Bugfix: policy was not being initialized

diff --git a/deconf.sh b/deconf.sh
index 6b3dba9ea797d4872cec9f0dabfad41bde4c0fe3..5bfc806fcb0f1f9000e355bd94771e94e8e61d66 100755 (executable)
--- a/deconf.sh
+++ b/deconf.sh
@@ -1,13 +1,6 @@
-make distclean
-rm -frv \
-       Makefile.in \
-       aclocal.m4 \
-       autom4te.cache \
-       compile \
-       configure \
-       depcomp \
-       install-sh \
-       missing \
-       man/Makefile.in \
-       src/Makefile.in
-
+git clean -dfx \
+       -e .cproject \
+       -e .project \
+       -e .settings \
+       -e .metadata \
+       -e Debug/

diff --git a/src/asn1/signed_data.c b/src/asn1/signed_data.c
index 1a0517b84f334e5d1c43f57141cc082eb4541ec9..4d0b7f0667fa8c3b25834df692d53a40c293dc99 100644 (file)
--- a/src/asn1/signed_data.c
+++ b/src/asn1/signed_data.c
@@ -376,6 +376,10 @@ validate(struct SignedData *sdata, struct signed_object_args *args)
         * > encountered.
         *
         * So, nothing to do for now.
+        *
+        * TODO "In the certificate, the OID appears in the signature and
+        * signatureAlgorithm fields [RFC4055]." So it has to be the same as
+        * some other field?
         */
 
        /* rfc6488#section-2.1.6.6 */

diff --git a/src/object/certificate.c b/src/object/certificate.c
index 461457cbce91a331c558e59e7bd7f6087c84deb7..4d4fe435c432b9d37e2f21c16b944cddc6b0687c 100644 (file)
--- a/src/object/certificate.c
+++ b/src/object/certificate.c
@@ -1081,7 +1081,7 @@ certificate_validate_extensions_ta(X509 *cert, struct rpki_uri *mft,
            { ext_aki(), false, handle_aki_ta, cert      },
            { ext_ku(),  true,  handle_ku_ca,            },
            { ext_sia(), true,  handle_sia_ca, mft       },
-           { ext_cp(),  true,  handle_cp,               },
+           { ext_cp(),  true,  handle_cp,     policy    },
            { ext_ir(),  false, handle_ir,               },
            { ext_ar(),  false, handle_ar,               },
            { ext_ir2(), false, handle_ir,               },
@@ -1105,7 +1105,7 @@ certificate_validate_extensions_ca(X509 *cert, struct rpki_uri *mft,
            { ext_cdp(), true,  handle_cdp,    refs      },
            { ext_aia(), true,  handle_aia,    refs      },
            { ext_sia(), true,  handle_sia_ca, mft       },
-           { ext_cp(),  true,  handle_cp,               },
+           { ext_cp(),  true,  handle_cp,     policy    },
            { ext_ir(),  false, handle_ir,               },
            { ext_ar(),  false, handle_ar,               },
            { ext_ir2(), false, handle_ir,               },