CVSROOT: /cvs
Module name: src
Changes by: t...@cvs.openbsd.org 2025/07/04 10:22:07
Modified files:
usr.sbin/rpki-client: cert.c
Log message:
rpki-client: introduce cert_parse_internal()
End entity certificates have been checked only in a rather minimalistic
way for no good reason. A certificate is a certificate and while there
are some differences in the details of the extensions, there should only
be a single parsing function. Factor some checks for CA/TA certificates
into helpers and handle the logic in such a way that it can be read next
to RFC 6487 and checked for completeness. Some items are left for later.
input/ok job
