On Thu, May 30, 2024 at 04:43:42PM +0200, Theo Buehler wrote:
> This slightly generalizes x509_valid_subject() into a Name validating
> function, applies it to both subject and issuer of certs and uses it for
> CRLs as well.
> 
> Now the verifier does check that the issuer's subject matches the
> subject's issuer when building chains, but what exactly it checks
> on the CRL side of things is not quite so obvious.
> 
> I think we're better off checking both, as the check is simple and
> cheap enough. I haven't looked into adding some smarts for avoiding
> the afrinic special #if 0, but I'm not sure it's worth it.

OK job@