Re: rpki-client: check ipAddrBlock and autonomousSysNum for criticality

On Wed, Dec 29, 2021 at 01:12:25PM +0100, Claudio Jeker wrote: > On Wed, Dec 29, 2021 at 01:06:30AM +0100, Theo Buehler wrote: > > On Tue, Dec 28, 2021 at 05:08:46PM +0100, Claudio Jeker wrote: > > > On Mon, Dec 27, 2021 at 12:23:32PM +0100, Theo Buehler wrote: > > > > On Sat, Dec 25, 2021 at 05:48

Re: rpki-client: check ipAddrBlock and autonomousSysNum for criticality

On Wed, Dec 29, 2021 at 01:06:30AM +0100, Theo Buehler wrote: > On Tue, Dec 28, 2021 at 05:08:46PM +0100, Claudio Jeker wrote: > > On Mon, Dec 27, 2021 at 12:23:32PM +0100, Theo Buehler wrote: > > > On Sat, Dec 25, 2021 at 05:48:53PM +0100, Claudio Jeker wrote: > > > [...] > > > > I would love to g

Re: rpki-client: check ipAddrBlock and autonomousSysNum for criticality

On Tue, Dec 28, 2021 at 05:08:46PM +0100, Claudio Jeker wrote: > On Mon, Dec 27, 2021 at 12:23:32PM +0100, Theo Buehler wrote: > > On Sat, Dec 25, 2021 at 05:48:53PM +0100, Claudio Jeker wrote: > > [...] > > > I would love to get rid of X509_V_FLAG_IGNORE_CRITICAL and use a callback > > > to ensure

Re: rpki-client: check ipAddrBlock and autonomousSysNum for criticality

On Mon, Dec 27, 2021 at 12:23:32PM +0100, Theo Buehler wrote: > On Sat, Dec 25, 2021 at 05:48:53PM +0100, Claudio Jeker wrote: > [...] > > I would love to get rid of X509_V_FLAG_IGNORE_CRITICAL and use a callback > > to ensure the right extensions are critical but I never managed to > > understand

Re: rpki-client: check ipAddrBlock and autonomousSysNum for criticality

On Sat, Dec 25, 2021 at 05:48:53PM +0100, Claudio Jeker wrote: [...] > I would love to get rid of X509_V_FLAG_IGNORE_CRITICAL and use a callback > to ensure the right extensions are critical but I never managed to > understand how the X509_verify_cert() callback actually works. > Documentation seem

Re: rpki-client: check ipAddrBlock and autonomousSysNum for criticality

Hi Claudio, Claudio Jeker wrote on Sat, Dec 25, 2021 at 05:48:53PM +0100: > On Sat, Dec 25, 2021 at 11:36:50AM +0100, Theo Buehler wrote: >> These extensions MUST be marked critical by the sections of the spec >> mentioned in the cryptowarnx(). That's determined by the ASN1_BOOLEAN >> that is ext

Re: rpki-client: check ipAddrBlock and autonomousSysNum for criticality

On Sat, Dec 25, 2021 at 11:36:50AM +0100, Theo Buehler wrote: > These extensions MUST be marked critical by the sections of the spec > mentioned in the cryptowarnx(). That's determined by the ASN1_BOOLEAN > that is extracted and ignored after the FIXME a few lines below each of > the two hunks. Rat

rpki-client: check ipAddrBlock and autonomousSysNum for criticality

These extensions MUST be marked critical by the sections of the spec mentioned in the cryptowarnx(). That's determined by the ASN1_BOOLEAN that is extracted and ignored after the FIXME a few lines below each of the two hunks. Rather than getting the info from there, it's easier to use an API call t