diff options
| author | Rob Austein <sra@hactrn.net> | 2013-07-18 14:38:49 +0000 |
|---|---|---|
| committer | Rob Austein <sra@hactrn.net> | 2013-07-18 14:38:49 +0000 |
| commit | f98b5ce061c1338ad87b552e5033c13599135cec (patch) | |
| tree | 6927e0d40695d0ab769d2e8d26a11c8538ea01fc /rpkid | |
| parent | c0653913adca6545036bd0590cb94f5d8e9248f2 (diff) | |
Log stale BPKI CMS CRLs. See #294.
svn path=/trunk/; revision=5438
Diffstat (limited to 'rpkid')
| -rw-r--r-- | rpkid/rpki/x509.py | 4 |
1 files changed, 4 insertions, 0 deletions
diff --git a/rpkid/rpki/x509.py b/rpkid/rpki/x509.py index 8883f3ce..b4e504d2 100644 --- a/rpkid/rpki/x509.py +++ b/rpkid/rpki/x509.py @@ -1279,6 +1279,10 @@ class CMS_object(DER_object): raise rpki.exceptions.CMSCertHasExpired("CMS certificate has expired", "%s (%s)" % ( x.getSubject(), x.hSKI())) + for c in crls: + if c.getNextUpdate() < now: + rpki.log.warn("Stale BPKI CMS CRL (%s %s %s)" % (c.getNextUpdate(), c.getIssuer(), c.hAKI())) + try: content = cms.verify(store) except (rpki.async.ExitNow, SystemExit): |