From ea3b483624bee29ee21ef9b26b7d668633ae0c1a Mon Sep 17 00:00:00 2001 From: claudio Date: Thu, 11 May 2023 14:05:31 +0000 Subject: [PATCH] In valid_cert() also skip the check for CERT_IP_INHERIT objects like it is done for CERT_AS_INHERIT. Without this inheritance of IP address resources does not work. Problem noticed by Ties de Kock (tdekock (at) ripe.net) OK job@ tb@ benno@ --- usr.sbin/rpki-client/validate.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/usr.sbin/rpki-client/validate.c b/usr.sbin/rpki-client/validate.c index 7a8af6ef2b8..ef0bc7f58d6 100644 --- a/usr.sbin/rpki-client/validate.c +++ b/usr.sbin/rpki-client/validate.c @@ -1,4 +1,4 @@ -/* $OpenBSD: validate.c,v 1.60 2023/05/09 10:34:32 tb Exp $ */ +/* $OpenBSD: validate.c,v 1.61 2023/05/11 14:05:31 claudio Exp $ */ /* * Copyright (c) 2019 Kristaps Dzonsons * @@ -152,6 +152,8 @@ valid_cert(const char *fn, struct auth *a, const struct cert *cert) } for (i = 0; i < cert->ipsz; i++) { + if (cert->ips[i].type == CERT_IP_INHERIT) + continue; if (valid_ip(a, cert->ips[i].afi, cert->ips[i].min, cert->ips[i].max)) continue; -- 2.20.1