cert_revoked(X509_get_serialNumber(cert),
sk_X509_CRL_value(crls, sk_X509_CRL_num(crls) - 1))) {
pr_err("Certificate validation failed: certificate is revoked");
- goto abort;
+ X509_STORE_CTX_free(ctx);
+ return -EREVOKED;
}
/*
/* Everything OK so far, error 0 is valid */
if (cert_revoked(X509_get_serialNumber(cert), crl)) {
- error = pr_err("Certificate validation failed: certificate is revoked at CRL");
+ pr_err("Certificate validation failed: certificate is revoked at CRL");
+ error = -EREVOKED;
}
X509_CRL_free(crl);
error = handle_manifest(mft, rpp_parent_crl, &pp);
if (!mft_retry)
uri_refput(mft);
- if (!error || !mft_retry)
+ /*
+ * Break when:
+ * - No error
+ * - No need to retry
+ * - Manifest its ok, but EE is revoked
+ */
+ if (!error || !mft_retry || error == -EREVOKED)
break;
pr_info("Retrying repository download to discard 'transient inconsistency' manifest issue (see RFC 6481 section 5) '%s'",
#include "asn1/asn1c/ANY.h"
#include "asn1/asn1c/SignatureValue.h"
+/* Certificate is valid but is revoked */
+#define EREVOKED 8100
+
int certificate_load(struct rpki_uri *, X509 **);
/**
projects / thirdparty / FORT-validator.git / commitdiff
