aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
Diffstat
-rw-r--r--rpkid/rpki/x509.py4
1 files changed, 4 insertions, 0 deletions
diff --git a/rpkid/rpki/x509.py b/rpkid/rpki/x509.py
index 8883f3ce..b4e504d2 100644
--- a/rpkid/rpki/x509.py
+++ b/rpkid/rpki/x509.py
@@ -1279,6 +1279,10 @@ class CMS_object(DER_object):
raise rpki.exceptions.CMSCertHasExpired("CMS certificate has expired", "%s (%s)" % (
x.getSubject(), x.hSKI()))
+ for c in crls:
+ if c.getNextUpdate() < now:
+ rpki.log.warn("Stale BPKI CMS CRL (%s %s %s)" % (c.getNextUpdate(), c.getIssuer(), c.hAKI()))
+
try:
content = cms.verify(store)
except (rpki.async.ExitNow, SystemExit):
generated by cgit v1.2.3 (git 2.25.1) at 2025-05-12 09:59:04 +0000