From b3614c081792e3c13aa9f68aefa1db8e0654746d Mon Sep 17 00:00:00 2001 From: job Date: Mon, 12 Jun 2023 18:22:02 +0000 Subject: [PATCH] Downgrade CMS signing-time being after notAfter to a warning Feedback from Ties, Ben OK tb@ --- usr.sbin/rpki-client/cms.c | 6 ++---- 1 file changed, 2 insertions(+), 4 deletions(-) diff --git a/usr.sbin/rpki-client/cms.c b/usr.sbin/rpki-client/cms.c index eb8a2016596..e78d2fb534e 100644 --- a/usr.sbin/rpki-client/cms.c +++ b/usr.sbin/rpki-client/cms.c @@ -1,4 +1,4 @@ -/* $OpenBSD: cms.c,v 1.34 2023/05/30 11:09:08 tb Exp $ */ +/* $OpenBSD: cms.c,v 1.35 2023/06/12 18:22:02 job Exp $ */ /* * Copyright (c) 2019 Kristaps Dzonsons * @@ -315,11 +315,9 @@ cms_parse_validate_internal(X509 **xp, const char *fn, const unsigned char *der, if (!x509_get_notafter(*xp, fn, ¬after)) goto out; - if (*signtime > notafter) { + if (*signtime > notafter) warnx("%s: dating issue: CMS signing-time after X.509 notAfter", fn); - goto out; - } if (CMS_SignerInfo_get0_signer_id(si, &kid, NULL, NULL) != 1 || kid == NULL) { -- 2.20.1