summaryrefslogtreecommitdiff
path: root/usr.sbin/ldomctl
diff options
context:
space:
mode:
authorTheo Buehler <tb@cvs.openbsd.org>2024-06-08 13:31:39 +0000
committerTheo Buehler <tb@cvs.openbsd.org>2024-06-08 13:31:39 +0000
commit48b255b45801cb855d735efff59a007e02ca069c (patch)
treea5552f88334785c6af4f324345680c3f2e56de1c /usr.sbin/ldomctl
parent2474256db6c5b3ef3f42698511a2c94b167aaac1 (diff)
Improve x509_get_purpose()
Instead of only differentiating between CA and BGPsec Router certs, make it recognize TA and EE certs as well. TAs and CAs have the cA boolean in the basic constraints, while EE and BGPsec router certs do not. TAs are self-signed, CAs not self-issued, all other certs with the cA boolean are invalid. EE certs do not have an extended key usage and BGPsec certs contain the id-kp-bgpsec-router OID. Handle the new purposes where needed. ok job
Diffstat (limited to 'usr.sbin/ldomctl')
0 files changed, 0 insertions, 0 deletions