From 55db1576ffea7325936715b5aa51832ad8e2305d562cab19808869cfec86c73b Mon Sep 17 00:00:00 2001
From: Sergey Matveev <stargrave@stargrave.org>
Date: Tue, 15 Oct 2024 16:02:52 +0300
Subject: [PATCH] Check ca ku presence

---
 cyac/cmd/cer-verify/cer-verify.c | 10 +++++++++-
 1 file changed, 9 insertions(+), 1 deletion(-)

diff --git a/cyac/cmd/cer-verify/cer-verify.c b/cyac/cmd/cer-verify/cer-verify.c
index 9643a29..8c4018d 100644
--- a/cyac/cmd/cer-verify/cer-verify.c
+++ b/cyac/cmd/cer-verify/cer-verify.c
@@ -89,10 +89,18 @@ main(int argc, char **argv)
             fputs("\n", stdout);
             return EXIT_FAILURE;
         }
-        fputs("ok\n", stdout);
         if (memcmp(toVerify->sid, toVerify->pkid, 16) == 0) {
+            fputs("ok\n", stdout);
             break;
         }
+        {
+            ptrdiff_t ku = YACItemsGetByKey(&(verifier->items), verifier->load, "ku");
+            if ((ku == -1) || YACItemsGetByKey(&(verifier->items), ku, "ca") == -1) {
+                fputs("no ca ku\n", stdout);
+                return EXIT_FAILURE;
+            }
+        }
+        fputs("ok\n", stdout);
         toVerify = verifier;
     }
     return EXIT_SUCCESS;
-- 
2.51.0