ok
you remove the "if (verbose > 0)" in the cms_parse_validate() case on
purpose?
Claudio Jeker(cje...@diehard.n-r-g.com) on 2020.04.01 16:33:44 +0200:
> On Wed, Apr 01, 2020 at 01:06:21PM +0200, Claudio Jeker wrote:
> > Currently rpki-client logs missing files like this:
> >
> > rpki-client: ...trace: error:02FFF002:system library:func(4095):No such
> > file or directory
> > rpki-client: ...trace: error:20FFF080:BIO routines:CRYPTO_internal:no such
> > file
> > rpki-client:
> > rpki.cnnic.cn/rpki/A9162E3D0000/515/FE-4PMY9qqTI2aJ0xLDm7cD-fvw.mft:
> > BIO_new_file
> >
> > Yes, you need to read the errors in reverse and even then the errors are
> > just hard to read.
> >
> > This ugly format is mostly to blame on the error stack of OpenSSL.
> > As a workaround I switched to using fopen() and then BIO_new_fd()
> > which does the same thing but allows me to get a nice error from fopen():
> >
> > rpki-client:
> > rpki.cnnic.cn/rpki/A9162E3D0000/515/FE-4PMY9qqTI2aJ0xLDm7cD-fvw.mft: fopen:
> > No such file or directory
> >
> > Any opinions?
>
> This diff removes the fopen: from the warn string:
>
> rpki-client:
> rpki.cnnic.cn/rpki/A9162E3D0000/515/FE-4PMY9qqTI2aJ0xLDm7cD-fvw.mft: No such
> file or directory
>
> This is more in form with e.g.
>
> rpki-client:
> rpki-repo.registro.br/repo/D81aiXpDAv5WBmgE8oEpfordjGP62otn2fHrhaL4cgby/0/3137372e3133302e302e302f32302d3234203d3e203238323630.roa:
> CRL has expired
>
> --
> :wq Claudio
>
> Index: cert.c
> ===================================================================
> RCS file: /cvs/src/usr.sbin/rpki-client/cert.c,v
> retrieving revision 1.14
> diff -u -p -r1.14 cert.c
> --- cert.c 26 Feb 2020 02:35:08 -0000 1.14
> +++ cert.c 1 Apr 2020 14:28:29 -0000
> @@ -930,12 +930,18 @@ cert_parse_inner(X509 **xp, const char *
> ASN1_OBJECT *obj;
> struct parse p;
> BIO *bio = NULL, *shamd;
> + FILE *f;
> EVP_MD *md;
> char mdbuf[EVP_MAX_MD_SIZE];
>
> *xp = NULL;
>
> - if ((bio = BIO_new_file(fn, "rb")) == NULL) {
> + if ((f = fopen(fn, "rb")) == NULL) {
> + warn("%s", fn);
> + return NULL;
> + }
> +
> + if ((bio = BIO_new_fp(f, BIO_CLOSE)) == NULL) {
> if (verbose > 0)
> cryptowarnx("%s: BIO_new_file", fn);
> return NULL;
> Index: cms.c
> ===================================================================
> RCS file: /cvs/src/usr.sbin/rpki-client/cms.c,v
> retrieving revision 1.6
> diff -u -p -r1.6 cms.c
> --- cms.c 29 Nov 2019 05:14:11 -0000 1.6
> +++ cms.c 1 Apr 2020 14:28:34 -0000
> @@ -42,6 +42,7 @@ cms_parse_validate(X509 **xp, const char
> ASN1_OCTET_STRING **os = NULL;
> BIO *bio = NULL, *shamd;
> CMS_ContentInfo *cms;
> + FILE *f;
> char buf[128], mdbuf[EVP_MAX_MD_SIZE];
> int rc = 0, sz;
> STACK_OF(X509) *certs = NULL;
> @@ -55,10 +56,13 @@ cms_parse_validate(X509 **xp, const char
> * This is usually fopen() failure, so let it pass through to
> * the handler, which will in turn ignore the entity.
> */
> + if ((f = fopen(fn, "rb")) == NULL) {
> + warn("%s", fn);
> + return NULL;
> + }
>
> - if ((bio = BIO_new_file(fn, "rb")) == NULL) {
> - if (verbose > 0)
> - cryptowarnx("%s: BIO_new_file", fn);
> + if ((bio = BIO_new_fp(f, BIO_CLOSE)) == NULL) {
> + cryptowarnx("%s: BIO_new_fp", fn);
> return NULL;
> }
>
> Index: crl.c
> ===================================================================
> RCS file: /cvs/src/usr.sbin/rpki-client/crl.c,v
> retrieving revision 1.7
> diff -u -p -r1.7 crl.c
> --- crl.c 29 Nov 2019 04:40:04 -0000 1.7
> +++ crl.c 1 Apr 2020 14:28:41 -0000
> @@ -36,10 +36,16 @@ crl_parse(const char *fn, const unsigned
> int rc = 0, sz;
> X509_CRL *x = NULL;
> BIO *bio = NULL, *shamd;
> + FILE *f;
> EVP_MD *md;
> char mdbuf[EVP_MAX_MD_SIZE];
>
> - if ((bio = BIO_new_file(fn, "rb")) == NULL) {
> + if ((f = fopen(fn, "rb")) == NULL) {
> + warn("%s", fn);
> + return NULL;
> + }
> +
> + if ((bio = BIO_new_fp(f, BIO_CLOSE)) == NULL) {
> if (verbose > 0)
> cryptowarnx("%s: BIO_new_file", fn);
> return NULL;
>
