Pull from trunk.

svn path=/branches/tk377/; revision=4989
author: Rob Austein <sra@hactrn.net> 2013-01-31 05:04:39 +0000
committer: Rob Austein <sra@hactrn.net> 2013-01-31 05:04:39 +0000
commit: 1dfcb1fc0ae6e9367868c3dab8d38c1bd091dcaf (patch)
tree: 9afde39f2bd354e212e709145adaa8763d31ecc0 /rcynic/rcynic.c
parent: b7c329cb97367a670a36dd9c50a3f761dd2b4963 (diff)
parent: 7f49d94068077fabfab83307c3f648b710ab369d (diff)
1 files changed, 3 insertions, 1 deletions
diff --git a/rcynic/rcynic.c b/rcynic/rcynic.c
index 2f37ed79..0634bc52 100644
--- a/rcynic/rcynic.c
+++ b/rcynic/rcynic.c
@@ -3707,7 +3707,8 @@ static int check_x509(rcynic_ctx_t *rc,
     ex_count--;
     if ((loc = X509_get_ext_by_NID(x, NID_sbgp_ipAddrBlock, -1)) < 0 ||
 	!X509_EXTENSION_get_critical(X509_get_ext(x, loc)) ||
-	!v3_addr_is_canonical(x->rfc3779_addr)) {
+	!v3_addr_is_canonical(x->rfc3779_addr) ||
+	sk_IPAddressFamily_num(x->rfc3779_addr) == 0) {
       log_validation_status(rc, uri, bad_ipaddrblocks, generation);
       goto done;
     }
@@ -3718,6 +3719,7 @@ static int check_x509(rcynic_ctx_t *rc,
     if ((loc = X509_get_ext_by_NID(x, NID_sbgp_autonomousSysNum, -1)) < 0 ||
 	!X509_EXTENSION_get_critical(X509_get_ext(x, loc)) ||
 	!v3_asid_is_canonical(x->rfc3779_asid) ||
+	x->rfc3779_asid->asnum == NULL ||
 	x->rfc3779_asid->rdi != NULL) {
       log_validation_status(rc, uri, bad_asidentifiers, generation);
       goto done;
author	Rob Austein <sra@hactrn.net>	2013-01-31 05:04:39 +0000
committer	Rob Austein <sra@hactrn.net>	2013-01-31 05:04:39 +0000
commit	1dfcb1fc0ae6e9367868c3dab8d38c1bd091dcaf (patch)
tree	9afde39f2bd354e212e709145adaa8763d31ecc0 /rcynic/rcynic.c
parent	b7c329cb97367a670a36dd9c50a3f761dd2b4963 (diff)
parent	7f49d94068077fabfab83307c3f648b710ab369d (diff)