diff options
author | Claudio Jeker <claudio@cvs.openbsd.org> | 2023-05-11 14:05:32 +0000 |
---|---|---|
committer | Claudio Jeker <claudio@cvs.openbsd.org> | 2023-05-11 14:05:32 +0000 |
commit | cd41aaef74fc7825ca4908ccebacc5c5d862d1ef (patch) | |
tree | ee137527b99c1293533263550adabbcf65fb6dbc | |
parent | 40ff58319270da6a360eecfead6c22350d20e855 (diff) |
In valid_cert() also skip the check for CERT_IP_INHERIT objects like
it is done for CERT_AS_INHERIT.
Without this inheritance of IP address resources does not work. Problem
noticed by Ties de Kock (tdekock (at) ripe.net)
OK job@ tb@ benno@
-rw-r--r-- | usr.sbin/rpki-client/validate.c | 4 |
1 files changed, 3 insertions, 1 deletions
diff --git a/usr.sbin/rpki-client/validate.c b/usr.sbin/rpki-client/validate.c index 7a8af6ef2b8..ef0bc7f58d6 100644 --- a/usr.sbin/rpki-client/validate.c +++ b/usr.sbin/rpki-client/validate.c @@ -1,4 +1,4 @@ -/* $OpenBSD: validate.c,v 1.60 2023/05/09 10:34:32 tb Exp $ */ +/* $OpenBSD: validate.c,v 1.61 2023/05/11 14:05:31 claudio Exp $ */ /* * Copyright (c) 2019 Kristaps Dzonsons <kristaps@bsd.lv> * @@ -152,6 +152,8 @@ valid_cert(const char *fn, struct auth *a, const struct cert *cert) } for (i = 0; i < cert->ipsz; i++) { + if (cert->ips[i].type == CERT_IP_INHERIT) + continue; if (valid_ip(a, cert->ips[i].afi, cert->ips[i].min, cert->ips[i].max)) continue; |