Re: rpki-client and non-existing files
Claudio Jeker wrote: > On Wed, Apr 01, 2020 at 01:06:21PM +0200, Claudio Jeker wrote: > > Currently rpki-client logs missing files like this: > > > > rpki-client: ...trace: error:02FFF002:system library:func(4095):No such > > file or directory > > rpki-client: ...trace: error:20FFF080:BIO routines:CRYPTO_internal:no such > > file > > rpki-client: > > rpki.cnnic.cn/rpki/A9162E3D/515/FE-4PMY9qqTI2aJ0xLDm7cD-fvw.mft: > > BIO_new_file > > > > Yes, you need to read the errors in reverse and even then the errors are > > just hard to read. > > > > This ugly format is mostly to blame on the error stack of OpenSSL. > > As a workaround I switched to using fopen() and then BIO_new_fd() > > which does the same thing but allows me to get a nice error from fopen(): > > > > rpki-client: > > rpki.cnnic.cn/rpki/A9162E3D/515/FE-4PMY9qqTI2aJ0xLDm7cD-fvw.mft: fopen: > > No such file or directory > > > > Any opinions? > > This diff removes the fopen: from the warn string: > > rpki-client: > rpki.cnnic.cn/rpki/A9162E3D/515/FE-4PMY9qqTI2aJ0xLDm7cD-fvw.mft: No such > file or directory > > This is more in form with e.g. > > rpki-client: > rpki-repo.registro.br/repo/D81aiXpDAv5WBmgE8oEpfordjGP62otn2fHrhaL4cgby/0/3137372e3133302e302e302f32302d3234203d3e203238323630.roa: > CRL has expired thank you, it was driving me crazy.
Re: rpki-client and non-existing files
On Wed, Apr 01, 2020 at 09:42:42PM +0200, Sebastian Benoit wrote: > ok > > you remove the "if (verbose > 0)" in the cms_parse_validate() case on > purpose? Yes, since we use rpki-client in cron with the magic -n prefix it would be nice to have enough verbosity to know why the process failed without having to run rpki-client -v. So I kind of walked back from the rpki-client must be silent by default unless a bad error happens case. > Claudio Jeker(cje...@diehard.n-r-g.com) on 2020.04.01 16:33:44 +0200: > > On Wed, Apr 01, 2020 at 01:06:21PM +0200, Claudio Jeker wrote: > > > Currently rpki-client logs missing files like this: > > > > > > rpki-client: ...trace: error:02FFF002:system library:func(4095):No such > > > file or directory > > > rpki-client: ...trace: error:20FFF080:BIO routines:CRYPTO_internal:no > > > such file > > > rpki-client: > > > rpki.cnnic.cn/rpki/A9162E3D/515/FE-4PMY9qqTI2aJ0xLDm7cD-fvw.mft: > > > BIO_new_file > > > > > > Yes, you need to read the errors in reverse and even then the errors are > > > just hard to read. > > > > > > This ugly format is mostly to blame on the error stack of OpenSSL. > > > As a workaround I switched to using fopen() and then BIO_new_fd() > > > which does the same thing but allows me to get a nice error from fopen(): > > > > > > rpki-client: > > > rpki.cnnic.cn/rpki/A9162E3D/515/FE-4PMY9qqTI2aJ0xLDm7cD-fvw.mft: > > > fopen: No such file or directory > > > > > > Any opinions? > > > > This diff removes the fopen: from the warn string: > > > > rpki-client: > > rpki.cnnic.cn/rpki/A9162E3D/515/FE-4PMY9qqTI2aJ0xLDm7cD-fvw.mft: No > > such file or directory > > > > This is more in form with e.g. > > > > rpki-client: > > rpki-repo.registro.br/repo/D81aiXpDAv5WBmgE8oEpfordjGP62otn2fHrhaL4cgby/0/3137372e3133302e302e302f32302d3234203d3e203238323630.roa: > > CRL has expired > > > > -- > > :wq Claudio > > > > Index: cert.c > > === > > RCS file: /cvs/src/usr.sbin/rpki-client/cert.c,v > > retrieving revision 1.14 > > diff -u -p -r1.14 cert.c > > --- cert.c 26 Feb 2020 02:35:08 - 1.14 > > +++ cert.c 1 Apr 2020 14:28:29 - > > @@ -930,12 +930,18 @@ cert_parse_inner(X509 **xp, const char * > > ASN1_OBJECT *obj; > > struct parse p; > > BIO *bio = NULL, *shamd; > > + FILE*f; > > EVP_MD *md; > > char mdbuf[EVP_MAX_MD_SIZE]; > > > > *xp = NULL; > > > > - if ((bio = BIO_new_file(fn, "rb")) == NULL) { > > + if ((f = fopen(fn, "rb")) == NULL) { > > + warn("%s", fn); > > + return NULL; > > + } > > + > > + if ((bio = BIO_new_fp(f, BIO_CLOSE)) == NULL) { > > if (verbose > 0) > > cryptowarnx("%s: BIO_new_file", fn); > > return NULL; > > Index: cms.c > > === > > RCS file: /cvs/src/usr.sbin/rpki-client/cms.c,v > > retrieving revision 1.6 > > diff -u -p -r1.6 cms.c > > --- cms.c 29 Nov 2019 05:14:11 - 1.6 > > +++ cms.c 1 Apr 2020 14:28:34 - > > @@ -42,6 +42,7 @@ cms_parse_validate(X509 **xp, const char > > ASN1_OCTET_STRING **os = NULL; > > BIO *bio = NULL, *shamd; > > CMS_ContentInfo *cms; > > + FILE*f; > > char buf[128], mdbuf[EVP_MAX_MD_SIZE]; > > int rc = 0, sz; > > STACK_OF(X509) *certs = NULL; > > @@ -55,10 +56,13 @@ cms_parse_validate(X509 **xp, const char > > * This is usually fopen() failure, so let it pass through to > > * the handler, which will in turn ignore the entity. > > */ > > + if ((f = fopen(fn, "rb")) == NULL) { > > + warn("%s", fn); > > + return NULL; > > + } > > > > - if ((bio = BIO_new_file(fn, "rb")) == NULL) { > > - if (verbose > 0) > > - cryptowarnx("%s: BIO_new_file", fn); > > + if ((bio = BIO_new_fp(f, BIO_CLOSE)) == NULL) { > > + cryptowarnx("%s: BIO_new_fp", fn); > > return NULL; > > } > > > > Index: crl.c > > === > > RCS file: /cvs/src/usr.sbin/rpki-client/crl.c,v > > retrieving revision 1.7 > > diff -u -p -r1.7 crl.c > > --- crl.c 29 Nov 2019 04:40:04 - 1.7 > > +++ crl.c 1 Apr 2020 14:28:41 - > > @@ -36,10 +36,16 @@ crl_parse(const char *fn, const unsigned > > int rc = 0, sz; > > X509_CRL*x = NULL; > > BIO *bio = NULL, *shamd; > > + FILE*f; > > EVP_MD *md; > > char mdbuf[EVP_MAX_MD_SIZE]; > > > > - if ((bio = BIO_new_file(fn, "rb")) == NULL) { > > + if ((f = fopen(fn, "rb")) == NULL) { > > + warn("%s", fn); > > + return NULL; > > + } > > + > > + if ((bio = BIO_new_fp(f, BIO_CLOSE)) == NULL) {
Re: rpki-client and non-existing files
ok you remove the "if (verbose > 0)" in the cms_parse_validate() case on purpose? Claudio Jeker(cje...@diehard.n-r-g.com) on 2020.04.01 16:33:44 +0200: > On Wed, Apr 01, 2020 at 01:06:21PM +0200, Claudio Jeker wrote: > > Currently rpki-client logs missing files like this: > > > > rpki-client: ...trace: error:02FFF002:system library:func(4095):No such > > file or directory > > rpki-client: ...trace: error:20FFF080:BIO routines:CRYPTO_internal:no such > > file > > rpki-client: > > rpki.cnnic.cn/rpki/A9162E3D/515/FE-4PMY9qqTI2aJ0xLDm7cD-fvw.mft: > > BIO_new_file > > > > Yes, you need to read the errors in reverse and even then the errors are > > just hard to read. > > > > This ugly format is mostly to blame on the error stack of OpenSSL. > > As a workaround I switched to using fopen() and then BIO_new_fd() > > which does the same thing but allows me to get a nice error from fopen(): > > > > rpki-client: > > rpki.cnnic.cn/rpki/A9162E3D/515/FE-4PMY9qqTI2aJ0xLDm7cD-fvw.mft: fopen: > > No such file or directory > > > > Any opinions? > > This diff removes the fopen: from the warn string: > > rpki-client: > rpki.cnnic.cn/rpki/A9162E3D/515/FE-4PMY9qqTI2aJ0xLDm7cD-fvw.mft: No such > file or directory > > This is more in form with e.g. > > rpki-client: > rpki-repo.registro.br/repo/D81aiXpDAv5WBmgE8oEpfordjGP62otn2fHrhaL4cgby/0/3137372e3133302e302e302f32302d3234203d3e203238323630.roa: > CRL has expired > > -- > :wq Claudio > > Index: cert.c > === > RCS file: /cvs/src/usr.sbin/rpki-client/cert.c,v > retrieving revision 1.14 > diff -u -p -r1.14 cert.c > --- cert.c26 Feb 2020 02:35:08 - 1.14 > +++ cert.c1 Apr 2020 14:28:29 - > @@ -930,12 +930,18 @@ cert_parse_inner(X509 **xp, const char * > ASN1_OBJECT *obj; > struct parse p; > BIO *bio = NULL, *shamd; > + FILE*f; > EVP_MD *md; > char mdbuf[EVP_MAX_MD_SIZE]; > > *xp = NULL; > > - if ((bio = BIO_new_file(fn, "rb")) == NULL) { > + if ((f = fopen(fn, "rb")) == NULL) { > + warn("%s", fn); > + return NULL; > + } > + > + if ((bio = BIO_new_fp(f, BIO_CLOSE)) == NULL) { > if (verbose > 0) > cryptowarnx("%s: BIO_new_file", fn); > return NULL; > Index: cms.c > === > RCS file: /cvs/src/usr.sbin/rpki-client/cms.c,v > retrieving revision 1.6 > diff -u -p -r1.6 cms.c > --- cms.c 29 Nov 2019 05:14:11 - 1.6 > +++ cms.c 1 Apr 2020 14:28:34 - > @@ -42,6 +42,7 @@ cms_parse_validate(X509 **xp, const char > ASN1_OCTET_STRING **os = NULL; > BIO *bio = NULL, *shamd; > CMS_ContentInfo *cms; > + FILE*f; > char buf[128], mdbuf[EVP_MAX_MD_SIZE]; > int rc = 0, sz; > STACK_OF(X509) *certs = NULL; > @@ -55,10 +56,13 @@ cms_parse_validate(X509 **xp, const char >* This is usually fopen() failure, so let it pass through to >* the handler, which will in turn ignore the entity. >*/ > + if ((f = fopen(fn, "rb")) == NULL) { > + warn("%s", fn); > + return NULL; > + } > > - if ((bio = BIO_new_file(fn, "rb")) == NULL) { > - if (verbose > 0) > - cryptowarnx("%s: BIO_new_file", fn); > + if ((bio = BIO_new_fp(f, BIO_CLOSE)) == NULL) { > + cryptowarnx("%s: BIO_new_fp", fn); > return NULL; > } > > Index: crl.c > === > RCS file: /cvs/src/usr.sbin/rpki-client/crl.c,v > retrieving revision 1.7 > diff -u -p -r1.7 crl.c > --- crl.c 29 Nov 2019 04:40:04 - 1.7 > +++ crl.c 1 Apr 2020 14:28:41 - > @@ -36,10 +36,16 @@ crl_parse(const char *fn, const unsigned > int rc = 0, sz; > X509_CRL*x = NULL; > BIO *bio = NULL, *shamd; > + FILE*f; > EVP_MD *md; > char mdbuf[EVP_MAX_MD_SIZE]; > > - if ((bio = BIO_new_file(fn, "rb")) == NULL) { > + if ((f = fopen(fn, "rb")) == NULL) { > + warn("%s", fn); > + return NULL; > + } > + > + if ((bio = BIO_new_fp(f, BIO_CLOSE)) == NULL) { > if (verbose > 0) > cryptowarnx("%s: BIO_new_file", fn); > return NULL; >
Re: rpki-client and non-existing files
On Wed, Apr 01, 2020 at 01:06:21PM +0200, Claudio Jeker wrote: > Currently rpki-client logs missing files like this: > > rpki-client: ...trace: error:02FFF002:system library:func(4095):No such file > or directory > rpki-client: ...trace: error:20FFF080:BIO routines:CRYPTO_internal:no such > file > rpki-client: > rpki.cnnic.cn/rpki/A9162E3D/515/FE-4PMY9qqTI2aJ0xLDm7cD-fvw.mft: > BIO_new_file > > Yes, you need to read the errors in reverse and even then the errors are > just hard to read. > > This ugly format is mostly to blame on the error stack of OpenSSL. > As a workaround I switched to using fopen() and then BIO_new_fd() > which does the same thing but allows me to get a nice error from fopen(): > > rpki-client: > rpki.cnnic.cn/rpki/A9162E3D/515/FE-4PMY9qqTI2aJ0xLDm7cD-fvw.mft: fopen: > No such file or directory > > Any opinions? This diff removes the fopen: from the warn string: rpki-client: rpki.cnnic.cn/rpki/A9162E3D/515/FE-4PMY9qqTI2aJ0xLDm7cD-fvw.mft: No such file or directory This is more in form with e.g. rpki-client: rpki-repo.registro.br/repo/D81aiXpDAv5WBmgE8oEpfordjGP62otn2fHrhaL4cgby/0/3137372e3133302e302e302f32302d3234203d3e203238323630.roa: CRL has expired -- :wq Claudio Index: cert.c === RCS file: /cvs/src/usr.sbin/rpki-client/cert.c,v retrieving revision 1.14 diff -u -p -r1.14 cert.c --- cert.c 26 Feb 2020 02:35:08 - 1.14 +++ cert.c 1 Apr 2020 14:28:29 - @@ -930,12 +930,18 @@ cert_parse_inner(X509 **xp, const char * ASN1_OBJECT *obj; struct parse p; BIO *bio = NULL, *shamd; + FILE*f; EVP_MD *md; char mdbuf[EVP_MAX_MD_SIZE]; *xp = NULL; - if ((bio = BIO_new_file(fn, "rb")) == NULL) { + if ((f = fopen(fn, "rb")) == NULL) { + warn("%s", fn); + return NULL; + } + + if ((bio = BIO_new_fp(f, BIO_CLOSE)) == NULL) { if (verbose > 0) cryptowarnx("%s: BIO_new_file", fn); return NULL; Index: cms.c === RCS file: /cvs/src/usr.sbin/rpki-client/cms.c,v retrieving revision 1.6 diff -u -p -r1.6 cms.c --- cms.c 29 Nov 2019 05:14:11 - 1.6 +++ cms.c 1 Apr 2020 14:28:34 - @@ -42,6 +42,7 @@ cms_parse_validate(X509 **xp, const char ASN1_OCTET_STRING **os = NULL; BIO *bio = NULL, *shamd; CMS_ContentInfo *cms; + FILE*f; char buf[128], mdbuf[EVP_MAX_MD_SIZE]; int rc = 0, sz; STACK_OF(X509) *certs = NULL; @@ -55,10 +56,13 @@ cms_parse_validate(X509 **xp, const char * This is usually fopen() failure, so let it pass through to * the handler, which will in turn ignore the entity. */ + if ((f = fopen(fn, "rb")) == NULL) { + warn("%s", fn); + return NULL; + } - if ((bio = BIO_new_file(fn, "rb")) == NULL) { - if (verbose > 0) - cryptowarnx("%s: BIO_new_file", fn); + if ((bio = BIO_new_fp(f, BIO_CLOSE)) == NULL) { + cryptowarnx("%s: BIO_new_fp", fn); return NULL; } Index: crl.c === RCS file: /cvs/src/usr.sbin/rpki-client/crl.c,v retrieving revision 1.7 diff -u -p -r1.7 crl.c --- crl.c 29 Nov 2019 04:40:04 - 1.7 +++ crl.c 1 Apr 2020 14:28:41 - @@ -36,10 +36,16 @@ crl_parse(const char *fn, const unsigned int rc = 0, sz; X509_CRL*x = NULL; BIO *bio = NULL, *shamd; + FILE*f; EVP_MD *md; char mdbuf[EVP_MAX_MD_SIZE]; - if ((bio = BIO_new_file(fn, "rb")) == NULL) { + if ((f = fopen(fn, "rb")) == NULL) { + warn("%s", fn); + return NULL; + } + + if ((bio = BIO_new_fp(f, BIO_CLOSE)) == NULL) { if (verbose > 0) cryptowarnx("%s: BIO_new_file", fn); return NULL;