aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
Diffstat
-rw-r--r--rcynic/rcynic.c6
-rw-r--r--utils/print_rpki_manifest/print_rpki_manifest.c2
2 files changed, 5 insertions, 3 deletions
diff --git a/rcynic/rcynic.c b/rcynic/rcynic.c
index 3cdd2190..5e90df89 100644
--- a/rcynic/rcynic.c
+++ b/rcynic/rcynic.c
@@ -3850,7 +3850,8 @@ static int check_x509(rcynic_ctx_t *rc,
if (x->rfc3779_addr) {
ex_count--;
- if ((loc = X509_get_ext_by_NID(x, NID_sbgp_ipAddrBlock, -1)) < 0 ||
+ if (routercert ||
+ (loc = X509_get_ext_by_NID(x, NID_sbgp_ipAddrBlock, -1)) < 0 ||
!X509_EXTENSION_get_critical(X509_get_ext(x, loc)) ||
!v3_addr_is_canonical(x->rfc3779_addr) ||
sk_IPAddressFamily_num(x->rfc3779_addr) == 0) {
@@ -3877,7 +3878,8 @@ static int check_x509(rcynic_ctx_t *rc,
!X509_EXTENSION_get_critical(X509_get_ext(x, loc)) ||
!v3_asid_is_canonical(x->rfc3779_asid) ||
x->rfc3779_asid->asnum == NULL ||
- x->rfc3779_asid->rdi != NULL) {
+ x->rfc3779_asid->rdi != NULL ||
+ (routercert && x->rfc3779_asid->asnum->type == ASIdentifierChoice_inherit)) {
log_validation_status(rc, uri, bad_asidentifiers, generation);
goto done;
}
diff --git a/utils/print_rpki_manifest/print_rpki_manifest.c b/utils/print_rpki_manifest/print_rpki_manifest.c
index 4bdea2b6..ac26c801 100644
--- a/utils/print_rpki_manifest/print_rpki_manifest.c
+++ b/utils/print_rpki_manifest/print_rpki_manifest.c
@@ -182,7 +182,7 @@ static int usage (const char *jane, const int code)
FILE *out = code ? stderr : stdout;
int i;
- fprintf(out, "usage: %s [options] ROA [ROA...]\n", jane);
+ fprintf(out, "usage: %s [options] manifest [manifest...]\n", jane);
fprintf(out, "options:\n");
for (i = 0; longopts[i].name != NULL; i++)
fprintf(out, " -%c --%s\n", longopts[i].val, longopts[i].name);
generated by cgit v1.2.3 (git 2.25.1) at 2025-06-02 06:54:39 +0000