CVSROOT: /cvs
Module name: src
Changes by: clau...@cvs.openbsd.org 2021/10/07 02:36:17
Modified files:
usr.sbin/rpki-client: parser.c
Log message:
Rework X509 verification a bit. Remove the store and instead pass in
the chain for certificates via X509_STORE_CTX_set0_trusted_stack().
To make this work alter build_chains() to also return the root TA.
Factor out get_crl() from build_crls() and use it to fetch the crl
when validating roas. The crl now sets its expire time in struct crl
and this can be used to set the expire time of a ROA entry.
This simplifies proc_parser_roa() a fair bit and results in less calls
to mktime() (which is a surprisingly complex function).
OK tb@
