On Sat, Jan 22, 2022 at 11:50:34AM +0100, Theo Buehler wrote:
> On Sat, Jan 22, 2022 at 11:07:36AM +0100, Claudio Jeker wrote:
> > On Sat, Jan 22, 2022 at 10:22:02AM +0100, Theo Buehler wrote:
> > > On Sat, Jan 22, 2022 at 10:11:36AM +0100, Claudio Jeker wrote:
> > > > On Fri, Jan 21, 2022 at 03:22:51PM +0100, Claudio Jeker wrote:
> > > > > I would like to change -f into a real mode and with that support to
> > > > > show more then one file at a time.
> > > > >
> > > > > This is doing most of that. The output may need some extra fixing but
> > > > > the
> > > > > logic itself works.
> > > > >
> > > > > Yay or nay?
> > > >
> > > > Updated diff after the changes from tb@
> > >
> > > still ok
> >
> > Sorry here is a better version that does not print warnings when running
> > like this:
> > cd /var/cache/rpki-client/valid/chloe.sobornost.net/rpki/RIPE-nljobsnijders
> > rpki-client -v -f *.*
> >
> > Before it tried to readd the same cert and crl multiple times and warnings
> > about duplicate AKI / SKI were printed. Now the code suppresses the
> > warning in proc_parser_crl() and checks in parse_load_certchain() if the
> > cert was already loaded and exits in that case.
>
> Looks good, except for this:
>
> > @@ -844,10 +844,14 @@ parse_load_certchain(char *uri)
> > warnx("failed to build authority chain");
> > return;
> > }
> > + if (auth_find(&auths, cert->ski) != NULL) {
> > + cert_free(cert);
>
> Don't we need to free all certs we added to stack[] up to this point?
My understanding is that this can only happen for the first cert. After
that the 2nd auth_find() using the aki will trigger and break the loop.
> > + return; /* cert already added */
> > + }
> > stack[i] = cert;
> > filestack[i] = uri;
> > if (auth_find(&auths, cert->aki) != NULL)
> > - break; /* found the TA */
> > + break; /* found chain to TA */
> > uri = cert->aia;
> > }
> >
>
--
:wq Claudio
