CVSROOT: /cvs
Module name: src
Changes by: j...@cvs.openbsd.org 2021/06/14 06:08:50
Modified files:
usr.sbin/rpki-client: roa.c mft.c
Log message:
Fix ROA & MFT version check handling
This check was incomplete: to correctly verify the ASN1 INTEGER holding
the version component, first the context specific explicit tag would need
to be checked.
However, the X.690 spec (section 11.5) states that if the one should not
encode a component if it is the default value. There are no RFCs specifying
new versions of ROA or MFT, so checking the content of the version component
should be skipped entirely.
Thus if the version component is present, something is wrong.
