diff options
| author | Job Snijders <job@cvs.openbsd.org> | 2023-06-20 12:48:33 +0000 |
|---|---|---|
| committer | Job Snijders <job@cvs.openbsd.org> | 2023-06-20 12:48:33 +0000 |
| commit | a0b64124c0c7b31bb1c0bbf14f5e0a42d2c5ebe7 (patch) | |
| tree | ea10ea88d23a2ff053de253506b18c937ce76f50 | |
| parent | fcaee42f89b4f9c322fabd1c043b9af9766122ca (diff) | |
Ensure CRLs carry the correct version
OK tb@
| -rw-r--r-- | usr.sbin/rpki-client/crl.c | 7 |
1 files changed, 6 insertions, 1 deletions
diff --git a/usr.sbin/rpki-client/crl.c b/usr.sbin/rpki-client/crl.c index ad43e18fb68..bf9b19a62d6 100644 --- a/usr.sbin/rpki-client/crl.c +++ b/usr.sbin/rpki-client/crl.c @@ -1,4 +1,4 @@ -/* $OpenBSD: crl.c,v 1.25 2023/05/22 15:07:02 tb Exp $ */ +/* $OpenBSD: crl.c,v 1.26 2023/06/20 12:48:32 job Exp $ */ /* * Copyright (c) 2019 Kristaps Dzonsons <kristaps@bsd.lv> * @@ -51,6 +51,11 @@ crl_parse(const char *fn, const unsigned char *der, size_t len) goto out; } + if (X509_CRL_get_version(crl->x509_crl) != 1) { + warnx("%s: RFC 6487 section 5: version 2 expected", fn); + goto out; + } + X509_CRL_get0_signature(crl->x509_crl, NULL, &palg); if (palg == NULL) { cryptowarnx("%s: X509_CRL_get0_signature", fn); |