On Tue, Mar 02, 2021 at 11:45:22AM +0100, Claudio Jeker wrote: > On Mon, Mar 01, 2021 at 11:57:03AM +0100, Claudio Jeker wrote: > > On Sun, Feb 28, 2021 at 09:09:05AM +0100, Theo Buehler wrote: > > > On Thu, Feb 25, 2021 at 05:03:19PM +0100, Claudio Jeker wrote: > > > > On Fri, Feb 19, 2021 at 07:10:02PM +0100, Claudio Jeker wrote: > > > > > Some TAL files now include an https URI where the TA can be fetched > > > > > from. > > > > > With this diff rpki-client will download the TA from https unless that > > > > > fails and then fall back to rsync. > > > > > > > > > > This is not yet perfect but the diff is already large enough (adding a > > > > > full event based https client based on ftp codebase). For RRDP more a > > > > > lot > > > > > more is required and I probably will refactor the main.c code then. > > > > > > > > > > At the moment this adds a local mkostempat() function to implement > > > > > mkostemp() but with openat() instead of open(). I hope in the future > > > > > libc > > > > > will provide something. > > > > > > > > > > Thanks in advance for all the feedback > > > > > > > > Updated diff. I found some bugs in the http.c code base regarding > > > > conncetion failures (because of unreachable IPv6 on the server) and > > > > fixed > > > > redirects. Those should now be fixed. > > > > > > A couple of comments inline. Some cosmetic, some minor bugs. > > > > > > Apart from a return value glitch for tls_close() the libtls handling > > > looks correct to me and while I'm not a http expert, the state machine > > > makes sense. The string handling (chopping up and re-encoding) looks > > > correct with appropriate bounds checking. I spent quite a bit of time > > > going through it. > > > > > > Take from my comments whatever you like/makes sense, but I'm ok with > > > landing this and improving in tree. > > > > Thanks a lot for the review. I know that the code is a bit of mish mash > > mainly since most of it was stolen from ftp(1). > > > > ... > > > Here is an updated version of the diff after the last changes to > rpki-client. There is no longer needs the mkospathat.c file since > rpki-client now chdirs to the cache directory. > > I think this is now ready to go in.
Go for it! ok tb