Re: rpki-client and non-existing files
Claudio Jeker wrote: > On Wed, Apr 01, 2020 at 01:06:21PM +0200, Claudio Jeker wrote: > > Currently rpki-client logs missing files like this: > > > > rpki-client: ...trace: error:02FFF002:system library:func(4095):No such > > file or directory > > rpki-client: ...trace: error:20FFF080:BIO routines:CRYPTO_internal:no such > > file > > rpki-client: > > rpki.cnnic.cn/rpki/A9162E3D/515/FE-4PMY9qqTI2aJ0xLDm7cD-fvw.mft: > > BIO_new_file > > > > Yes, you need to read the errors in reverse and even then the errors are > > just hard to read. > > > > This ugly format is mostly to blame on the error stack of OpenSSL. > > As a workaround I switched to using fopen() and then BIO_new_fd() > > which does the same thing but allows me to get a nice error from fopen(): > > > > rpki-client: > > rpki.cnnic.cn/rpki/A9162E3D/515/FE-4PMY9qqTI2aJ0xLDm7cD-fvw.mft: fopen: > > No such file or directory > > > > Any opinions? > > This diff removes the fopen: from the warn string: > > rpki-client: > rpki.cnnic.cn/rpki/A9162E3D/515/FE-4PMY9qqTI2aJ0xLDm7cD-fvw.mft: No such > file or directory > > This is more in form with e.g. > > rpki-client: > rpki-repo.registro.br/repo/D81aiXpDAv5WBmgE8oEpfordjGP62otn2fHrhaL4cgby/0/3137372e3133302e302e302f32302d3234203d3e203238323630.roa: > CRL has expired thank you, it was driving me crazy.
Re: rpki-client and non-existing files
On Wed, Apr 01, 2020 at 09:42:42PM +0200, Sebastian Benoit wrote:
> ok
>
> you remove the "if (verbose > 0)" in the cms_parse_validate() case on
> purpose?
Yes, since we use rpki-client in cron with the magic -n prefix it would be
nice to have enough verbosity to know why the process failed without
having to run rpki-client -v. So I kind of walked back from the
rpki-client must be silent by default unless a bad error happens case.
> Claudio Jeker(cje...@diehard.n-r-g.com) on 2020.04.01 16:33:44 +0200:
> > On Wed, Apr 01, 2020 at 01:06:21PM +0200, Claudio Jeker wrote:
> > > Currently rpki-client logs missing files like this:
> > >
> > > rpki-client: ...trace: error:02FFF002:system library:func(4095):No such
> > > file or directory
> > > rpki-client: ...trace: error:20FFF080:BIO routines:CRYPTO_internal:no
> > > such file
> > > rpki-client:
> > > rpki.cnnic.cn/rpki/A9162E3D/515/FE-4PMY9qqTI2aJ0xLDm7cD-fvw.mft:
> > > BIO_new_file
> > >
> > > Yes, you need to read the errors in reverse and even then the errors are
> > > just hard to read.
> > >
> > > This ugly format is mostly to blame on the error stack of OpenSSL.
> > > As a workaround I switched to using fopen() and then BIO_new_fd()
> > > which does the same thing but allows me to get a nice error from fopen():
> > >
> > > rpki-client:
> > > rpki.cnnic.cn/rpki/A9162E3D/515/FE-4PMY9qqTI2aJ0xLDm7cD-fvw.mft:
> > > fopen: No such file or directory
> > >
> > > Any opinions?
> >
> > This diff removes the fopen: from the warn string:
> >
> > rpki-client:
> > rpki.cnnic.cn/rpki/A9162E3D/515/FE-4PMY9qqTI2aJ0xLDm7cD-fvw.mft: No
> > such file or directory
> >
> > This is more in form with e.g.
> >
> > rpki-client:
> > rpki-repo.registro.br/repo/D81aiXpDAv5WBmgE8oEpfordjGP62otn2fHrhaL4cgby/0/3137372e3133302e302e302f32302d3234203d3e203238323630.roa:
> > CRL has expired
> >
> > --
> > :wq Claudio
> >
> > Index: cert.c
> > ===
> > RCS file: /cvs/src/usr.sbin/rpki-client/cert.c,v
> > retrieving revision 1.14
> > diff -u -p -r1.14 cert.c
> > --- cert.c 26 Feb 2020 02:35:08 - 1.14
> > +++ cert.c 1 Apr 2020 14:28:29 -
> > @@ -930,12 +930,18 @@ cert_parse_inner(X509 **xp, const char *
> > ASN1_OBJECT *obj;
> > struct parse p;
> > BIO *bio = NULL, *shamd;
> > + FILE*f;
> > EVP_MD *md;
> > char mdbuf[EVP_MAX_MD_SIZE];
> >
> > *xp = NULL;
> >
> > - if ((bio = BIO_new_file(fn, "rb")) == NULL) {
> > + if ((f = fopen(fn, "rb")) == NULL) {
> > + warn("%s", fn);
> > + return NULL;
> > + }
> > +
> > + if ((bio = BIO_new_fp(f, BIO_CLOSE)) == NULL) {
> > if (verbose > 0)
> > cryptowarnx("%s: BIO_new_file", fn);
> > return NULL;
> > Index: cms.c
> > ===
> > RCS file: /cvs/src/usr.sbin/rpki-client/cms.c,v
> > retrieving revision 1.6
> > diff -u -p -r1.6 cms.c
> > --- cms.c 29 Nov 2019 05:14:11 - 1.6
> > +++ cms.c 1 Apr 2020 14:28:34 -
> > @@ -42,6 +42,7 @@ cms_parse_validate(X509 **xp, const char
> > ASN1_OCTET_STRING **os = NULL;
> > BIO *bio = NULL, *shamd;
> > CMS_ContentInfo *cms;
> > + FILE*f;
> > char buf[128], mdbuf[EVP_MAX_MD_SIZE];
> > int rc = 0, sz;
> > STACK_OF(X509) *certs = NULL;
> > @@ -55,10 +56,13 @@ cms_parse_validate(X509 **xp, const char
> > * This is usually fopen() failure, so let it pass through to
> > * the handler, which will in turn ignore the entity.
> > */
> > + if ((f = fopen(fn, "rb")) == NULL) {
> > + warn("%s", fn);
> > + return NULL;
> > + }
> >
> > - if ((bio = BIO_new_file(fn, "rb")) == NULL) {
> > - if (verbose > 0)
> > - cryptowarnx("%s: BIO_new_file", fn);
> > + if ((bio = BIO_new_fp(f, BIO_CLOSE)) == NULL) {
> > + cryptowarnx("%s: BIO_new_fp", fn);
> > return NULL;
> > }
> >
> > Index: crl.c
> > ===
> > RCS file: /cvs/src/usr.sbin/rpki-client/crl.c,v
> > retrieving revision 1.7
> > diff -u -p -r1.7 crl.c
> > --- crl.c 29 Nov 2019 04:40:04 - 1.7
> > +++ crl.c 1 Apr 2020 14:28:41 -
> > @@ -36,10 +36,16 @@ crl_parse(const char *fn, const unsigned
> > int rc = 0, sz;
> > X509_CRL*x = NULL;
> > BIO *bio = NULL, *shamd;
> > + FILE*f;
> > EVP_MD *md;
> > char mdbuf[EVP_MAX_MD_SIZE];
> >
> > - if ((bio = BIO_new_file(fn, "rb")) == NULL) {
> > + if ((f = fopen(fn, "rb")) == NULL) {
> > + warn("%s", fn);
> > + return NULL;
> > + }
> > +
> > + if ((bio = BIO_new_fp(f, BIO_CLOSE)) == NULL) {
Re: rpki-client and non-existing files
ok
you remove the "if (verbose > 0)" in the cms_parse_validate() case on
purpose?
Claudio Jeker(cje...@diehard.n-r-g.com) on 2020.04.01 16:33:44 +0200:
> On Wed, Apr 01, 2020 at 01:06:21PM +0200, Claudio Jeker wrote:
> > Currently rpki-client logs missing files like this:
> >
> > rpki-client: ...trace: error:02FFF002:system library:func(4095):No such
> > file or directory
> > rpki-client: ...trace: error:20FFF080:BIO routines:CRYPTO_internal:no such
> > file
> > rpki-client:
> > rpki.cnnic.cn/rpki/A9162E3D/515/FE-4PMY9qqTI2aJ0xLDm7cD-fvw.mft:
> > BIO_new_file
> >
> > Yes, you need to read the errors in reverse and even then the errors are
> > just hard to read.
> >
> > This ugly format is mostly to blame on the error stack of OpenSSL.
> > As a workaround I switched to using fopen() and then BIO_new_fd()
> > which does the same thing but allows me to get a nice error from fopen():
> >
> > rpki-client:
> > rpki.cnnic.cn/rpki/A9162E3D/515/FE-4PMY9qqTI2aJ0xLDm7cD-fvw.mft: fopen:
> > No such file or directory
> >
> > Any opinions?
>
> This diff removes the fopen: from the warn string:
>
> rpki-client:
> rpki.cnnic.cn/rpki/A9162E3D/515/FE-4PMY9qqTI2aJ0xLDm7cD-fvw.mft: No such
> file or directory
>
> This is more in form with e.g.
>
> rpki-client:
> rpki-repo.registro.br/repo/D81aiXpDAv5WBmgE8oEpfordjGP62otn2fHrhaL4cgby/0/3137372e3133302e302e302f32302d3234203d3e203238323630.roa:
> CRL has expired
>
> --
> :wq Claudio
>
> Index: cert.c
> ===
> RCS file: /cvs/src/usr.sbin/rpki-client/cert.c,v
> retrieving revision 1.14
> diff -u -p -r1.14 cert.c
> --- cert.c26 Feb 2020 02:35:08 - 1.14
> +++ cert.c1 Apr 2020 14:28:29 -
> @@ -930,12 +930,18 @@ cert_parse_inner(X509 **xp, const char *
> ASN1_OBJECT *obj;
> struct parse p;
> BIO *bio = NULL, *shamd;
> + FILE*f;
> EVP_MD *md;
> char mdbuf[EVP_MAX_MD_SIZE];
>
> *xp = NULL;
>
> - if ((bio = BIO_new_file(fn, "rb")) == NULL) {
> + if ((f = fopen(fn, "rb")) == NULL) {
> + warn("%s", fn);
> + return NULL;
> + }
> +
> + if ((bio = BIO_new_fp(f, BIO_CLOSE)) == NULL) {
> if (verbose > 0)
> cryptowarnx("%s: BIO_new_file", fn);
> return NULL;
> Index: cms.c
> ===
> RCS file: /cvs/src/usr.sbin/rpki-client/cms.c,v
> retrieving revision 1.6
> diff -u -p -r1.6 cms.c
> --- cms.c 29 Nov 2019 05:14:11 - 1.6
> +++ cms.c 1 Apr 2020 14:28:34 -
> @@ -42,6 +42,7 @@ cms_parse_validate(X509 **xp, const char
> ASN1_OCTET_STRING **os = NULL;
> BIO *bio = NULL, *shamd;
> CMS_ContentInfo *cms;
> + FILE*f;
> char buf[128], mdbuf[EVP_MAX_MD_SIZE];
> int rc = 0, sz;
> STACK_OF(X509) *certs = NULL;
> @@ -55,10 +56,13 @@ cms_parse_validate(X509 **xp, const char
>* This is usually fopen() failure, so let it pass through to
>* the handler, which will in turn ignore the entity.
>*/
> + if ((f = fopen(fn, "rb")) == NULL) {
> + warn("%s", fn);
> + return NULL;
> + }
>
> - if ((bio = BIO_new_file(fn, "rb")) == NULL) {
> - if (verbose > 0)
> - cryptowarnx("%s: BIO_new_file", fn);
> + if ((bio = BIO_new_fp(f, BIO_CLOSE)) == NULL) {
> + cryptowarnx("%s: BIO_new_fp", fn);
> return NULL;
> }
>
> Index: crl.c
> ===
> RCS file: /cvs/src/usr.sbin/rpki-client/crl.c,v
> retrieving revision 1.7
> diff -u -p -r1.7 crl.c
> --- crl.c 29 Nov 2019 04:40:04 - 1.7
> +++ crl.c 1 Apr 2020 14:28:41 -
> @@ -36,10 +36,16 @@ crl_parse(const char *fn, const unsigned
> int rc = 0, sz;
> X509_CRL*x = NULL;
> BIO *bio = NULL, *shamd;
> + FILE*f;
> EVP_MD *md;
> char mdbuf[EVP_MAX_MD_SIZE];
>
> - if ((bio = BIO_new_file(fn, "rb")) == NULL) {
> + if ((f = fopen(fn, "rb")) == NULL) {
> + warn("%s", fn);
> + return NULL;
> + }
> +
> + if ((bio = BIO_new_fp(f, BIO_CLOSE)) == NULL) {
> if (verbose > 0)
> cryptowarnx("%s: BIO_new_file", fn);
> return NULL;
>
Re: rpki-client and non-existing files
On Wed, Apr 01, 2020 at 01:06:21PM +0200, Claudio Jeker wrote:
> Currently rpki-client logs missing files like this:
>
> rpki-client: ...trace: error:02FFF002:system library:func(4095):No such file
> or directory
> rpki-client: ...trace: error:20FFF080:BIO routines:CRYPTO_internal:no such
> file
> rpki-client:
> rpki.cnnic.cn/rpki/A9162E3D/515/FE-4PMY9qqTI2aJ0xLDm7cD-fvw.mft:
> BIO_new_file
>
> Yes, you need to read the errors in reverse and even then the errors are
> just hard to read.
>
> This ugly format is mostly to blame on the error stack of OpenSSL.
> As a workaround I switched to using fopen() and then BIO_new_fd()
> which does the same thing but allows me to get a nice error from fopen():
>
> rpki-client:
> rpki.cnnic.cn/rpki/A9162E3D/515/FE-4PMY9qqTI2aJ0xLDm7cD-fvw.mft: fopen:
> No such file or directory
>
> Any opinions?
This diff removes the fopen: from the warn string:
rpki-client:
rpki.cnnic.cn/rpki/A9162E3D/515/FE-4PMY9qqTI2aJ0xLDm7cD-fvw.mft: No such
file or directory
This is more in form with e.g.
rpki-client:
rpki-repo.registro.br/repo/D81aiXpDAv5WBmgE8oEpfordjGP62otn2fHrhaL4cgby/0/3137372e3133302e302e302f32302d3234203d3e203238323630.roa:
CRL has expired
--
:wq Claudio
Index: cert.c
===
RCS file: /cvs/src/usr.sbin/rpki-client/cert.c,v
retrieving revision 1.14
diff -u -p -r1.14 cert.c
--- cert.c 26 Feb 2020 02:35:08 - 1.14
+++ cert.c 1 Apr 2020 14:28:29 -
@@ -930,12 +930,18 @@ cert_parse_inner(X509 **xp, const char *
ASN1_OBJECT *obj;
struct parse p;
BIO *bio = NULL, *shamd;
+ FILE*f;
EVP_MD *md;
char mdbuf[EVP_MAX_MD_SIZE];
*xp = NULL;
- if ((bio = BIO_new_file(fn, "rb")) == NULL) {
+ if ((f = fopen(fn, "rb")) == NULL) {
+ warn("%s", fn);
+ return NULL;
+ }
+
+ if ((bio = BIO_new_fp(f, BIO_CLOSE)) == NULL) {
if (verbose > 0)
cryptowarnx("%s: BIO_new_file", fn);
return NULL;
Index: cms.c
===
RCS file: /cvs/src/usr.sbin/rpki-client/cms.c,v
retrieving revision 1.6
diff -u -p -r1.6 cms.c
--- cms.c 29 Nov 2019 05:14:11 - 1.6
+++ cms.c 1 Apr 2020 14:28:34 -
@@ -42,6 +42,7 @@ cms_parse_validate(X509 **xp, const char
ASN1_OCTET_STRING **os = NULL;
BIO *bio = NULL, *shamd;
CMS_ContentInfo *cms;
+ FILE*f;
char buf[128], mdbuf[EVP_MAX_MD_SIZE];
int rc = 0, sz;
STACK_OF(X509) *certs = NULL;
@@ -55,10 +56,13 @@ cms_parse_validate(X509 **xp, const char
* This is usually fopen() failure, so let it pass through to
* the handler, which will in turn ignore the entity.
*/
+ if ((f = fopen(fn, "rb")) == NULL) {
+ warn("%s", fn);
+ return NULL;
+ }
- if ((bio = BIO_new_file(fn, "rb")) == NULL) {
- if (verbose > 0)
- cryptowarnx("%s: BIO_new_file", fn);
+ if ((bio = BIO_new_fp(f, BIO_CLOSE)) == NULL) {
+ cryptowarnx("%s: BIO_new_fp", fn);
return NULL;
}
Index: crl.c
===
RCS file: /cvs/src/usr.sbin/rpki-client/crl.c,v
retrieving revision 1.7
diff -u -p -r1.7 crl.c
--- crl.c 29 Nov 2019 04:40:04 - 1.7
+++ crl.c 1 Apr 2020 14:28:41 -
@@ -36,10 +36,16 @@ crl_parse(const char *fn, const unsigned
int rc = 0, sz;
X509_CRL*x = NULL;
BIO *bio = NULL, *shamd;
+ FILE*f;
EVP_MD *md;
char mdbuf[EVP_MAX_MD_SIZE];
- if ((bio = BIO_new_file(fn, "rb")) == NULL) {
+ if ((f = fopen(fn, "rb")) == NULL) {
+ warn("%s", fn);
+ return NULL;
+ }
+
+ if ((bio = BIO_new_fp(f, BIO_CLOSE)) == NULL) {
if (verbose > 0)
cryptowarnx("%s: BIO_new_file", fn);
return NULL;
rpki-client and non-existing files
Currently rpki-client logs missing files like this:
rpki-client: ...trace: error:02FFF002:system library:func(4095):No such file
or directory
rpki-client: ...trace: error:20FFF080:BIO routines:CRYPTO_internal:no such file
rpki-client:
rpki.cnnic.cn/rpki/A9162E3D/515/FE-4PMY9qqTI2aJ0xLDm7cD-fvw.mft:
BIO_new_file
Yes, you need to read the errors in reverse and even then the errors are
just hard to read.
This ugly format is mostly to blame on the error stack of OpenSSL.
As a workaround I switched to using fopen() and then BIO_new_fd()
which does the same thing but allows me to get a nice error from fopen():
rpki-client:
rpki.cnnic.cn/rpki/A9162E3D/515/FE-4PMY9qqTI2aJ0xLDm7cD-fvw.mft: fopen: No
such file or directory
Any opinions?
--
:wq Claudio
Index: cert.c
===
RCS file: /cvs/src/usr.sbin/rpki-client/cert.c,v
retrieving revision 1.14
diff -u -p -r1.14 cert.c
--- cert.c 26 Feb 2020 02:35:08 - 1.14
+++ cert.c 30 Mar 2020 11:40:28 -
@@ -930,12 +930,18 @@ cert_parse_inner(X509 **xp, const char *
ASN1_OBJECT *obj;
struct parse p;
BIO *bio = NULL, *shamd;
+ FILE*f;
EVP_MD *md;
char mdbuf[EVP_MAX_MD_SIZE];
*xp = NULL;
- if ((bio = BIO_new_file(fn, "rb")) == NULL) {
+ if ((f = fopen(fn, "rb")) == NULL) {
+ warn("%s: fopen", fn);
+ return NULL;
+ }
+
+ if ((bio = BIO_new_fp(f, BIO_CLOSE)) == NULL) {
if (verbose > 0)
cryptowarnx("%s: BIO_new_file", fn);
return NULL;
Index: cms.c
===
RCS file: /cvs/src/usr.sbin/rpki-client/cms.c,v
retrieving revision 1.6
diff -u -p -r1.6 cms.c
--- cms.c 29 Nov 2019 05:14:11 - 1.6
+++ cms.c 30 Mar 2020 11:40:23 -
@@ -42,6 +42,7 @@ cms_parse_validate(X509 **xp, const char
ASN1_OCTET_STRING **os = NULL;
BIO *bio = NULL, *shamd;
CMS_ContentInfo *cms;
+ FILE*f;
char buf[128], mdbuf[EVP_MAX_MD_SIZE];
int rc = 0, sz;
STACK_OF(X509) *certs = NULL;
@@ -55,10 +56,13 @@ cms_parse_validate(X509 **xp, const char
* This is usually fopen() failure, so let it pass through to
* the handler, which will in turn ignore the entity.
*/
+ if ((f = fopen(fn, "rb")) == NULL) {
+ warn("%s: fopen", fn);
+ return NULL;
+ }
- if ((bio = BIO_new_file(fn, "rb")) == NULL) {
- if (verbose > 0)
- cryptowarnx("%s: BIO_new_file", fn);
+ if ((bio = BIO_new_fp(f, BIO_CLOSE)) == NULL) {
+ cryptowarnx("%s: BIO_new_fp", fn);
return NULL;
}
Index: crl.c
===
RCS file: /cvs/src/usr.sbin/rpki-client/crl.c,v
retrieving revision 1.7
diff -u -p -r1.7 crl.c
--- crl.c 29 Nov 2019 04:40:04 - 1.7
+++ crl.c 30 Mar 2020 11:40:32 -
@@ -36,10 +36,16 @@ crl_parse(const char *fn, const unsigned
int rc = 0, sz;
X509_CRL*x = NULL;
BIO *bio = NULL, *shamd;
+ FILE*f;
EVP_MD *md;
char mdbuf[EVP_MAX_MD_SIZE];
- if ((bio = BIO_new_file(fn, "rb")) == NULL) {
+ if ((f = fopen(fn, "rb")) == NULL) {
+ warn("%s: fopen", fn);
+ return NULL;
+ }
+
+ if ((bio = BIO_new_fp(f, BIO_CLOSE)) == NULL) {
if (verbose > 0)
cryptowarnx("%s: BIO_new_file", fn);
return NULL;
