diff options
| author | Rob Austein <sra@hactrn.net> | 2015-11-29 03:58:51 +0000 |
|---|---|---|
| committer | Rob Austein <sra@hactrn.net> | 2015-11-29 03:58:51 +0000 |
| commit | 3b93c02c1e50afc7ba5eebe9791f1ee71f10de0e (patch) | |
| tree | 535c42233f2825a4c1f8bc520b6439e81818e75a /rp | |
| parent | 2eebc88ed0692b1bb48ab11dde3ed45ed8298096 (diff) | |
rcynicng caught a bug in rpkid! Router certificates are forbidden
from having SIA extensions, unlike all other RPKI certificates which
are required to have them.
Start moving RPKI conformance checks which can be performed in Python
out of POW.c, tag a bunch more for consideration.
svn path=/branches/tk705/; revision=6204
Diffstat (limited to 'rp')
| -rwxr-xr-x | rp/rcynic/rcynicng | 4 |
1 files changed, 4 insertions, 0 deletions
diff --git a/rp/rcynic/rcynicng b/rp/rcynic/rcynicng index b98053e2..21cd9b6d 100755 --- a/rp/rcynic/rcynicng +++ b/rp/rcynic/rcynicng @@ -357,6 +357,10 @@ class Manifest(rpki.POW.Manifest): self.nextUpdate = self.getNextUpdate() self.number = self.getManifestNumber() self.fah = self.getFiles() + self.notBefore = self.ee.getNotBefore() + self.notAfter = self.ee.getNotAfter() + if self.thisUpdate < self.notBefore or self.nextUpdate > self.notAfter: + status.add(codes.MANIFEST_INTERVAL_OVERRUNS_CERT) codes.normalize(status) return not any(s.kind == "bad" for s in status) |