On Tue, Jan 04, 2022 at 02:48:17PM +0100, Theo Buehler wrote:
> As discussed in the previous thread, we can simplify the verify callback
> by getting rid of the extremely noisy warnx at the end. Fail directly on
> encountering an unknown critical extension and succeed otherwise.
OK claudio@ (and thanks for taking care of this)
> Index: parser.c
> ===================================================================
> RCS file: /cvs/src/usr.sbin/rpki-client/parser.c,v
> retrieving revision 1.30
> diff -u -p -r1.30 parser.c
> --- parser.c 4 Jan 2022 13:39:01 -0000 1.30
> +++ parser.c 4 Jan 2022 13:44:35 -0000
> @@ -55,9 +55,6 @@ verify_cb(int ok, X509_STORE_CTX *store_
> ASN1_OBJECT *obj;
> char *file;
> int depth, error, i, nid;
> - int saw_ipAddrBlock = 0;
> - int saw_autonomousSysNum = 0;
> - int saw_unknown = 0;
>
> error = X509_STORE_CTX_get_error(store_ctx);
> depth = X509_STORE_CTX_get_error_depth(store_ctx);
> @@ -94,25 +91,16 @@ verify_cb(int ok, X509_STORE_CTX *store_
> nid = OBJ_obj2nid(obj);
> switch (nid) {
> case NID_sbgp_ipAddrBlock:
> - saw_ipAddrBlock = 1;
> - break;
> case NID_sbgp_autonomousSysNum:
> - saw_autonomousSysNum = 1;
> - break;
> + continue;
> default:
> warnx("%s: depth %d: unknown extension: nid %d",
> file, depth, nid);
> - saw_unknown = 1;
> - break;
> + return 0;
> }
> }
>
> - if (verbose > 1)
> - warnx("%s: depth %d, ipAddrBlock %d, autonomousSysNum %d",
> - file, depth, saw_ipAddrBlock, saw_autonomousSysNum);
> -
> - /* Fail if we saw an unknown extension. */
> - return !saw_unknown;
> + return 1;
> }
>
> /*
>
--
:wq Claudio
