AKI extension is optional for self-signed RPKI certificates.

svn path=/trunk/; revision=4275
author: Rob Austein <sra@hactrn.net> 2012-01-31 03:58:51 +0000
committer: Rob Austein <sra@hactrn.net> 2012-01-31 03:58:51 +0000
commit: 5ff8fec168374a6591b2b140a2721c7e9d67e77c (patch)
tree: 1b1410f3f2a604e4c8032ee4e0f7e50966ef50e5 /rcynic/rcynic.c
parent: d47b19fe99f05c4bc49dbdf01ac959e6bfdcaf21 (diff)
1 files changed, 5 insertions, 5 deletions
diff --git a/rcynic/rcynic.c b/rcynic/rcynic.c
index 3dc3c044..de473a49 100644
--- a/rcynic/rcynic.c
+++ b/rcynic/rcynic.c
@@ -3500,6 +3500,11 @@ static int check_x509(rcynic_ctx_t *rc,
     goto done;
   }
 
+  if (check_aki(rc, uri, w->cert, x->akid, generation))
+    ex_count--;
+  else if (!certinfo->ta || x->akid)
+    goto done;
+
   if (certinfo->ta) {
 
     if (certinfo->crldp.s[0]) {
@@ -3509,11 +3514,6 @@ static int check_x509(rcynic_ctx_t *rc,
 
   } else {
 
-    if (check_aki(rc, uri, w->cert, x->akid, generation))
-      ex_count--;
-    else
-      goto done;
-
     if (!certinfo->crldp.s[0]) {
       log_validation_status(rc, uri, crldp_uri_missing, generation);
       goto done;
author	Rob Austein <sra@hactrn.net>	2012-01-31 03:58:51 +0000
committer	Rob Austein <sra@hactrn.net>	2012-01-31 03:58:51 +0000
commit	5ff8fec168374a6591b2b140a2721c7e9d67e77c (patch)
tree	1b1410f3f2a604e4c8032ee4e0f7e50966ef50e5 /rcynic/rcynic.c
parent	d47b19fe99f05c4bc49dbdf01ac959e6bfdcaf21 (diff)