Currently rpki-client logs missing files like this:
rpki-client: ...trace: error:02FFF002:system library:func(4095):No such file
or directory
rpki-client: ...trace: error:20FFF080:BIO routines:CRYPTO_internal:no such file
rpki-client:
rpki.cnnic.cn/rpki/A9162E3D0000/515/FE-4PMY9qqTI2aJ0xLDm7cD-fvw.mft:
BIO_new_file
Yes, you need to read the errors in reverse and even then the errors are
just hard to read.
This ugly format is mostly to blame on the error stack of OpenSSL.
As a workaround I switched to using fopen() and then BIO_new_fd()
which does the same thing but allows me to get a nice error from fopen():
rpki-client:
rpki.cnnic.cn/rpki/A9162E3D0000/515/FE-4PMY9qqTI2aJ0xLDm7cD-fvw.mft: fopen: No
such file or directory
Any opinions?
--
:wq Claudio
Index: cert.c
===================================================================
RCS file: /cvs/src/usr.sbin/rpki-client/cert.c,v
retrieving revision 1.14
diff -u -p -r1.14 cert.c
--- cert.c 26 Feb 2020 02:35:08 -0000 1.14
+++ cert.c 30 Mar 2020 11:40:28 -0000
@@ -930,12 +930,18 @@ cert_parse_inner(X509 **xp, const char *
ASN1_OBJECT *obj;
struct parse p;
BIO *bio = NULL, *shamd;
+ FILE *f;
EVP_MD *md;
char mdbuf[EVP_MAX_MD_SIZE];
*xp = NULL;
- if ((bio = BIO_new_file(fn, "rb")) == NULL) {
+ if ((f = fopen(fn, "rb")) == NULL) {
+ warn("%s: fopen", fn);
+ return NULL;
+ }
+
+ if ((bio = BIO_new_fp(f, BIO_CLOSE)) == NULL) {
if (verbose > 0)
cryptowarnx("%s: BIO_new_file", fn);
return NULL;
Index: cms.c
===================================================================
RCS file: /cvs/src/usr.sbin/rpki-client/cms.c,v
retrieving revision 1.6
diff -u -p -r1.6 cms.c
--- cms.c 29 Nov 2019 05:14:11 -0000 1.6
+++ cms.c 30 Mar 2020 11:40:23 -0000
@@ -42,6 +42,7 @@ cms_parse_validate(X509 **xp, const char
ASN1_OCTET_STRING **os = NULL;
BIO *bio = NULL, *shamd;
CMS_ContentInfo *cms;
+ FILE *f;
char buf[128], mdbuf[EVP_MAX_MD_SIZE];
int rc = 0, sz;
STACK_OF(X509) *certs = NULL;
@@ -55,10 +56,13 @@ cms_parse_validate(X509 **xp, const char
* This is usually fopen() failure, so let it pass through to
* the handler, which will in turn ignore the entity.
*/
+ if ((f = fopen(fn, "rb")) == NULL) {
+ warn("%s: fopen", fn);
+ return NULL;
+ }
- if ((bio = BIO_new_file(fn, "rb")) == NULL) {
- if (verbose > 0)
- cryptowarnx("%s: BIO_new_file", fn);
+ if ((bio = BIO_new_fp(f, BIO_CLOSE)) == NULL) {
+ cryptowarnx("%s: BIO_new_fp", fn);
return NULL;
}
Index: crl.c
===================================================================
RCS file: /cvs/src/usr.sbin/rpki-client/crl.c,v
retrieving revision 1.7
diff -u -p -r1.7 crl.c
--- crl.c 29 Nov 2019 04:40:04 -0000 1.7
+++ crl.c 30 Mar 2020 11:40:32 -0000
@@ -36,10 +36,16 @@ crl_parse(const char *fn, const unsigned
int rc = 0, sz;
X509_CRL *x = NULL;
BIO *bio = NULL, *shamd;
+ FILE *f;
EVP_MD *md;
char mdbuf[EVP_MAX_MD_SIZE];
- if ((bio = BIO_new_file(fn, "rb")) == NULL) {
+ if ((f = fopen(fn, "rb")) == NULL) {
+ warn("%s: fopen", fn);
+ return NULL;
+ }
+
+ if ((bio = BIO_new_fp(f, BIO_CLOSE)) == NULL) {
if (verbose > 0)
cryptowarnx("%s: BIO_new_file", fn);
return NULL;
