diff options
Diffstat (limited to 'usr.sbin/rpki-client')
-rw-r--r-- | usr.sbin/rpki-client/rsc.c | 9 |
1 files changed, 7 insertions, 2 deletions
diff --git a/usr.sbin/rpki-client/rsc.c b/usr.sbin/rpki-client/rsc.c index c8baa236194..59280c65f33 100644 --- a/usr.sbin/rpki-client/rsc.c +++ b/usr.sbin/rpki-client/rsc.c @@ -1,4 +1,4 @@ -/* $OpenBSD: rsc.c,v 1.8 2022/06/01 10:59:21 tb Exp $ */ +/* $OpenBSD: rsc.c,v 1.9 2022/06/04 02:14:21 tb Exp $ */ /* * Copyright (c) 2022 Theo Buehler <tb@openbsd.org> * Copyright (c) 2022 Job Snijders <job@fastly.com> @@ -347,7 +347,7 @@ rsc_parse_econtent(const unsigned char *d, size_t dsz, struct parse *p) goto out; } - switch(rsc_version) { + switch (rsc_version) { case 0: warnx("%s: RSC: incorrect version encoding", p->fn); goto out; @@ -418,6 +418,11 @@ rsc_parse(X509 **x509, const char *fn, const unsigned char *der, size_t len) goto out; } + if (X509_get_ext_by_NID(*x509, NID_sinfo_access, -1) != -1) { + warnx("%s: EE certificate MUST NOT have SIA extension", fn); + goto out; + } + at = X509_get0_notAfter(*x509); if (at == NULL) { warnx("%s: X509_get0_notAfter failed", fn); |