rpki-client: ignore malformed revocationDate in CRLs

mirror of https://github.com/openbsd/src.git synced 2026-04-30 09:06:11 +00:00

Do not treat x509_get_time() failure as a hard error in file mode.
Just skip the entry we can't format and emit a warning.

ok claudio

This commit is contained in:

2026-04-13 03:14:28 +00:00

parent 284b3d32c6

commit 380397a6e9

1 changed files with 5 additions and 3 deletions

									
										8

usr.sbin/rpki-client/print.c
									
												View File
												
				@@ -1,4 +1,4 @@

				/*	$OpenBSD: print.c,v 1.75 2026/04/03 02:07:15 tb Exp $ */

				/*	$OpenBSD: print.c,v 1.76 2026/04/13 03:14:28 tb Exp $ */

				/*

				 * Copyright (c) 2021 Claudio Jeker <claudio@openbsd.org>

				 * Copyright (c) 2019 Kristaps Dzonsons <kristaps@bsd.lv>

				@@ -424,10 +424,12 @@ crl_print(const struct crl *p)

					revlist = X509_CRL_get_REVOKED(p->x509_crl);

					for (i = 0; i < sk_X509_REVOKED_num(revlist); i++) {

						rev = sk_X509_REVOKED_value(revlist, i);

						if (!x509_get_time(X509_REVOKED_get0_revocationDate(rev), &t)) {

							warnx("x509_get_time() failed - malformed ASN.1?");

							continue;

						}

						serial = x509_convert_seqnum(__func__, "serial number",

						    X509_REVOKED_get0_serialNumber(rev));

						if (!x509_get_time(X509_REVOKED_get0_revocationDate(rev), &t))

							errx(1, "x509_get_time() failed - malformed ASN.1?");

						if (serial != NULL) {

							if (outformats & FORMAT_JSON) {

								json_do_object("cert", 1);

rpki-client: ignore malformed revocationDate in CRLs

8 usr.sbin/rpki-client/print.c Unescape Escape View File

8

usr.sbin/rpki-client/print.c

View File