Improve ICAO CSCA handling
Neither using the subject hash nor the authority key id is unique even in just a single CSCA certificate list, so we need to try all certificate candidates for a given authority key id. This also adds a script to extract CSCA "master list" files and convert them into a format easier to consume for us. This only adds CSCA keys for countries known to actually issue ICAO VDS vaccination certificates (AU, JP), and it takes those from the German BSI CSCA list as the official ICAO file is considered invalid by OpenSSL. This still needs further automation.
Please register or sign in to comment