Re: rpki-client and non-existing files
Claudio Jeker wrote: > On Wed, Apr 01, 2020 at 01:06:21PM +0200, Claudio Jeker wrote: > > Currently rpki-client logs missing files like this: > > > > rpki-client: ...trace: error:02FFF002:system library:func(4095):No such > > file or directory > > rpki-client: ...trace: error:20FFF080:BIO routines:CRYPTO_internal:no such > > file > > rpki-client: > > rpki.cnnic.cn/rpki/A9162E3D/515/FE-4PMY9qqTI2aJ0xLDm7cD-fvw.mft: > > BIO_new_file > > > > Yes, you need to read the errors in reverse and even then the errors are > > just hard to read. > > > > This ugly format is mostly to blame on the error stack of OpenSSL. > > As a workaround I switched to using fopen() and then BIO_new_fd() > > which does the same thing but allows me to get a nice error from fopen(): > > > > rpki-client: > > rpki.cnnic.cn/rpki/A9162E3D/515/FE-4PMY9qqTI2aJ0xLDm7cD-fvw.mft: fopen: > > No such file or directory > > > > Any opinions? > > This diff removes the fopen: from the warn string: > > rpki-client: > rpki.cnnic.cn/rpki/A9162E3D/515/FE-4PMY9qqTI2aJ0xLDm7cD-fvw.mft: No such > file or directory > > This is more in form with e.g. > > rpki-client: > rpki-repo.registro.br/repo/D81aiXpDAv5WBmgE8oEpfordjGP62otn2fHrhaL4cgby/0/3137372e3133302e302e302f32302d3234203d3e203238323630.roa: > CRL has expired thank you, it was driving me crazy.
Re: rpki-client and non-existing files
On Wed, Apr 01, 2020 at 09:42:42PM +0200, Sebastian Benoit wrote:
> ok
>
> you remove the "if (verbose > 0)" in the cms_parse_validate() case on
> purpose?
Yes, since we use rpki-client in cron with the magic -n prefix it would be
nice to have enough verbosity to know why the process failed without
having to run rpki-client -v. So I kind of walked back from the
rpki-client must be silent by default unless a bad error happens case.
> Claudio Jeker(cje...@diehard.n-r-g.com) on 2020.04.01 16:33:44 +0200:
> > On Wed, Apr 01, 2020 at 01:06:21PM +0200, Claudio Jeker wrote:
> > > Currently rpki-client logs missing files like this:
> > >
> > > rpki-client: ...trace: error:02FFF002:system library:func(4095):No such
> > > file or directory
> > > rpki-client: ...trace: error:20FFF080:BIO routines:CRYPTO_internal:no
> > > such file
> > > rpki-client:
> > > rpki.cnnic.cn/rpki/A9162E3D/515/FE-4PMY9qqTI2aJ0xLDm7cD-fvw.mft:
> > > BIO_new_file
> > >
> > > Yes, you need to read the errors in reverse and even then the errors are
> > > just hard to read.
> > >
> > > This ugly format is mostly to blame on the error stack of OpenSSL.
> > > As a workaround I switched to using fopen() and then BIO_new_fd()
> > > which does the same thing but allows me to get a nice error from fopen():
> > >
> > > rpki-client:
> > > rpki.cnnic.cn/rpki/A9162E3D/515/FE-4PMY9qqTI2aJ0xLDm7cD-fvw.mft:
> > > fopen: No such file or directory
> > >
> > > Any opinions?
> >
> > This diff removes the fopen: from the warn string:
> >
> > rpki-client:
> > rpki.cnnic.cn/rpki/A9162E3D/515/FE-4PMY9qqTI2aJ0xLDm7cD-fvw.mft: No
> > such file or directory
> >
> > This is more in form with e.g.
> >
> > rpki-client:
> > rpki-repo.registro.br/repo/D81aiXpDAv5WBmgE8oEpfordjGP62otn2fHrhaL4cgby/0/3137372e3133302e302e302f32302d3234203d3e203238323630.roa:
> > CRL has expired
> >
> > --
> > :wq Claudio
> >
> > Index: cert.c
> > ===
> > RCS file: /cvs/src/usr.sbin/rpki-client/cert.c,v
> > retrieving revision 1.14
> > diff -u -p -r1.14 cert.c
> > --- cert.c 26 Feb 2020 02:35:08 - 1.14
> > +++ cert.c 1 Apr 2020 14:28:29 -
> > @@ -930,12 +930,18 @@ cert_parse_inner(X509 **xp, const char *
> > ASN1_OBJECT *obj;
> > struct parse p;
> > BIO *bio = NULL, *shamd;
> > + FILE*f;
> > EVP_MD *md;
> > char mdbuf[EVP_MAX_MD_SIZE];
> >
> > *xp = NULL;
> >
> > - if ((bio = BIO_new_file(fn, "rb")) == NULL) {
> > + if ((f = fopen(fn, "rb")) == NULL) {
> > + warn("%s", fn);
> > + return NULL;
> > + }
> > +
> > + if ((bio = BIO_new_fp(f, BIO_CLOSE)) == NULL) {
> > if (verbose > 0)
> > cryptowarnx("%s: BIO_new_file", fn);
> > return NULL;
> > Index: cms.c
> > ===
> > RCS file: /cvs/src/usr.sbin/rpki-client/cms.c,v
> > retrieving revision 1.6
> > diff -u -p -r1.6 cms.c
> > --- cms.c 29 Nov 2019 05:14:11 - 1.6
> > +++ cms.c 1 Apr 2020 14:28:34 -
> > @@ -42,6 +42,7 @@ cms_parse_validate(X509 **xp, const char
> > ASN1_OCTET_STRING **os = NULL;
> > BIO *bio = NULL, *shamd;
> > CMS_ContentInfo *cms;
> > + FILE*f;
> > char buf[128], mdbuf[EVP_MAX_MD_SIZE];
> > int rc = 0, sz;
> > STACK_OF(X509) *certs = NULL;
> > @@ -55,10 +56,13 @@ cms_parse_validate(X509 **xp, const char
> > * This is usually fopen() failure, so let it pass through to
> > * the handler, which will in turn ignore the entity.
> > */
> > + if ((f = fopen(fn, "rb")) == NULL) {
> > + warn("%s", fn);
> > + return NULL;
> > + }
> >
> > - if ((bio = BIO_new_file(fn, "rb")) == NULL) {
> > - if (verbose > 0)
> > - cryptowarnx("%s: BIO_new_file", fn);
> > + if ((bio = BIO_new_fp(f, BIO_CLOSE)) == NULL) {
> > + cryptowarnx("%s: BIO_new_fp", fn);
> > return NULL;
> > }
> >
> > Index: crl.c
> > ===
> > RCS file: /cvs/src/usr.sbin/rpki-client/crl.c,v
> > retrieving revision 1.7
> > diff -u -p -r1.7 crl.c
> > --- crl.c 29 Nov 2019 04:40:04 - 1.7
> > +++ crl.c 1 Apr 2020 14:28:41 -
> > @@ -36,10 +36,16 @@ crl_parse(const char *fn, const unsigned
> > int rc = 0, sz;
> > X509_CRL*x = NULL;
> > BIO *bio = NULL, *shamd;
> > + FILE*f;
> > EVP_MD *md;
> > char mdbuf[EVP_MAX_MD_SIZE];
> >
> > - if ((bio = BIO_new_file(fn, "rb")) == NULL) {
> > + if ((f = fopen(fn, "rb")) == NULL) {
> > + warn("%s", fn);
> > + return NULL;
> > + }
> > +
> > + if ((bio = BIO_new_fp(f, BIO_CLOSE)) == NULL) {
Re: rpki-client and non-existing files
ok
you remove the "if (verbose > 0)" in the cms_parse_validate() case on
purpose?
Claudio Jeker(cje...@diehard.n-r-g.com) on 2020.04.01 16:33:44 +0200:
> On Wed, Apr 01, 2020 at 01:06:21PM +0200, Claudio Jeker wrote:
> > Currently rpki-client logs missing files like this:
> >
> > rpki-client: ...trace: error:02FFF002:system library:func(4095):No such
> > file or directory
> > rpki-client: ...trace: error:20FFF080:BIO routines:CRYPTO_internal:no such
> > file
> > rpki-client:
> > rpki.cnnic.cn/rpki/A9162E3D/515/FE-4PMY9qqTI2aJ0xLDm7cD-fvw.mft:
> > BIO_new_file
> >
> > Yes, you need to read the errors in reverse and even then the errors are
> > just hard to read.
> >
> > This ugly format is mostly to blame on the error stack of OpenSSL.
> > As a workaround I switched to using fopen() and then BIO_new_fd()
> > which does the same thing but allows me to get a nice error from fopen():
> >
> > rpki-client:
> > rpki.cnnic.cn/rpki/A9162E3D/515/FE-4PMY9qqTI2aJ0xLDm7cD-fvw.mft: fopen:
> > No such file or directory
> >
> > Any opinions?
>
> This diff removes the fopen: from the warn string:
>
> rpki-client:
> rpki.cnnic.cn/rpki/A9162E3D/515/FE-4PMY9qqTI2aJ0xLDm7cD-fvw.mft: No such
> file or directory
>
> This is more in form with e.g.
>
> rpki-client:
> rpki-repo.registro.br/repo/D81aiXpDAv5WBmgE8oEpfordjGP62otn2fHrhaL4cgby/0/3137372e3133302e302e302f32302d3234203d3e203238323630.roa:
> CRL has expired
>
> --
> :wq Claudio
>
> Index: cert.c
> ===
> RCS file: /cvs/src/usr.sbin/rpki-client/cert.c,v
> retrieving revision 1.14
> diff -u -p -r1.14 cert.c
> --- cert.c26 Feb 2020 02:35:08 - 1.14
> +++ cert.c1 Apr 2020 14:28:29 -
> @@ -930,12 +930,18 @@ cert_parse_inner(X509 **xp, const char *
> ASN1_OBJECT *obj;
> struct parse p;
> BIO *bio = NULL, *shamd;
> + FILE*f;
> EVP_MD *md;
> char mdbuf[EVP_MAX_MD_SIZE];
>
> *xp = NULL;
>
> - if ((bio = BIO_new_file(fn, "rb")) == NULL) {
> + if ((f = fopen(fn, "rb")) == NULL) {
> + warn("%s", fn);
> + return NULL;
> + }
> +
> + if ((bio = BIO_new_fp(f, BIO_CLOSE)) == NULL) {
> if (verbose > 0)
> cryptowarnx("%s: BIO_new_file", fn);
> return NULL;
> Index: cms.c
> ===
> RCS file: /cvs/src/usr.sbin/rpki-client/cms.c,v
> retrieving revision 1.6
> diff -u -p -r1.6 cms.c
> --- cms.c 29 Nov 2019 05:14:11 - 1.6
> +++ cms.c 1 Apr 2020 14:28:34 -
> @@ -42,6 +42,7 @@ cms_parse_validate(X509 **xp, const char
> ASN1_OCTET_STRING **os = NULL;
> BIO *bio = NULL, *shamd;
> CMS_ContentInfo *cms;
> + FILE*f;
> char buf[128], mdbuf[EVP_MAX_MD_SIZE];
> int rc = 0, sz;
> STACK_OF(X509) *certs = NULL;
> @@ -55,10 +56,13 @@ cms_parse_validate(X509 **xp, const char
>* This is usually fopen() failure, so let it pass through to
>* the handler, which will in turn ignore the entity.
>*/
> + if ((f = fopen(fn, "rb")) == NULL) {
> + warn("%s", fn);
> + return NULL;
> + }
>
> - if ((bio = BIO_new_file(fn, "rb")) == NULL) {
> - if (verbose > 0)
> - cryptowarnx("%s: BIO_new_file", fn);
> + if ((bio = BIO_new_fp(f, BIO_CLOSE)) == NULL) {
> + cryptowarnx("%s: BIO_new_fp", fn);
> return NULL;
> }
>
> Index: crl.c
> ===
> RCS file: /cvs/src/usr.sbin/rpki-client/crl.c,v
> retrieving revision 1.7
> diff -u -p -r1.7 crl.c
> --- crl.c 29 Nov 2019 04:40:04 - 1.7
> +++ crl.c 1 Apr 2020 14:28:41 -
> @@ -36,10 +36,16 @@ crl_parse(const char *fn, const unsigned
> int rc = 0, sz;
> X509_CRL*x = NULL;
> BIO *bio = NULL, *shamd;
> + FILE*f;
> EVP_MD *md;
> char mdbuf[EVP_MAX_MD_SIZE];
>
> - if ((bio = BIO_new_file(fn, "rb")) == NULL) {
> + if ((f = fopen(fn, "rb")) == NULL) {
> + warn("%s", fn);
> + return NULL;
> + }
> +
> + if ((bio = BIO_new_fp(f, BIO_CLOSE)) == NULL) {
> if (verbose > 0)
> cryptowarnx("%s: BIO_new_file", fn);
> return NULL;
>
Re: rpki-client and non-existing files
On Wed, Apr 01, 2020 at 01:06:21PM +0200, Claudio Jeker wrote:
> Currently rpki-client logs missing files like this:
>
> rpki-client: ...trace: error:02FFF002:system library:func(4095):No such file
> or directory
> rpki-client: ...trace: error:20FFF080:BIO routines:CRYPTO_internal:no such
> file
> rpki-client:
> rpki.cnnic.cn/rpki/A9162E3D/515/FE-4PMY9qqTI2aJ0xLDm7cD-fvw.mft:
> BIO_new_file
>
> Yes, you need to read the errors in reverse and even then the errors are
> just hard to read.
>
> This ugly format is mostly to blame on the error stack of OpenSSL.
> As a workaround I switched to using fopen() and then BIO_new_fd()
> which does the same thing but allows me to get a nice error from fopen():
>
> rpki-client:
> rpki.cnnic.cn/rpki/A9162E3D/515/FE-4PMY9qqTI2aJ0xLDm7cD-fvw.mft: fopen:
> No such file or directory
>
> Any opinions?
This diff removes the fopen: from the warn string:
rpki-client:
rpki.cnnic.cn/rpki/A9162E3D/515/FE-4PMY9qqTI2aJ0xLDm7cD-fvw.mft: No such
file or directory
This is more in form with e.g.
rpki-client:
rpki-repo.registro.br/repo/D81aiXpDAv5WBmgE8oEpfordjGP62otn2fHrhaL4cgby/0/3137372e3133302e302e302f32302d3234203d3e203238323630.roa:
CRL has expired
--
:wq Claudio
Index: cert.c
===
RCS file: /cvs/src/usr.sbin/rpki-client/cert.c,v
retrieving revision 1.14
diff -u -p -r1.14 cert.c
--- cert.c 26 Feb 2020 02:35:08 - 1.14
+++ cert.c 1 Apr 2020 14:28:29 -
@@ -930,12 +930,18 @@ cert_parse_inner(X509 **xp, const char *
ASN1_OBJECT *obj;
struct parse p;
BIO *bio = NULL, *shamd;
+ FILE*f;
EVP_MD *md;
char mdbuf[EVP_MAX_MD_SIZE];
*xp = NULL;
- if ((bio = BIO_new_file(fn, "rb")) == NULL) {
+ if ((f = fopen(fn, "rb")) == NULL) {
+ warn("%s", fn);
+ return NULL;
+ }
+
+ if ((bio = BIO_new_fp(f, BIO_CLOSE)) == NULL) {
if (verbose > 0)
cryptowarnx("%s: BIO_new_file", fn);
return NULL;
Index: cms.c
===
RCS file: /cvs/src/usr.sbin/rpki-client/cms.c,v
retrieving revision 1.6
diff -u -p -r1.6 cms.c
--- cms.c 29 Nov 2019 05:14:11 - 1.6
+++ cms.c 1 Apr 2020 14:28:34 -
@@ -42,6 +42,7 @@ cms_parse_validate(X509 **xp, const char
ASN1_OCTET_STRING **os = NULL;
BIO *bio = NULL, *shamd;
CMS_ContentInfo *cms;
+ FILE*f;
char buf[128], mdbuf[EVP_MAX_MD_SIZE];
int rc = 0, sz;
STACK_OF(X509) *certs = NULL;
@@ -55,10 +56,13 @@ cms_parse_validate(X509 **xp, const char
* This is usually fopen() failure, so let it pass through to
* the handler, which will in turn ignore the entity.
*/
+ if ((f = fopen(fn, "rb")) == NULL) {
+ warn("%s", fn);
+ return NULL;
+ }
- if ((bio = BIO_new_file(fn, "rb")) == NULL) {
- if (verbose > 0)
- cryptowarnx("%s: BIO_new_file", fn);
+ if ((bio = BIO_new_fp(f, BIO_CLOSE)) == NULL) {
+ cryptowarnx("%s: BIO_new_fp", fn);
return NULL;
}
Index: crl.c
===
RCS file: /cvs/src/usr.sbin/rpki-client/crl.c,v
retrieving revision 1.7
diff -u -p -r1.7 crl.c
--- crl.c 29 Nov 2019 04:40:04 - 1.7
+++ crl.c 1 Apr 2020 14:28:41 -
@@ -36,10 +36,16 @@ crl_parse(const char *fn, const unsigned
int rc = 0, sz;
X509_CRL*x = NULL;
BIO *bio = NULL, *shamd;
+ FILE*f;
EVP_MD *md;
char mdbuf[EVP_MAX_MD_SIZE];
- if ((bio = BIO_new_file(fn, "rb")) == NULL) {
+ if ((f = fopen(fn, "rb")) == NULL) {
+ warn("%s", fn);
+ return NULL;
+ }
+
+ if ((bio = BIO_new_fp(f, BIO_CLOSE)) == NULL) {
if (verbose > 0)
cryptowarnx("%s: BIO_new_file", fn);
return NULL;
