cert_revoked(X509_get_serialNumber(cert),
sk_X509_CRL_value(crls, sk_X509_CRL_num(crls) - 1))) {
pr_err("Certificate validation failed: certificate is revoked");
- X509_STORE_CTX_free(ctx);
- return -EREVOKED;
+ goto abort;
}
/*
/* Everything OK so far, error 0 is valid */
if (cert_revoked(X509_get_serialNumber(cert), crl)) {
- pr_err("Certificate validation failed: certificate is revoked at CRL");
- error = -EREVOKED;
+ error = pr_err("Certificate validation failed: certificate is revoked at CRL");
}
X509_CRL_free(crl);
error = handle_manifest(mft, rpp_parent_crl, &pp);
if (!mft_retry)
uri_refput(mft);
- /*
- * Break when:
- * - No error
- * - No need to retry
- * - Manifest its ok, but EE is revoked
- */
- if (!error || !mft_retry || error == -EREVOKED)
+ if (!error || !mft_retry)
break;
pr_info("Retrying repository download to discard 'transient inconsistency' manifest issue (see RFC 6481 section 5) '%s'",
#include "asn1/asn1c/ANY.h"
#include "asn1/asn1c/SignatureValue.h"
-/* Certificate is valid but is revoked */
-#define EREVOKED 8100
-
int certificate_load(struct rpki_uri *, X509 **);
/**
projects / thirdparty / FORT-validator.git / commitdiff
