diff options
| author | Rob Austein <sra@hactrn.net> | 2012-01-26 23:24:08 +0000 |
|---|---|---|
| committer | Rob Austein <sra@hactrn.net> | 2012-01-26 23:24:08 +0000 |
| commit | 4c9ae6733fcbba2b7720e600cc43ce3230b827ec (patch) | |
| tree | 59b28e538c1eb24d6c7c8be679086c7d877225e0 | |
| parent | 8b3ede152f19f6a3e31e1b1c1c29a3ec71c098a9 (diff) | |
Back out over-zealous change introduced as part of [4267] --
apparently ASID extensions are legal in EE certificates for ROAs,
although given the other constraints I can't think of a sane reason
why this is allowed when so much else is nailed down.
svn path=/trunk/; revision=4269
| -rw-r--r-- | rcynic/rcynic.c | 5 |
1 files changed, 0 insertions, 5 deletions
diff --git a/rcynic/rcynic.c b/rcynic/rcynic.c index 6be1a5c7..3dc3c044 100644 --- a/rcynic/rcynic.c +++ b/rcynic/rcynic.c @@ -4012,11 +4012,6 @@ static int check_roa_1(rcynic_ctx_t *rc, goto error; } - if (X509_get_ext_by_NID(x, NID_sbgp_autonomousSysNum, -1) >= 0) { - log_validation_status(rc, uri, disallowed_x509v3_extension, generation); - goto error; - } - if ((signer_infos = CMS_get0_SignerInfos(cms)) == NULL || sk_CMS_SignerInfo_num(signer_infos) != 1 || (si = sk_CMS_SignerInfo_value(signer_infos, 0)) == NULL || |