CVSROOT: /cvs
Module name: src
Changes by: t...@cvs.openbsd.org 2025/07/20 01:48:31
Modified files:
usr.sbin/rpki-client: aspa.c extern.h filemode.c gbr.c geofeed.c
parser.c print.c roa.c rsc.c spl.c tak.c
Log message:
rpki-client: remove copies of cert data from signed objects
Stop copying AIA, AKI, SIA, SKI, notBefore and notAfter into the signed
objects. Adjust the parser process to use the data from the cert instead
of the copies. Annotate missing expiry handling for gbr and tak. Handling
of manifests is a bit different and will be done in a separate step.
This is a layer violation that was made early on and is needed only for
file mode nowadays. For normal runs it led to pushing quite a bit of
unnecessary data across the pipes.
Now that file mode has direct access to the parsed EE cert corresponding
to a signed object, this data is available without the need for copying,
so all this complexity can go away without real cost for file mode. Only
the printing functions need a slight adjustment. The parsing of the EE
certificate also ensures the presence of all these fields, so no checks
are lost.
ok job
