> From: Greg Steuck
> Date: Mon, 10 Jan 2022 20:59:17 -0800
>
> Greg Steuck writes:
>
> > This failure can be reduced to a trivial program which does change
> > its behavior for the worse if s_cos.S is taken out:
> >
> > #include
> > #include
> >
> > int main(int a, char**b) {
> > double
How X509_verify_cert() is called in rpki-client is mostly the same in all
places so move all this X509 boilerplate into valid_x509().
This simplifies the x509 validation in the parser a fair but and will also
make it easier for -f to validate certs.
OK?
--
:wq Claudio
Index: parser.c
On Tue, Jan 18, 2022 at 02:09:08PM +0100, Theo Buehler wrote:
> On Tue, Jan 18, 2022 at 12:16:44PM +0100, Claudio Jeker wrote:
> > How X509_verify_cert() is called in rpki-client is mostly the same in all
> > places so move all this X509 boilerplate into valid_x509().
> >
> > This simplifies the
Hi,
On SDHC version 3.0 controllers the divisor doesn't have to be a power
of two, but can be a multiple of two. This means we can get a lot
closer to the target clock.
E.g. to reach 400 kHz on a 200 MHz bus clock, the old mechanism would
take 512 as divisor (== 390.612 kHz) while the new
On Tue, Jan 18, 2022 at 12:16:44PM +0100, Claudio Jeker wrote:
> How X509_verify_cert() is called in rpki-client is mostly the same in all
> places so move all this X509 boilerplate into valid_x509().
>
> This simplifies the x509 validation in the parser a fair but and will also
> make it easier
On 18/01/22(Tue) 04:38, Klemens Nanni wrote:
> While intended for more architectures, DDBPROF is strictly amd64 and
> i386 only, so the machine-independent sys/conf/GENERIC does not seem fit
> (until all architectures are supported).
This define should die. There's no need to polish this turd.
UNIX does not let you get the path from an open file descriptor. It is not
possible to give this information reliably so you can't provide an API.
While a inode may exist a path to that inode may not. This is the case for
a file that is replaced or deleted while open.
Some systems give people a
Use a common x509_init_oid() function to initalize all OID (convert them
to NIDs). I prefer this over having them spread out all over the place.
OK?
--
:wq Claudio
Index: cert.c
===
RCS file: /cvs/src/usr.sbin/rpki-client/cert.c,v
On Tue, Jan 18, 2022 at 12:04:28PM +0100, Claudio Jeker wrote:
> Use a common x509_init_oid() function to initalize all OID (convert them
> to NIDs). I prefer this over having them spread out all over the place.
Yes, that's better.
ok tb
On Tue, Jan 18, 2022 at 04:16:17PM +0100, Claudio Jeker wrote:
> This diff cleans up cert.c a bit.
>
> It removes the X509 handle from cert_parse() and ta_parse(). Callers
> should instead use cert->x509. No need to double the work on us here.
I never understood the point of this handle and I
This diff cleans up cert.c a bit.
It removes the X509 handle from cert_parse() and ta_parse(). Callers
should instead use cert->x509. No need to double the work on us here.
While there switch auth_insert() to a void function. This function can
not fail. Again the result is simpler code in
On Tue, Jan 18, 2022 at 05:39:07PM +0100, Claudio Jeker wrote:
> On Tue, Jan 18, 2022 at 05:20:45PM +0100, Theo Buehler wrote:
> > On Tue, Jan 18, 2022 at 04:16:17PM +0100, Claudio Jeker wrote:
> > > This diff cleans up cert.c a bit.
> > >
> > > It removes the X509 handle from cert_parse() and
On Tue, Jan 18, 2022 at 05:20:45PM +0100, Theo Buehler wrote:
> On Tue, Jan 18, 2022 at 04:16:17PM +0100, Claudio Jeker wrote:
> > This diff cleans up cert.c a bit.
> >
> > It removes the X509 handle from cert_parse() and ta_parse(). Callers
> > should instead use cert->x509. No need to double
On Tue, Jan 18, 2022 at 06:46:35PM +0100, Theo Buehler wrote:
> On Tue, Jan 18, 2022 at 06:38:46PM +0100, Claudio Jeker wrote:
> > This is a follow up to the valid_x509() commit form earlier today.
> > tb@ suggested that the crl check should be grouped together.
> > After some thought I decided to
On Tue, Jan 18, 2022 at 06:38:46PM +0100, Claudio Jeker wrote:
> This is a follow up to the valid_x509() commit form earlier today.
> tb@ suggested that the crl check should be grouped together.
> After some thought I decided to do this all different.
> First of all introduce a checkcrl flag which
> I will commit this version in a bit (once rpki-client finished its run).
I like this approach a lot better. ok
One small comment below.
> --
> :wq Claudio
>
> Index: parser.c
> ===
> RCS file:
remove unused variable from all copies of _asr_strdname() and print_dname()
This also fixes -Wunused-but-set-variable warnings warnings in smtpd
and smtpctl. The code was imported with asr and then copied around.
ok?
M lib/libc/asr/asr.c
M regress/lib/libc/asr/bin/res_mkquery.c
M
This is a follow up to the valid_x509() commit form earlier today.
tb@ suggested that the crl check should be grouped together.
After some thought I decided to do this all different.
First of all introduce a checkcrl flag which turns on
X509_V_FLAG_CRL_CHECK. This prevents code that expects a CRL
On Tue, Jan 18, 2022 at 07:15:54PM +0100, Theo Buehler wrote:
> > I will commit this version in a bit (once rpki-client finished its run).
>
> I like this approach a lot better. ok
>
> One small comment below.
>
> > --
> > :wq Claudio
> >
> > Index: parser.c
> >
Mark Kettenis writes:
>> I went looking for why things are better on FreeBSD and they have a
>> different (simpler) implementation of cos. I copied it over. Given the
>> common provenance, I expect the copyright situation to be unambiguous.
>
> I think you will also need the changes done in
20 matches
Mail list logo