diff options
author | Theo Buehler <tb@cvs.openbsd.org> | 2024-06-08 13:31:39 +0000 |
---|---|---|
committer | Theo Buehler <tb@cvs.openbsd.org> | 2024-06-08 13:31:39 +0000 |
commit | 48b255b45801cb855d735efff59a007e02ca069c (patch) | |
tree | a5552f88334785c6af4f324345680c3f2e56de1c /usr.sbin/ldomctl | |
parent | 2474256db6c5b3ef3f42698511a2c94b167aaac1 (diff) |
Improve x509_get_purpose()
Instead of only differentiating between CA and BGPsec Router certs,
make it recognize TA and EE certs as well. TAs and CAs have the cA
boolean in the basic constraints, while EE and BGPsec router certs
do not.
TAs are self-signed, CAs not self-issued, all other certs with the
cA boolean are invalid. EE certs do not have an extended key usage
and BGPsec certs contain the id-kp-bgpsec-router OID.
Handle the new purposes where needed.
ok job
Diffstat (limited to 'usr.sbin/ldomctl')
0 files changed, 0 insertions, 0 deletions