On Wed, Apr 01, 2020 at 01:06:21PM +0200, Claudio Jeker wrote:
> Currently rpki-client logs missing files like this:
>
> rpki-client: ...trace: error:02FFF002:system library:func(4095):No such file
> or directory
> rpki-client: ...trace: error:20FFF080:BIO routines:CRYPTO_internal:no such
> file
> rpki-client:
> rpki.cnnic.cn/rpki/A9162E3D0000/515/FE-4PMY9qqTI2aJ0xLDm7cD-fvw.mft:
> BIO_new_file
>
> Yes, you need to read the errors in reverse and even then the errors are
> just hard to read.
>
> This ugly format is mostly to blame on the error stack of OpenSSL.
> As a workaround I switched to using fopen() and then BIO_new_fd()
> which does the same thing but allows me to get a nice error from fopen():
>
> rpki-client:
> rpki.cnnic.cn/rpki/A9162E3D0000/515/FE-4PMY9qqTI2aJ0xLDm7cD-fvw.mft: fopen:
> No such file or directory
>
> Any opinions?
This diff removes the fopen: from the warn string:
rpki-client:
rpki.cnnic.cn/rpki/A9162E3D0000/515/FE-4PMY9qqTI2aJ0xLDm7cD-fvw.mft: No such
file or directory
This is more in form with e.g.
rpki-client:
rpki-repo.registro.br/repo/D81aiXpDAv5WBmgE8oEpfordjGP62otn2fHrhaL4cgby/0/3137372e3133302e302e302f32302d3234203d3e203238323630.roa:
CRL has expired
--
:wq Claudio
Index: cert.c
===================================================================
RCS file: /cvs/src/usr.sbin/rpki-client/cert.c,v
retrieving revision 1.14
diff -u -p -r1.14 cert.c
--- cert.c 26 Feb 2020 02:35:08 -0000 1.14
+++ cert.c 1 Apr 2020 14:28:29 -0000
@@ -930,12 +930,18 @@ cert_parse_inner(X509 **xp, const char *
ASN1_OBJECT *obj;
struct parse p;
BIO *bio = NULL, *shamd;
+ FILE *f;
EVP_MD *md;
char mdbuf[EVP_MAX_MD_SIZE];
*xp = NULL;
- if ((bio = BIO_new_file(fn, "rb")) == NULL) {
+ if ((f = fopen(fn, "rb")) == NULL) {
+ warn("%s", fn);
+ return NULL;
+ }
+
+ if ((bio = BIO_new_fp(f, BIO_CLOSE)) == NULL) {
if (verbose > 0)
cryptowarnx("%s: BIO_new_file", fn);
return NULL;
Index: cms.c
===================================================================
RCS file: /cvs/src/usr.sbin/rpki-client/cms.c,v
retrieving revision 1.6
diff -u -p -r1.6 cms.c
--- cms.c 29 Nov 2019 05:14:11 -0000 1.6
+++ cms.c 1 Apr 2020 14:28:34 -0000
@@ -42,6 +42,7 @@ cms_parse_validate(X509 **xp, const char
ASN1_OCTET_STRING **os = NULL;
BIO *bio = NULL, *shamd;
CMS_ContentInfo *cms;
+ FILE *f;
char buf[128], mdbuf[EVP_MAX_MD_SIZE];
int rc = 0, sz;
STACK_OF(X509) *certs = NULL;
@@ -55,10 +56,13 @@ cms_parse_validate(X509 **xp, const char
* This is usually fopen() failure, so let it pass through to
* the handler, which will in turn ignore the entity.
*/
+ if ((f = fopen(fn, "rb")) == NULL) {
+ warn("%s", fn);
+ return NULL;
+ }
- if ((bio = BIO_new_file(fn, "rb")) == NULL) {
- if (verbose > 0)
- cryptowarnx("%s: BIO_new_file", fn);
+ if ((bio = BIO_new_fp(f, BIO_CLOSE)) == NULL) {
+ cryptowarnx("%s: BIO_new_fp", fn);
return NULL;
}
Index: crl.c
===================================================================
RCS file: /cvs/src/usr.sbin/rpki-client/crl.c,v
retrieving revision 1.7
diff -u -p -r1.7 crl.c
--- crl.c 29 Nov 2019 04:40:04 -0000 1.7
+++ crl.c 1 Apr 2020 14:28:41 -0000
@@ -36,10 +36,16 @@ crl_parse(const char *fn, const unsigned
int rc = 0, sz;
X509_CRL *x = NULL;
BIO *bio = NULL, *shamd;
+ FILE *f;
EVP_MD *md;
char mdbuf[EVP_MAX_MD_SIZE];
- if ((bio = BIO_new_file(fn, "rb")) == NULL) {
+ if ((f = fopen(fn, "rb")) == NULL) {
+ warn("%s", fn);
+ return NULL;
+ }
+
+ if ((bio = BIO_new_fp(f, BIO_CLOSE)) == NULL) {
if (verbose > 0)
cryptowarnx("%s: BIO_new_file", fn);
return NULL;
