On Mon, Jun 30, 2025 at 09:41:27AM +0200, Theo Buehler wrote:
> On Mon, Jun 23, 2025 at 09:16:06AM +0200, Theo Buehler wrote:
> [...]
> > Parse SIA extensions for EE certificates. There should only be (perhaps
> > multiple) id-ad-signed-Object access methods, but unfortunately the
> > ecosystem is polluted with currently roughly 50k EE certs containing
> > an rpkiNotify access method. So we need to continue to tolerate that.
> > 
> > Rename sbgp_sia() (whose name doesn't make much sense) to cert_ca_sia().
> > Add cert_ee_sia() which is similar to cert_ca_sia() and x509_get_sia().
> > There's duplication of code and work because of the latter. I am going
> > to remove x509_get_sia() further down the road, which will make use of
> > the new cert->signedobj member. Since it's only for EE certs, there's
> > no need to transfer it over the pipes.
> > 
> > Likewise, cert_parse_ee_cert() and cert_parse_pre() will see quite a bit
> > of deduplication.
> 
> Trivially rebased on top of recent changes.

OK job@