rpki-client: add cert_parse_ta()
This merges the cert_parse() + ta_parse() dance into a single specialized
function responsible for parsing a TA cert. Removes another tricky use of
cert_parse() and makes things simpler for the callers.
ok claudio job
rpki-client: add cert_parse_ca_or_brk()
This is a specialized cert parser intended for a .cer in a manifest's
fileList which therefore only accepts CA and BGPsec certificates. This
pulls a check from the parser code into the cert code where it fits a
bit better.
ok claudio job
rpki-client: factor cert_deserialize_and_parse() helper out of cert_parse()
cert_parse() is currently a bit too general: it handles TA certs, CA certs
and BGPsec router certs to accommodate the needs of file mode. The need to
perform additional checks after a call to cert_parse() makes things fragile
and led to one of the issues addressed in recent errata.
cert_deserialize_and_parse() will become a wrapper for more specialized
functions in subsequent commits. While this is not pretty either, it does
simplify things on the caller side.
ok claudio job
rpki-client: split ta_check_validity() out of ta_parse()
The check that a TA is currently valid is only done here right now. It
should probably be done in cert_check_validity_period() instead. This is
left for a later diff.
ok claudio job
Disable interprocedural optimization
"ports-gcc is modern enough to support -flto but our binutils and ld in base
are not. So compiles break whenever lto is enabled on archs like sparc64."
-- claudio
OK tb@ claudio@