From a7153adc553831f62937e3026917d2378b602c48 Mon Sep 17 00:00:00 2001
From: tb <tb@openbsd.org>
Date: Sat, 4 Jun 2022 02:14:21 +0000
Subject: [PATCH] KNF nit

---
 usr.sbin/rpki-client/rsc.c | 9 +++++++--
 1 file changed, 7 insertions(+), 2 deletions(-)

diff --git a/usr.sbin/rpki-client/rsc.c b/usr.sbin/rpki-client/rsc.c
index c8baa236194..59280c65f33 100644
--- a/usr.sbin/rpki-client/rsc.c
+++ b/usr.sbin/rpki-client/rsc.c
@@ -1,4 +1,4 @@
-/*	$OpenBSD: rsc.c,v 1.8 2022/06/01 10:59:21 tb Exp $ */
+/*	$OpenBSD: rsc.c,v 1.9 2022/06/04 02:14:21 tb Exp $ */
 /*
  * Copyright (c) 2022 Theo Buehler <tb@openbsd.org>
  * Copyright (c) 2022 Job Snijders <job@fastly.com>
@@ -347,7 +347,7 @@ rsc_parse_econtent(const unsigned char *d, size_t dsz, struct parse *p)
 			goto out;
 		}
 
-		switch(rsc_version) {
+		switch (rsc_version) {
 		case 0:
 			warnx("%s: RSC: incorrect version encoding", p->fn);
 			goto out;
@@ -418,6 +418,11 @@ rsc_parse(X509 **x509, const char *fn, const unsigned char *der, size_t len)
 		goto out;
 	}
 
+	if (X509_get_ext_by_NID(*x509, NID_sinfo_access, -1) != -1) {
+		warnx("%s: EE certificate MUST NOT have SIA extension", fn);
+		goto out;
+	}
+
 	at = X509_get0_notAfter(*x509);
 	if (at == NULL) {
 		warnx("%s: X509_get0_notAfter failed", fn);
-- 
2.20.1