aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorRob Austein <sra@hactrn.net>2012-01-26 23:24:08 +0000
committerRob Austein <sra@hactrn.net>2012-01-26 23:24:08 +0000
commit4c9ae6733fcbba2b7720e600cc43ce3230b827ec (patch)
tree59b28e538c1eb24d6c7c8be679086c7d877225e0
parent8b3ede152f19f6a3e31e1b1c1c29a3ec71c098a9 (diff)
Back out over-zealous change introduced as part of [4267] --
apparently ASID extensions are legal in EE certificates for ROAs, although given the other constraints I can't think of a sane reason why this is allowed when so much else is nailed down. svn path=/trunk/; revision=4269
-rw-r--r--rcynic/rcynic.c5
1 files changed, 0 insertions, 5 deletions
diff --git a/rcynic/rcynic.c b/rcynic/rcynic.c
index 6be1a5c7..3dc3c044 100644
--- a/rcynic/rcynic.c
+++ b/rcynic/rcynic.c
@@ -4012,11 +4012,6 @@ static int check_roa_1(rcynic_ctx_t *rc,
goto error;
}
- if (X509_get_ext_by_NID(x, NID_sbgp_autonomousSysNum, -1) >= 0) {
- log_validation_status(rc, uri, disallowed_x509v3_extension, generation);
- goto error;
- }
-
if ((signer_infos = CMS_get0_SignerInfos(cms)) == NULL ||
sk_CMS_SignerInfo_num(signer_infos) != 1 ||
(si = sk_CMS_SignerInfo_value(signer_infos, 0)) == NULL ||