CVSROOT: /cvs Module name: src Changes by: [email protected] 2022/11/03 04:39:19
Modified files:
usr.sbin/rpki-client: cert.c
Log message:
Constrain KeyUsage and ExtendedKeyUsage on both CA & EE certificates
RFC 6487 section 4.8.4 restricts the KeyUsage extension on EE
certificates to only be digitalSignature.
RFC 6487 section 4.8.5 forbids the ExtendedKeyUsage extension from
appearing on CA certificates. However, this may change in the future
through the standardisation process.
OK tb@
