CVSROOT: /cvs
Module name: src
Changes by: t...@cvs.openbsd.org 2025/07/15 01:23:39
Modified files:
usr.sbin/rpki-client: cert.c extern.h filemode.c parser.c
Log message:
rpki-client: merge cert_parse() and cert_parse_pre()
The split between cert_parse_pre() and cert_parse() is no longer
meaningful, really.
cert_parse_pre() has checks depending on the purpose which are now
all part of cert_parse_extensions() except for the check that a cert
coming through here is not supposed to be an EE cert, which I kept.
cert_parse() itself only has some checks on extensions which are done
as part of cert_parse_extensions() already, so it can go away.
For TA certs we could not call cert_parse() previously because of
AIA, CRLDP and SKI vs AKI, which we now handle depending on purpose
in cert_parse_extensions(), so this limiattion is now gone. We don't
call cert_parse() or cert_parse_internal() directly from ta_parse()
since that complicates filemode and doesn't provide a big benefit.
ok job
