CVSROOT: /cvs
Module name: src
Changes by: t...@cvs.openbsd.org 2025/06/28 02:27:09
Modified files:
usr.sbin/rpki-client: cert.c
Log message:
rpki-client: check purpose before parsing extensions
Ensure that before we parse the cert extensions in full detail, we
already know the certificate's purpose. This will soon be necessary
for correctly parsing extensions for EE certs, which is currently
quite lacking.
Unfortunately, we don't know up front what kind of certificate we
deal with since both BGPsec and CA certs are .cer files in .mft, so
we get to parse basic constraints, key usage and extended key usage
before we can know for sure.
ok job
