On Wed, Apr 01, 2020 at 01:06:21PM +0200, Claudio Jeker wrote:
> Currently rpki-client logs missing files like this:
> 
> rpki-client:  ...trace: error:02FFF002:system library:func(4095):No such file 
> or directory
> rpki-client:  ...trace: error:20FFF080:BIO routines:CRYPTO_internal:no such 
> file
> rpki-client: 
> rpki.cnnic.cn/rpki/A9162E3D0000/515/FE-4PMY9qqTI2aJ0xLDm7cD-fvw.mft: 
> BIO_new_file
> 
> Yes, you need to read the errors in reverse and even then the errors are
> just hard to read.
> 
> This ugly format is mostly to blame on the error stack of OpenSSL.
> As a workaround I switched to using fopen() and then BIO_new_fd()
> which does the same thing but allows me to get a nice error from fopen():
> 
> rpki-client: 
> rpki.cnnic.cn/rpki/A9162E3D0000/515/FE-4PMY9qqTI2aJ0xLDm7cD-fvw.mft: fopen: 
> No such file or directory
> 
> Any opinions?

This diff removes the fopen: from the warn string:

rpki-client: 
rpki.cnnic.cn/rpki/A9162E3D0000/515/FE-4PMY9qqTI2aJ0xLDm7cD-fvw.mft: No such 
file or directory

This is more in form with e.g.

rpki-client: 
rpki-repo.registro.br/repo/D81aiXpDAv5WBmgE8oEpfordjGP62otn2fHrhaL4cgby/0/3137372e3133302e302e302f32302d3234203d3e203238323630.roa:
 CRL has expired

-- 
:wq Claudio

Index: cert.c
===================================================================
RCS file: /cvs/src/usr.sbin/rpki-client/cert.c,v
retrieving revision 1.14
diff -u -p -r1.14 cert.c
--- cert.c      26 Feb 2020 02:35:08 -0000      1.14
+++ cert.c      1 Apr 2020 14:28:29 -0000
@@ -930,12 +930,18 @@ cert_parse_inner(X509 **xp, const char *
        ASN1_OBJECT     *obj;
        struct parse     p;
        BIO             *bio = NULL, *shamd;
+       FILE            *f;
        EVP_MD          *md;
        char             mdbuf[EVP_MAX_MD_SIZE];
 
        *xp = NULL;
 
-       if ((bio = BIO_new_file(fn, "rb")) == NULL) {
+       if ((f = fopen(fn, "rb")) == NULL) {
+               warn("%s", fn);
+               return NULL;
+       }
+
+       if ((bio = BIO_new_fp(f, BIO_CLOSE)) == NULL) {
                if (verbose > 0)
                        cryptowarnx("%s: BIO_new_file", fn);
                return NULL;
Index: cms.c
===================================================================
RCS file: /cvs/src/usr.sbin/rpki-client/cms.c,v
retrieving revision 1.6
diff -u -p -r1.6 cms.c
--- cms.c       29 Nov 2019 05:14:11 -0000      1.6
+++ cms.c       1 Apr 2020 14:28:34 -0000
@@ -42,6 +42,7 @@ cms_parse_validate(X509 **xp, const char
        ASN1_OCTET_STRING       **os = NULL;
        BIO                     *bio = NULL, *shamd;
        CMS_ContentInfo         *cms;
+       FILE                    *f;
        char                     buf[128], mdbuf[EVP_MAX_MD_SIZE];
        int                      rc = 0, sz;
        STACK_OF(X509)          *certs = NULL;
@@ -55,10 +56,13 @@ cms_parse_validate(X509 **xp, const char
         * This is usually fopen() failure, so let it pass through to
         * the handler, which will in turn ignore the entity.
         */
+       if ((f = fopen(fn, "rb")) == NULL) {
+               warn("%s", fn);
+               return NULL;
+       }
 
-       if ((bio = BIO_new_file(fn, "rb")) == NULL) {
-               if (verbose > 0)
-                       cryptowarnx("%s: BIO_new_file", fn);
+       if ((bio = BIO_new_fp(f, BIO_CLOSE)) == NULL) {
+               cryptowarnx("%s: BIO_new_fp", fn);
                return NULL;
        }
 
Index: crl.c
===================================================================
RCS file: /cvs/src/usr.sbin/rpki-client/crl.c,v
retrieving revision 1.7
diff -u -p -r1.7 crl.c
--- crl.c       29 Nov 2019 04:40:04 -0000      1.7
+++ crl.c       1 Apr 2020 14:28:41 -0000
@@ -36,10 +36,16 @@ crl_parse(const char *fn, const unsigned
        int              rc = 0, sz;
        X509_CRL        *x = NULL;
        BIO             *bio = NULL, *shamd;
+       FILE            *f;
        EVP_MD          *md;
        char             mdbuf[EVP_MAX_MD_SIZE];
 
-       if ((bio = BIO_new_file(fn, "rb")) == NULL) {
+       if ((f = fopen(fn, "rb")) == NULL) {
+               warn("%s", fn);
+               return NULL;
+       }
+
+       if ((bio = BIO_new_fp(f, BIO_CLOSE)) == NULL) {
                if (verbose > 0)
                        cryptowarnx("%s: BIO_new_file", fn);
                return NULL;

Reply via email to