CVSROOT: /cvs Module name: src Changes by: t...@cvs.openbsd.org 2023/03/14 01:09:11
Modified files:
usr.sbin/rpki-client: x509.c
Log message:
rpki-client: disallow AIA in self-signed certs
Per RFC 6487, 4.8.7, self-signed certificates must not have an Authority
Info Access extension. In normal operation this is ensured by ta_parse()
and cert_parse(), respectively. In filemode, only partial checks are
performed, so this is not guaranteed.
Issue flagged by and ok job
