On Thu, Jan 28, 2021 at 04:42:00PM +0100, Claudio Jeker wrote: > Initially rpki-client checked the file hash while parsing the file (.roa, > .cert or .crl) but since a while rpki-client does the hash check early > during the .mft parsing with mft_check(). After that all files in the > fileandhash attribute are verified and so there is no need to do it again. > > All in all this simplifies the code a fair bit. The only problematic case > was the distinction between root cert and regular cert based on the > presence of the digest. Instead use the presence of the public key (from > the TAL). Result is the same, logic is inverse. > > So this still works for me.
Makes sense, ok tb Please add the diff below to adjust regress when you land this. Index: test-cert.c =================================================================== RCS file: /cvs/src/regress/usr.sbin/rpki-client/test-cert.c,v retrieving revision 1.6 diff -u -p -r1.6 test-cert.c --- test-cert.c 9 Dec 2020 11:22:47 -0000 1.6 +++ test-cert.c 28 Jan 2021 16:14:30 -0000 @@ -145,7 +145,7 @@ main(int argc, char *argv[]) } } else { for (i = 0; i < argc; i++) { - p = cert_parse(&xp, argv[i], NULL); + p = cert_parse(&xp, argv[i]); if (p == NULL) break; if (verb) Index: test-roa.c =================================================================== RCS file: /cvs/src/regress/usr.sbin/rpki-client/test-roa.c,v retrieving revision 1.7 diff -u -p -r1.7 test-roa.c --- test-roa.c 9 Nov 2020 16:13:02 -0000 1.7 +++ test-roa.c 28 Jan 2021 16:14:44 -0000 @@ -87,7 +87,7 @@ main(int argc, char *argv[]) errx(1, "argument missing"); for (i = 0; i < argc; i++) { - if ((p = roa_parse(&xp, argv[i], NULL)) == NULL) + if ((p = roa_parse(&xp, argv[i])) == NULL) break; if (verb) roa_print(p);