On Tue, Jun 20, 2023 at 08:58:23PM +0200, Theo Buehler wrote: > For some reason libcrypto doesn't check this part of RFC 5280, 4.2: A > certificate MUST NOT include more than one instance of a particular > extension. > > With the badCertSIA2x.cer from Ties's test artefacts, I get this > warning: > > rpki-client: badCertSIA2x.cer: RFC 5280 section 4.2: duplicate > subjectInfoAccess extension > > https://github.com/ties/rpki-commons-object-scan/tree/main/app/src/test/resources/bbn-conformance/root > > The diff below is straightforward. It does not help EE certs. That > could be done similarly.
OK job@
