Fix CRLF handling by properly setting nl to the right NUL byte. In the CRLF case both \r\n are replaced by \0 and so the code needs to adjust the nl pointer else valid_url() and the check for .cer endings fail.
This diff fixes the test.tal I added to regress. -- :wq Claudio Index: tal.c =================================================================== RCS file: /cvs/src/usr.sbin/rpki-client/tal.c,v retrieving revision 1.32 diff -u -p -r1.32 tal.c --- tal.c 26 Oct 2021 16:12:54 -0000 1.32 +++ tal.c 3 Nov 2021 17:28:41 -0000 @@ -67,6 +67,9 @@ tal_parse_buffer(const char *fn, char *b len -= nl + 1 - buf; buf = nl + 1; + if (nl > line && nl[-1] == '\0') + nl--; + if (optcomment) { /* if this is a comment, just eat the line */ if (line[0] == '#')