On Mon, Aug 22, 2022 at 12:14:53PM +0200, Theo Buehler wrote: > rpki-client portable makes sure that libcrypto has RFC 3779 support. > Therefore the X509_verify_cert() call in valid_x509() will already > perform the checks that the RFC 3779 extensions are covered along the > chain. While valid_cert()'s errors would be nicer than the validator's, > they can't be reached anymore. > > The check that a BGPsec cert's AS numbers must not be inherited can be > done in cert_parse_pre() like most of the other checks for BGPsec certs. > > With the removal of valid_cert(), valid_as() and valid_ip() are unused > and can also go.
OK job@
