From 7b62aa6fe7d073c85c8770398d0bd462a8a675de Mon Sep 17 00:00:00 2001 From: tb Date: Sat, 8 Jun 2024 13:34:59 +0000 Subject: [PATCH] Improve the check for is_ta in filemode Instead of checking for EXFLAG_SS use the more accurate information we already gathered. ok job --- usr.sbin/rpki-client/filemode.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/usr.sbin/rpki-client/filemode.c b/usr.sbin/rpki-client/filemode.c index 71dcc5c5342..689817c7c1b 100644 --- a/usr.sbin/rpki-client/filemode.c +++ b/usr.sbin/rpki-client/filemode.c @@ -1,4 +1,4 @@ -/* $OpenBSD: filemode.c,v 1.44 2024/06/08 13:31:38 tb Exp $ */ +/* $OpenBSD: filemode.c,v 1.45 2024/06/08 13:34:59 tb Exp $ */ /* * Copyright (c) 2019 Claudio Jeker * Copyright (c) 2019 Kristaps Dzonsons @@ -404,7 +404,7 @@ proc_parser_file(char *file, unsigned char *buf, size_t len) cert = cert_parse_pre(file, buf, len); if (cert == NULL) break; - is_ta = X509_get_extension_flags(cert->x509) & EXFLAG_SS; + is_ta = (cert->purpose == CERT_PURPOSE_TA); if (!is_ta) cert = cert_parse(file, cert); if (cert == NULL) -- 2.20.1