CVSROOT: /cvs
Module name: src
Changes by: t...@cvs.openbsd.org 2025/07/10 13:18:54
Modified files:
usr.sbin/rpki-client: cert.c
Log message:
rpki-client: check cert purpose up front
To validate the SPKI we need to know what kind of cert we have (BGPsec
router certs are a gift that keeps on giving), so doing the purpose
check at the start of the extension parsing is too late. Instead, do it
at the new entry point of our cert parsing, cert_parse_internal(), as
early as possible.
Pass in struct cert to cert_check_purpose(), so we can hang the determined
purpose off the cert rather than assigning it via the return value.
Simplify the function return to a boolean.
ok job
