Re: rpki-client -f and multiple files

Sat, 22 Jan 2022 03:10:35 -0800 

On Sat, Jan 22, 2022 at 12:05:40PM +0100, Claudio Jeker wrote:
> On Sat, Jan 22, 2022 at 11:50:34AM +0100, Theo Buehler wrote:
> > On Sat, Jan 22, 2022 at 11:07:36AM +0100, Claudio Jeker wrote:
> > > On Sat, Jan 22, 2022 at 10:22:02AM +0100, Theo Buehler wrote:
> > > > On Sat, Jan 22, 2022 at 10:11:36AM +0100, Claudio Jeker wrote:
> > > > > On Fri, Jan 21, 2022 at 03:22:51PM +0100, Claudio Jeker wrote:
> > > > > > I would like to change -f into a real mode and with that support to
> > > > > > show more then one file at a time.
> > > > > > 
> > > > > > This is doing most of that. The output may need some extra fixing 
> > > > > > but the
> > > > > > logic itself works.
> > > > > > 
> > > > > > Yay or nay?
> > > > > 
> > > > > Updated diff after the changes from tb@
> > > > 
> > > > still ok
> > > 
> > > Sorry here is a better version that does not print warnings when running
> > > like this:
> > > cd 
> > > /var/cache/rpki-client/valid/chloe.sobornost.net/rpki/RIPE-nljobsnijders
> > > rpki-client -v -f *.*
> > > 
> > > Before it tried to readd the same cert and crl multiple times and warnings
> > > about duplicate AKI / SKI were printed. Now the code suppresses the
> > > warning in proc_parser_crl() and checks in parse_load_certchain() if the
> > > cert was already loaded and exits in that case. 
> > 
> > Looks good, except for this:
> > 
> > > @@ -844,10 +844,14 @@ parse_load_certchain(char *uri)
> > >                   warnx("failed to build authority chain");
> > >                   return;
> > >           }
> > > +         if (auth_find(&auths, cert->ski) != NULL) {
> > > +                 cert_free(cert);
> > 
> > Don't we need to free all certs we added to stack[] up to this point?
> 
> My understanding is that this can only happen for the first cert. After
> that the 2nd auth_find() using the aki will trigger and break the loop.

Makes sense. Perhaps assert(i == 0) then?

>  
> > > +                 return; /* cert already added */
> > > +         }
> > >           stack[i] = cert;
> > >           filestack[i] = uri;
> > >           if (auth_find(&auths, cert->aki) != NULL)
> > > -                 break;  /* found the TA */
> > > +                 break;  /* found chain to TA */
> > >           uri = cert->aia;
> > >   }
> > >  
> > 
> 
> -- 
> :wq Claudio

Reply via email to