 tb Exp $ */
 /*
  * Copyright (c) 2021 Claudio Jeker <claudio@openbsd.org>
  * Copyright (c) 2019 Kristaps Dzonsons <kristaps@bsd.lv>
@@ -30,6 +30,7 @@
 
 #include "extern.h"
 
+ASN1_OBJECT	*certpol_oid;	/* id-cp-ipAddr-asNumber cert policy */
 ASN1_OBJECT	*carepo_oid;	/* 1.3.6.1.5.5.7.48.5 (caRepository) */
 ASN1_OBJECT	*manifest_oid;	/* 1.3.6.1.5.5.7.48.10 (rpkiManifest) */
 ASN1_OBJECT	*notify_oid;	/* 1.3.6.1.5.5.7.48.13 (rpkiNotify) */
@@ -42,6 +43,8 @@ void
 x509_init_oid(void)
 {
 
+	if ((certpol_oid = OBJ_txt2obj("1.3.6.1.5.5.7.14.2", 1)) == NULL)
+		errx(1, "OBJ_txt2obj for %s failed", "1.3.6.1.5.5.7.14.2");
 	if ((carepo_oid = OBJ_txt2obj("1.3.6.1.5.5.7.48.5", 1)) == NULL)
 		errx(1, "OBJ_txt2obj for %s failed", "1.3.6.1.5.5.7.48.5");
 	if ((manifest_oid = OBJ_txt2obj("1.3.6.1.5.5.7.48.10", 1)) == NULL)
-- 
2.20.1