summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorClaudio Jeker <claudio@cvs.openbsd.org>2023-05-11 14:05:32 +0000
committerClaudio Jeker <claudio@cvs.openbsd.org>2023-05-11 14:05:32 +0000
commitcd41aaef74fc7825ca4908ccebacc5c5d862d1ef (patch)
treeee137527b99c1293533263550adabbcf65fb6dbc
parent40ff58319270da6a360eecfead6c22350d20e855 (diff)
In valid_cert() also skip the check for CERT_IP_INHERIT objects like
it is done for CERT_AS_INHERIT. Without this inheritance of IP address resources does not work. Problem noticed by Ties de Kock (tdekock (at) ripe.net) OK job@ tb@ benno@
-rw-r--r--usr.sbin/rpki-client/validate.c4
1 files changed, 3 insertions, 1 deletions
diff --git a/usr.sbin/rpki-client/validate.c b/usr.sbin/rpki-client/validate.c
index 7a8af6ef2b8..ef0bc7f58d6 100644
--- a/usr.sbin/rpki-client/validate.c
+++ b/usr.sbin/rpki-client/validate.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: validate.c,v 1.60 2023/05/09 10:34:32 tb Exp $ */
+/* $OpenBSD: validate.c,v 1.61 2023/05/11 14:05:31 claudio Exp $ */
/*
* Copyright (c) 2019 Kristaps Dzonsons <kristaps@bsd.lv>
*
@@ -152,6 +152,8 @@ valid_cert(const char *fn, struct auth *a, const struct cert *cert)
}
for (i = 0; i < cert->ipsz; i++) {
+ if (cert->ips[i].type == CERT_IP_INHERIT)
+ continue;
if (valid_ip(a, cert->ips[i].afi, cert->ips[i].min,
cert->ips[i].max))
continue;