ok you remove the "if (verbose > 0)" in the cms_parse_validate() case on purpose?
Claudio Jeker(cje...@diehard.n-r-g.com) on 2020.04.01 16:33:44 +0200: > On Wed, Apr 01, 2020 at 01:06:21PM +0200, Claudio Jeker wrote: > > Currently rpki-client logs missing files like this: > > > > rpki-client: ...trace: error:02FFF002:system library:func(4095):No such > > file or directory > > rpki-client: ...trace: error:20FFF080:BIO routines:CRYPTO_internal:no such > > file > > rpki-client: > > rpki.cnnic.cn/rpki/A9162E3D0000/515/FE-4PMY9qqTI2aJ0xLDm7cD-fvw.mft: > > BIO_new_file > > > > Yes, you need to read the errors in reverse and even then the errors are > > just hard to read. > > > > This ugly format is mostly to blame on the error stack of OpenSSL. > > As a workaround I switched to using fopen() and then BIO_new_fd() > > which does the same thing but allows me to get a nice error from fopen(): > > > > rpki-client: > > rpki.cnnic.cn/rpki/A9162E3D0000/515/FE-4PMY9qqTI2aJ0xLDm7cD-fvw.mft: fopen: > > No such file or directory > > > > Any opinions? > > This diff removes the fopen: from the warn string: > > rpki-client: > rpki.cnnic.cn/rpki/A9162E3D0000/515/FE-4PMY9qqTI2aJ0xLDm7cD-fvw.mft: No such > file or directory > > This is more in form with e.g. > > rpki-client: > rpki-repo.registro.br/repo/D81aiXpDAv5WBmgE8oEpfordjGP62otn2fHrhaL4cgby/0/3137372e3133302e302e302f32302d3234203d3e203238323630.roa: > CRL has expired > > -- > :wq Claudio > > Index: cert.c > =================================================================== > RCS file: /cvs/src/usr.sbin/rpki-client/cert.c,v > retrieving revision 1.14 > diff -u -p -r1.14 cert.c > --- cert.c 26 Feb 2020 02:35:08 -0000 1.14 > +++ cert.c 1 Apr 2020 14:28:29 -0000 > @@ -930,12 +930,18 @@ cert_parse_inner(X509 **xp, const char * > ASN1_OBJECT *obj; > struct parse p; > BIO *bio = NULL, *shamd; > + FILE *f; > EVP_MD *md; > char mdbuf[EVP_MAX_MD_SIZE]; > > *xp = NULL; > > - if ((bio = BIO_new_file(fn, "rb")) == NULL) { > + if ((f = fopen(fn, "rb")) == NULL) { > + warn("%s", fn); > + return NULL; > + } > + > + if ((bio = BIO_new_fp(f, BIO_CLOSE)) == NULL) { > if (verbose > 0) > cryptowarnx("%s: BIO_new_file", fn); > return NULL; > Index: cms.c > =================================================================== > RCS file: /cvs/src/usr.sbin/rpki-client/cms.c,v > retrieving revision 1.6 > diff -u -p -r1.6 cms.c > --- cms.c 29 Nov 2019 05:14:11 -0000 1.6 > +++ cms.c 1 Apr 2020 14:28:34 -0000 > @@ -42,6 +42,7 @@ cms_parse_validate(X509 **xp, const char > ASN1_OCTET_STRING **os = NULL; > BIO *bio = NULL, *shamd; > CMS_ContentInfo *cms; > + FILE *f; > char buf[128], mdbuf[EVP_MAX_MD_SIZE]; > int rc = 0, sz; > STACK_OF(X509) *certs = NULL; > @@ -55,10 +56,13 @@ cms_parse_validate(X509 **xp, const char > * This is usually fopen() failure, so let it pass through to > * the handler, which will in turn ignore the entity. > */ > + if ((f = fopen(fn, "rb")) == NULL) { > + warn("%s", fn); > + return NULL; > + } > > - if ((bio = BIO_new_file(fn, "rb")) == NULL) { > - if (verbose > 0) > - cryptowarnx("%s: BIO_new_file", fn); > + if ((bio = BIO_new_fp(f, BIO_CLOSE)) == NULL) { > + cryptowarnx("%s: BIO_new_fp", fn); > return NULL; > } > > Index: crl.c > =================================================================== > RCS file: /cvs/src/usr.sbin/rpki-client/crl.c,v > retrieving revision 1.7 > diff -u -p -r1.7 crl.c > --- crl.c 29 Nov 2019 04:40:04 -0000 1.7 > +++ crl.c 1 Apr 2020 14:28:41 -0000 > @@ -36,10 +36,16 @@ crl_parse(const char *fn, const unsigned > int rc = 0, sz; > X509_CRL *x = NULL; > BIO *bio = NULL, *shamd; > + FILE *f; > EVP_MD *md; > char mdbuf[EVP_MAX_MD_SIZE]; > > - if ((bio = BIO_new_file(fn, "rb")) == NULL) { > + if ((f = fopen(fn, "rb")) == NULL) { > + warn("%s", fn); > + return NULL; > + } > + > + if ((bio = BIO_new_fp(f, BIO_CLOSE)) == NULL) { > if (verbose > 0) > cryptowarnx("%s: BIO_new_file", fn); > return NULL; >