On Thu, Jan 28, 2021 at 04:42:00PM +0100, Claudio Jeker wrote:
> Initially rpki-client checked the file hash while parsing the file (.roa,
> .cert or .crl) but since a while rpki-client does the hash check early
> during the .mft parsing with mft_check(). After that all files in the
> fileandhash attribute are verified and so there is no need to do it again.
>
> All in all this simplifies the code a fair bit. The only problematic case
> was the distinction between root cert and regular cert based on the
> presence of the digest. Instead use the presence of the public key (from
> the TAL). Result is the same, logic is inverse.
>
> So this still works for me.
Makes sense, ok tb
Please add the diff below to adjust regress when you land this.
Index: test-cert.c
===================================================================
RCS file: /cvs/src/regress/usr.sbin/rpki-client/test-cert.c,v
retrieving revision 1.6
diff -u -p -r1.6 test-cert.c
--- test-cert.c 9 Dec 2020 11:22:47 -0000 1.6
+++ test-cert.c 28 Jan 2021 16:14:30 -0000
@@ -145,7 +145,7 @@ main(int argc, char *argv[])
}
} else {
for (i = 0; i < argc; i++) {
- p = cert_parse(&xp, argv[i], NULL);
+ p = cert_parse(&xp, argv[i]);
if (p == NULL)
break;
if (verb)
Index: test-roa.c
===================================================================
RCS file: /cvs/src/regress/usr.sbin/rpki-client/test-roa.c,v
retrieving revision 1.7
diff -u -p -r1.7 test-roa.c
--- test-roa.c 9 Nov 2020 16:13:02 -0000 1.7
+++ test-roa.c 28 Jan 2021 16:14:44 -0000
@@ -87,7 +87,7 @@ main(int argc, char *argv[])
errx(1, "argument missing");
for (i = 0; i < argc; i++) {
- if ((p = roa_parse(&xp, argv[i], NULL)) == NULL)
+ if ((p = roa_parse(&xp, argv[i])) == NULL)
break;
if (verb)
roa_print(p);
