CVSROOT: /cvs Module name: src Changes by: t...@cvs.openbsd.org 2025/06/28 02:27:09
Modified files: usr.sbin/rpki-client: cert.c Log message: rpki-client: check purpose before parsing extensions Ensure that before we parse the cert extensions in full detail, we already know the certificate's purpose. This will soon be necessary for correctly parsing extensions for EE certs, which is currently quite lacking. Unfortunately, we don't know up front what kind of certificate we deal with since both BGPsec and CA certs are .cer files in .mft, so we get to parse basic constraints, key usage and extended key usage before we can know for sure. ok job