Currently rpki-client logs missing files like this: rpki-client: ...trace: error:02FFF002:system library:func(4095):No such file or directory rpki-client: ...trace: error:20FFF080:BIO routines:CRYPTO_internal:no such file rpki-client: rpki.cnnic.cn/rpki/A9162E3D0000/515/FE-4PMY9qqTI2aJ0xLDm7cD-fvw.mft: BIO_new_file
Yes, you need to read the errors in reverse and even then the errors are just hard to read. This ugly format is mostly to blame on the error stack of OpenSSL. As a workaround I switched to using fopen() and then BIO_new_fd() which does the same thing but allows me to get a nice error from fopen(): rpki-client: rpki.cnnic.cn/rpki/A9162E3D0000/515/FE-4PMY9qqTI2aJ0xLDm7cD-fvw.mft: fopen: No such file or directory Any opinions? -- :wq Claudio Index: cert.c =================================================================== RCS file: /cvs/src/usr.sbin/rpki-client/cert.c,v retrieving revision 1.14 diff -u -p -r1.14 cert.c --- cert.c 26 Feb 2020 02:35:08 -0000 1.14 +++ cert.c 30 Mar 2020 11:40:28 -0000 @@ -930,12 +930,18 @@ cert_parse_inner(X509 **xp, const char * ASN1_OBJECT *obj; struct parse p; BIO *bio = NULL, *shamd; + FILE *f; EVP_MD *md; char mdbuf[EVP_MAX_MD_SIZE]; *xp = NULL; - if ((bio = BIO_new_file(fn, "rb")) == NULL) { + if ((f = fopen(fn, "rb")) == NULL) { + warn("%s: fopen", fn); + return NULL; + } + + if ((bio = BIO_new_fp(f, BIO_CLOSE)) == NULL) { if (verbose > 0) cryptowarnx("%s: BIO_new_file", fn); return NULL; Index: cms.c =================================================================== RCS file: /cvs/src/usr.sbin/rpki-client/cms.c,v retrieving revision 1.6 diff -u -p -r1.6 cms.c --- cms.c 29 Nov 2019 05:14:11 -0000 1.6 +++ cms.c 30 Mar 2020 11:40:23 -0000 @@ -42,6 +42,7 @@ cms_parse_validate(X509 **xp, const char ASN1_OCTET_STRING **os = NULL; BIO *bio = NULL, *shamd; CMS_ContentInfo *cms; + FILE *f; char buf[128], mdbuf[EVP_MAX_MD_SIZE]; int rc = 0, sz; STACK_OF(X509) *certs = NULL; @@ -55,10 +56,13 @@ cms_parse_validate(X509 **xp, const char * This is usually fopen() failure, so let it pass through to * the handler, which will in turn ignore the entity. */ + if ((f = fopen(fn, "rb")) == NULL) { + warn("%s: fopen", fn); + return NULL; + } - if ((bio = BIO_new_file(fn, "rb")) == NULL) { - if (verbose > 0) - cryptowarnx("%s: BIO_new_file", fn); + if ((bio = BIO_new_fp(f, BIO_CLOSE)) == NULL) { + cryptowarnx("%s: BIO_new_fp", fn); return NULL; } Index: crl.c =================================================================== RCS file: /cvs/src/usr.sbin/rpki-client/crl.c,v retrieving revision 1.7 diff -u -p -r1.7 crl.c --- crl.c 29 Nov 2019 04:40:04 -0000 1.7 +++ crl.c 30 Mar 2020 11:40:32 -0000 @@ -36,10 +36,16 @@ crl_parse(const char *fn, const unsigned int rc = 0, sz; X509_CRL *x = NULL; BIO *bio = NULL, *shamd; + FILE *f; EVP_MD *md; char mdbuf[EVP_MAX_MD_SIZE]; - if ((bio = BIO_new_file(fn, "rb")) == NULL) { + if ((f = fopen(fn, "rb")) == NULL) { + warn("%s: fopen", fn); + return NULL; + } + + if ((bio = BIO_new_fp(f, BIO_CLOSE)) == NULL) { if (verbose > 0) cryptowarnx("%s: BIO_new_file", fn); return NULL;