CVSROOT: /cvs
Module name: src
Changes by: [email protected] 2024/06/10 04:50:13
Modified files:
usr.sbin/rpki-client: cert.c x509.c
Log message:
rpki-client: fix and move more KU/EKU to x509_get_purpose()
Now all key usage and extended key usage handling is at the same place.
This fixes a bug for BGPsec Router certs where key usage was ignored.
Another omission that is fixed here is that criticality of the key usage
extension was not checked. Drop a comment about possible use of EKU that
was in the TA/CA code path but would only apply to EE certs.
ok claudio
