aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
Diffstat
-rw-r--r--rcynic/rcynic.c6
1 files changed, 6 insertions, 0 deletions
diff --git a/rcynic/rcynic.c b/rcynic/rcynic.c
index 0634bc52..355b1c19 100644
--- a/rcynic/rcynic.c
+++ b/rcynic/rcynic.c
@@ -230,6 +230,7 @@ static const struct {
QB(cms_signer_missing, "CMS signer missing") \
QB(cms_ski_mismatch, "CMS SKI mismatch") \
QB(cms_validation_failure, "CMS validation failure") \
+ QB(crl_issuer_name_mismatch, "CRL issuer name mismatch") \
QB(crl_not_in_manifest, "CRL not listed in manifest") \
QB(crl_not_yet_valid, "CRL not yet valid") \
QB(crl_number_extension_missing, "CRL number extension missing") \
@@ -3269,6 +3270,11 @@ static X509_CRL *check_crl_1(rcynic_ctx_t *rc,
goto punt;
}
+ if (X509_NAME_cmp(X509_CRL_get_issuer(crl), X509_get_subject_name(issuer))) {
+ log_validation_status(rc, uri, crl_issuer_name_mismatch, generation);
+ goto punt;
+ }
+
if (!check_allowed_dn(X509_CRL_get_issuer(crl))) {
log_validation_status(rc, uri, nonconformant_issuer_name, generation);
if (!rc->allow_nonconformant_name)
generated by cgit v1.2.3 (git 2.25.1) at 2025-05-12 10:52:43 +0000