From: Job Snijders <job@bsd.nl>
Subject: rpki-client: provide reference for signed object displacement/replay warning
To: tech@openbsd.org
Date: Sat, 13 Jun 2026 08:33:33 +0000

Checking for signed object displacement/replay is now standardized.

OK?

Index: cert.c
===================================================================
RCS file: /cvs/src/usr.sbin/rpki-client/cert.c,v
diff -u -p -r1.237 cert.c
--- cert.c	16 May 2026 07:27:03 -0000	1.237
+++ cert.c	13 Jun 2026 08:29:23 -0000
@@ -918,8 +918,8 @@ cert_ee_sia(const char *fn, struct cert 
 		plen = strlen(p);
 
 		if (fnlen < plen || strcmp(p, fn + fnlen - plen) != 0) {
-			warnx("%s: mismatch between pathname and SIA (%s)",
-			    fn, cert->signedobj);
+			warnx("%s: RFC 9981 section 4: mismatch between "
+			    "pathname and SIA (%s)", fn, cert->signedobj);
 			goto out;
 		}
 	}