diff options
author | Claudio Jeker <claudio@cvs.openbsd.org> | 2024-05-20 15:51:44 +0000 |
---|---|---|
committer | Claudio Jeker <claudio@cvs.openbsd.org> | 2024-05-20 15:51:44 +0000 |
commit | a4a26d1667c36dbf9f93b1ac0d9023fe500b6a09 (patch) | |
tree | 469c03e4c1392b7a8cccf9794ac626588cff0549 /include/ftw.h | |
parent | 430afa57740c88145d912ebd5e605ebf738485d1 (diff) |
Instead of tracking certificates by SKI track them by an internal identifier.
The certificate SKI is not strictly unique so using it as a unique id is
problematic. It is also not really needed to do that since in theory we
already know the path (but this got lost in the privsep communication).
So add a cert id and pass this id back and forth between main process and
the parser. With this id we can lookup the authentication chain in the
parser and this even works with multiple paths to the same resource.
Since we no longer lookup by SKI the valid_aki_ski function is replaced
by find_issuer() which does the lookup by certid.
The loop protection is now extended to allow each TAL to reach each file
once but still triggers if a file is reaccessed by the tree of a TAL.
In filemode the lookup now uses an AIA uri based lookup tree. Again this
replaces the SKI based lookups from before.
Done together with tb@
OK tb@ job@
Diffstat (limited to 'include/ftw.h')
0 files changed, 0 insertions, 0 deletions