diff options
| author | Rob Austein <sra@hactrn.net> | 2014-11-12 00:25:21 +0000 |
|---|---|---|
| committer | Rob Austein <sra@hactrn.net> | 2014-11-12 00:25:21 +0000 |
| commit | 603e4af7801a71c65e113bb40c19ea8636bab87f (patch) | |
| tree | 55babb5f3ef5c25a3640dcb89f284c271b12d6fa | |
| parent | a73acf54329f8dd839339cb40e9a53c091633f76 (diff) | |
Initial (awful kludge) version of adding RRDP URIs to SIA extension.
This needs rewriting, but doing it properly requires a minor database
schema change, and I'm trying to get a test case running by tomorrow
morning.
svn path=/trunk/; revision=6015
| -rw-r--r-- | rp/rcynic/rcynic.c | 15 |
1 files changed, 9 insertions, 6 deletions
diff --git a/rp/rcynic/rcynic.c b/rp/rcynic/rcynic.c index 8db15e55..219a8b73 100644 --- a/rp/rcynic/rcynic.c +++ b/rp/rcynic/rcynic.c @@ -410,7 +410,7 @@ DECLARE_STACK_OF(validation_status_t) typedef struct certinfo { int ca, ta; object_generation_t generation; - uri_t uri, sia, aia, crldp, manifest, signedobject; + uri_t uri, sia, aia, crldp, manifest, signedobject, rpkinotify; } certinfo_t; typedef struct rcynic_ctx rcynic_ctx_t; @@ -3715,18 +3715,21 @@ static int check_x509(rcynic_ctx_t *rc, if ((sia = X509_get_ext_d2i(x, NID_sinfo_access, NULL, NULL)) != NULL) { int got_caDirectory, got_rpkiManifest, got_signedObject; - int n_caDirectory = 0, n_rpkiManifest = 0, n_signedObject = 0; + int n_caDirectory = 0, n_rpkiManifest = 0, n_signedObject = 0, n_rpkiNotify = 0; ex_count--; ok = (extract_access_uri(rc, uri, generation, sia, NID_caRepository, - &certinfo->sia, &n_caDirectory) && + &certinfo->sia, &n_caDirectory, is_rsync) && extract_access_uri(rc, uri, generation, sia, NID_ad_rpkiManifest, - &certinfo->manifest, &n_rpkiManifest) && + &certinfo->manifest, &n_rpkiManifest, is_rsync) && extract_access_uri(rc, uri, generation, sia, NID_ad_signedObject, - &certinfo->signedobject, &n_signedObject)); + &certinfo->signedobject, &n_signedObject, is_rsync) && + extract_access_uri(rc, uri, generation, sia, NID_ad_rpkiNotify, + &certinfo->rpkinotify, &n_rpkiNotify, is_http)); got_caDirectory = certinfo->sia.s[0] != '\0'; got_rpkiManifest = certinfo->manifest.s[0] != '\0'; got_signedObject = certinfo->signedobject.s[0] != '\0'; - ok &= sk_ACCESS_DESCRIPTION_num(sia) == n_caDirectory + n_rpkiManifest + n_signedObject; + ok &= (sk_ACCESS_DESCRIPTION_num(sia) == + n_caDirectory + n_rpkiManifest + n_signedObject + n_rpkiNotify); if (certinfo->ca) ok &= got_caDirectory && got_rpkiManifest && !got_signedObject; else if (rc->allow_ee_without_signedObject) |