On Wed, Jan 05, 2022 at 11:45:55AM +0100, Claudio Jeker wrote: > This changes the last proc_parser function over to not pass the entity to > the function. In this case apart from file we also need to pass the public > key of the TA and the tal identifier. > > Change is mechanical and makes all callers work the same way.
ok tb > -- > :wq Claudio > > Index: parser.c > =================================================================== > RCS file: /cvs/src/usr.sbin/rpki-client/parser.c,v > retrieving revision 1.32 > diff -u -p -r1.32 parser.c > --- parser.c 4 Jan 2022 18:41:32 -0000 1.32 > +++ parser.c 5 Jan 2022 09:49:07 -0000 > @@ -246,8 +246,7 @@ proc_parser_mft(char *file, const unsign > * parse failure. > */ > static struct cert * > -proc_parser_cert(char *file, const unsigned char *der, > - size_t len) > +proc_parser_cert(char *file, const unsigned char *der, size_t len) > { > struct cert *cert; > X509 *x509; > @@ -325,8 +324,8 @@ proc_parser_cert(char *file, const unsig > * parse failure. > */ > static struct cert * > -proc_parser_root_cert(const struct entity *entp, const unsigned char *der, > - size_t len) > +proc_parser_root_cert(char *file, const unsigned char *der, size_t len, > + unsigned char *pkey, size_t pkeysz, int talid) > { > char subject[256]; > ASN1_TIME *notBefore, *notAfter; > @@ -334,52 +333,49 @@ proc_parser_root_cert(const struct entit > struct cert *cert; > X509 *x509; > > - assert(entp->data != NULL); > - > /* Extract certificate data and X509. */ > > - cert = ta_parse(&x509, entp->file, der, len, entp->data, entp->datasz); > + cert = ta_parse(&x509, file, der, len, pkey, pkeysz); > if (cert == NULL) > return NULL; > > if ((name = X509_get_subject_name(x509)) == NULL) { > - warnx("%s Unable to get certificate subject", entp->file); > + warnx("%s Unable to get certificate subject", file); > goto badcert; > } > if (X509_NAME_oneline(name, subject, sizeof(subject)) == NULL) { > - warnx("%s: Unable to parse certificate subject name", > - entp->file); > + warnx("%s: Unable to parse certificate subject name", file); > goto badcert; > } > if ((notBefore = X509_get_notBefore(x509)) == NULL) { > warnx("%s: certificate has invalid notBefore, subject='%s'", > - entp->file, subject); > + file, subject); > goto badcert; > } > if ((notAfter = X509_get_notAfter(x509)) == NULL) { > warnx("%s: certificate has invalid notAfter, subject='%s'", > - entp->file, subject); > + file, subject); > goto badcert; > } > if (X509_cmp_current_time(notBefore) != -1) { > - warnx("%s: certificate not yet valid, subject='%s'", entp->file, > + warnx("%s: certificate not yet valid, subject='%s'", file, > subject); > goto badcert; > } > if (X509_cmp_current_time(notAfter) != 1) { > - warnx("%s: certificate has expired, subject='%s'", entp->file, > + warnx("%s: certificate has expired, subject='%s'", file, > subject); > goto badcert; > } > - if (!valid_ta(entp->file, &auths, cert)) { > + if (!valid_ta(file, &auths, cert)) { > warnx("%s: certificate not a valid ta, subject='%s'", > - entp->file, subject); > + file, subject); > goto badcert; > } > > X509_free(x509); > > - cert->talid = entp->talid; > + cert->talid = talid; > > /* > * Add valid roots to the RPKI auth tree. > @@ -589,7 +585,9 @@ parse_entity(struct entityq *q, struct m > break; > case RTYPE_CER: > if (entp->data != NULL) > - cert = proc_parser_root_cert(entp, f, flen); > + cert = proc_parser_root_cert(entp->file, > + f, flen, entp->data, entp->datasz, > + entp->talid); > else > cert = proc_parser_cert(entp->file, f, flen); > c = (cert != NULL); >