diff options
| author | Job Snijders <job@cvs.openbsd.org> | 2022-08-30 18:56:50 +0000 |
|---|---|---|
| committer | Job Snijders <job@cvs.openbsd.org> | 2022-08-30 18:56:50 +0000 |
| commit | 975df0051921999deb5f9ec410f0c48df8270c15 (patch) | |
| tree | b7abb2c9c6cd453d07661cc69182b1d73bec21e0 /usr.sbin/rpki-client/validate.c | |
| parent | 52e475daa87fd022cbb6bd58c7331e04fccef8f1 (diff) | |
Add support for ASPA objects (draft-ietf-sidrops-aspa-profile-10)
ASPA objects are published in the RPKI and can be used to detect and
mitigate BGP route leaks. Validated ASPA Payloads are visible through
filemode (-f) and the JSON output format (-j).
With feedback from tb@
OK claudio@ tb@
Diffstat (limited to 'usr.sbin/rpki-client/validate.c')
| -rw-r--r-- | usr.sbin/rpki-client/validate.c | 19 |
1 files changed, 18 insertions, 1 deletions
diff --git a/usr.sbin/rpki-client/validate.c b/usr.sbin/rpki-client/validate.c index cc6d9511a13..2638e38ab22 100644 --- a/usr.sbin/rpki-client/validate.c +++ b/usr.sbin/rpki-client/validate.c @@ -1,4 +1,4 @@ -/* $OpenBSD: validate.c,v 1.41 2022/08/19 12:45:53 tb Exp $ */ +/* $OpenBSD: validate.c,v 1.42 2022/08/30 18:56:49 job Exp $ */ /* * Copyright (c) 2019 Kristaps Dzonsons <kristaps@bsd.lv> * @@ -533,3 +533,20 @@ valid_econtent_version(const char *fn, const ASN1_INTEGER *aint) return 0; } } + +/* + * Validate the ASPA: check that the customerASID is contained. + * Returns 1 if valid, 0 otherwise. + */ +int +valid_aspa(const char *fn, struct cert *cert, struct aspa *aspa) +{ + + if (as_check_covered(aspa->custasid, aspa->custasid, + cert->as, cert->asz) > 0) + return 1; + + warnx("%s: ASPA: uncovered Customer ASID: %u", fn, aspa->custasid); + + return 0; +} |