CVSROOT: /cvs Module name: src Changes by: j...@cvs.openbsd.org 2023/03/06 14:00:41
Modified files:
usr.sbin/rpki-client: x509.c
Log message:
Enforce X509v3 SKIs to be the SHA-1 hash of the Subject Public Key
In the RPKI-context (RFC 6487 section 4.8.2), SKIs are not at all
arbitary identifiers: they must be the SHA-1 hash of the
'Subject Public Key'. Add a SPK digest calculation and comparison
to the X509v3 extension containing the SKI.
OK tb@
