CVSROOT: /cvs
Module name: src
Changes by: t...@cvs.openbsd.org 2025/07/02 05:23:25
Modified files:
usr.sbin/rpki-client: cert.c
Log message:
rpki-client: add an X509 reference to cert early on
In order to deal with SKI and AKI, it's cleaner to have the libcrypto
cert available in struct cert when parsing them so that the extension
handlers can all have the same signature. Hoisting the assignment up
in cert_parse_ee_cert() for this is very simple.
In cert_parse_pre() we own the X509 from the start, so we take an extra
reference which we must release before exit. In the error path there's
an X509_free() and cert_free() releases the extra reference.
Again this will become a bit simpler in a few more steps.
ok job
