CVSROOT: /cvs
Module name: src
Changes by: be...@cvs.openbsd.org 2019/11/27 20:22:59
Modified files:
usr.sbin/rpki-client: cert.c crl.c extern.h main.c x509.c
Log message:
To verify a manifest, a roa, or a certificate, we check its signature
against the CA one layer above it. This check just needs to use the
certificate revocation list published by that CA.
Instead of loading all CRLs we find into the trust store, we create a
STACK_OF(X509_CRL), push the onto it and use it with
X509_STORE_CTX_set0_crls(ctx, crls);
The x509_get_crl() function to retrieve a crl path from an X509 object
is written by claudio@.
ok claudio@
