diff options
| author | Theo Buehler <tb@cvs.openbsd.org> | 2024-07-08 15:31:59 +0000 |
|---|---|---|
| committer | Theo Buehler <tb@cvs.openbsd.org> | 2024-07-08 15:31:59 +0000 |
| commit | 453021bdeb8a8eda10ebe0205081fd4c42345a7c (patch) | |
| tree | b50da17b870df9628e61b9707230f7f4a1a2e842 | |
| parent | 1fa0c513275d7f7dc3172513223e8ecd4ece0d1e (diff) | |
Ensure that the rpkiManifest is a file in the caRepository
discussed with jca and job
ok claudio
| -rw-r--r-- | usr.sbin/rpki-client/cert.c | 5 |
1 files changed, 3 insertions, 2 deletions
diff --git a/usr.sbin/rpki-client/cert.c b/usr.sbin/rpki-client/cert.c index 44a2eea36f7..6d6d6efda32 100644 --- a/usr.sbin/rpki-client/cert.c +++ b/usr.sbin/rpki-client/cert.c @@ -1,4 +1,4 @@ -/* $OpenBSD: cert.c,v 1.149 2024/07/08 15:31:11 tb Exp $ */ +/* $OpenBSD: cert.c,v 1.150 2024/07/08 15:31:58 tb Exp $ */ /* * Copyright (c) 2022 Theo Buehler <tb@openbsd.org> * Copyright (c) 2021 Job Snijders <job@openbsd.org> @@ -615,7 +615,8 @@ sbgp_sia(const char *fn, struct cert *cert, X509_EXTENSION *ext) goto out; } - if (strstr(cert->mft, cert->repo) != cert->mft) { + if (strstr(cert->mft, cert->repo) != cert->mft || + cert->mft + strlen(cert->repo) != mftfilename) { warnx("%s: RFC 6487 section 4.8.8: SIA: " "conflicting URIs for caRepository and rpkiManifest", fn); goto out; |