CVSROOT: /cvs
Module name: src
Changes by: [email protected] 2026/01/13 01:36:01
Modified files:
usr.sbin/rpki-client: Tag: OPENBSD_7_8 cert.c parser.c
Log message:
rpki-client: check purpose for .cer files in Manifests
Only intermediate CAs and BGPsec certificates are allowed in a Manifest
fileList. Check this is the case, otherwise stop processing the cert.
Missing check reported by Xie Yifan
ok claudio job
rpki-client: only accept BGPsec certs with a single AS number
We've long been pointing out that the possibility of adding multiple AS
numbers and in particular AS ranges to BGPsec Router Certificates is at
best dubious. Enforce that there is a single AS, encoded as an ASID, not
as an ASRange with a single element (cf. eid7653 to RFC 3779).
Prompted by a report by Xie Yifan
with/ok claudio job
this is errata/7.8/012_rpki.patch.sig
