diff options
author | Bob Beck <beck@cvs.openbsd.org> | 2023-04-26 22:05:29 +0000 |
---|---|---|
committer | Bob Beck <beck@cvs.openbsd.org> | 2023-04-26 22:05:29 +0000 |
commit | 1f32d38f77152e5e3929f35d94bc69373d7c55bb (patch) | |
tree | dba96e029052143ddfb7fc3a1c01b6aeb96a11c9 | |
parent | 140cc7b37702ab717f8125a7645c975de0e0a38c (diff) |
Add a -P option to rpki-client to specify the evaluation time
This is intended to be able to test rpki-client in a reproducable
way without worrying about the system time changing the results
ok claudio@
-rw-r--r-- | usr.sbin/rpki-client/extern.h | 10 | ||||
-rw-r--r-- | usr.sbin/rpki-client/main.c | 20 | ||||
-rw-r--r-- | usr.sbin/rpki-client/output-bird.c | 4 | ||||
-rw-r--r-- | usr.sbin/rpki-client/parser.c | 4 | ||||
-rw-r--r-- | usr.sbin/rpki-client/rpki-client.8 | 9 | ||||
-rw-r--r-- | usr.sbin/rpki-client/validate.c | 3 |
6 files changed, 40 insertions, 10 deletions
diff --git a/usr.sbin/rpki-client/extern.h b/usr.sbin/rpki-client/extern.h index d2cab063636..a5a3200b308 100644 --- a/usr.sbin/rpki-client/extern.h +++ b/usr.sbin/rpki-client/extern.h @@ -1,4 +1,4 @@ -/* $OpenBSD: extern.h,v 1.178 2023/04/26 16:32:41 claudio Exp $ */ +/* $OpenBSD: extern.h,v 1.179 2023/04/26 22:05:28 beck Exp $ */ /* * Copyright (c) 2019 Kristaps Dzonsons <kristaps@bsd.lv> * @@ -944,4 +944,12 @@ int mkpathat(int, const char *); /* Maximum number of delta files per RRDP notification file. */ #define MAX_RRDP_DELTAS 300 +/* + * Time - Evaluation time is used as the current time if it is + * larger than X509_TIME_MIN, otherwise the system time is used. + */ +#define X509_TIME_MAX 253402300799LL +#define X509_TIME_MIN -62167219200LL +extern time_t get_current_time(void); + #endif /* ! EXTERN_H */ diff --git a/usr.sbin/rpki-client/main.c b/usr.sbin/rpki-client/main.c index 516fcd7f514..6cdbc213025 100644 --- a/usr.sbin/rpki-client/main.c +++ b/usr.sbin/rpki-client/main.c @@ -1,4 +1,4 @@ -/* $OpenBSD: main.c,v 1.234 2023/04/26 16:32:41 claudio Exp $ */ +/* $OpenBSD: main.c,v 1.235 2023/04/26 22:05:28 beck Exp $ */ /* * Copyright (c) 2021 Claudio Jeker <claudio@openbsd.org> * Copyright (c) 2019 Kristaps Dzonsons <kristaps@bsd.lv> @@ -74,6 +74,8 @@ int rrdpon = 1; int repo_timeout; time_t deadline; +int64_t evaluation_time = X509_TIME_MIN; + struct stats stats; struct fqdnlistentry { @@ -124,6 +126,14 @@ entity_free(struct entity *ent) free(ent); } +time_t +get_current_time(void) +{ + if (evaluation_time > X509_TIME_MIN) + return (time_t) evaluation_time; + return time(NULL); +} + /* * Read a queue entity from the descriptor. * Matched by entity_buffer_req(). @@ -963,7 +973,7 @@ main(int argc, char *argv[]) "proc exec unveil", NULL) == -1) err(1, "pledge"); - while ((c = getopt(argc, argv, "Ab:Bcd:e:fH:jmnorRs:S:t:T:vV")) != -1) + while ((c = getopt(argc, argv, "Ab:Bcd:e:fH:jmnoP:rRs:S:t:T:vV")) != -1) switch (c) { case 'A': excludeaspa = 1; @@ -1003,6 +1013,12 @@ main(int argc, char *argv[]) case 'o': outformats |= FORMAT_OPENBGPD; break; + case 'P': + evaluation_time = strtonum(optarg, X509_TIME_MIN + 1, + X509_TIME_MAX, &errs); + if (errs) + errx(1, "-P: time in seconds %s", errs); + break; case 'R': rrdpon = 0; break; diff --git a/usr.sbin/rpki-client/output-bird.c b/usr.sbin/rpki-client/output-bird.c index be8e04d5c1e..39582912702 100644 --- a/usr.sbin/rpki-client/output-bird.c +++ b/usr.sbin/rpki-client/output-bird.c @@ -1,4 +1,4 @@ -/* $OpenBSD: output-bird.c,v 1.15 2022/08/30 18:56:49 job Exp $ */ +/* $OpenBSD: output-bird.c,v 1.16 2023/04/26 22:05:28 beck Exp $ */ /* * Copyright (c) 2019 Claudio Jeker <claudio@openbsd.org> * Copyright (c) 2020 Robert Scheck <robert@fedoraproject.org> @@ -84,7 +84,7 @@ output_bird2(FILE *out, struct vrp_tree *vrps, struct brk_tree *brks, { extern const char *bird_tablename; struct vrp *v; - time_t now = time(NULL); + time_t now = get_current_time(); if (outputheader(out, st) < 0) return -1; diff --git a/usr.sbin/rpki-client/parser.c b/usr.sbin/rpki-client/parser.c index 23eaf602e68..8bcde343d80 100644 --- a/usr.sbin/rpki-client/parser.c +++ b/usr.sbin/rpki-client/parser.c @@ -1,4 +1,4 @@ -/* $OpenBSD: parser.c,v 1.91 2023/04/26 16:32:41 claudio Exp $ */ +/* $OpenBSD: parser.c,v 1.92 2023/04/26 22:05:28 beck Exp $ */ /* * Copyright (c) 2019 Claudio Jeker <claudio@openbsd.org> * Copyright (c) 2019 Kristaps Dzonsons <kristaps@bsd.lv> @@ -312,7 +312,7 @@ proc_parser_mft_post(char *file, struct mft *mft, const char *path, const char *errstr) { /* check that now is not before from */ - time_t now = time(NULL); + time_t now = get_current_time(); if (mft == NULL) { if (errstr == NULL) diff --git a/usr.sbin/rpki-client/rpki-client.8 b/usr.sbin/rpki-client/rpki-client.8 index ae37d96b9b3..47d14ca0160 100644 --- a/usr.sbin/rpki-client/rpki-client.8 +++ b/usr.sbin/rpki-client/rpki-client.8 @@ -1,4 +1,4 @@ -.\" $OpenBSD: rpki-client.8,v 1.93 2023/03/06 19:20:34 job Exp $ +.\" $OpenBSD: rpki-client.8,v 1.94 2023/04/26 22:05:28 beck Exp $ .\" .\" Copyright (c) 2019 Kristaps Dzonsons <kristaps@bsd.lv> .\" @@ -14,7 +14,7 @@ .\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF .\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. .\" -.Dd $Mdocdate: March 6 2023 $ +.Dd $Mdocdate: April 26 2023 $ .Dt RPKI-CLIENT 8 .Os .Sh NAME @@ -163,6 +163,11 @@ If the and .Fl j options are not specified this is the default. +.It Fl P Ar posix-seconds +Specify the time for the evaluation in +.Ar posix-seconds +seconds from the unix epoch. +This overrides the default of using the current system time. .It Fl R Synchronize via RSYNC only. .It Fl r diff --git a/usr.sbin/rpki-client/validate.c b/usr.sbin/rpki-client/validate.c index 5897ea5e0a6..412b6e61382 100644 --- a/usr.sbin/rpki-client/validate.c +++ b/usr.sbin/rpki-client/validate.c @@ -1,4 +1,4 @@ -/* $OpenBSD: validate.c,v 1.57 2023/04/14 00:23:16 tb Exp $ */ +/* $OpenBSD: validate.c,v 1.58 2023/04/26 22:05:28 beck Exp $ */ /* * Copyright (c) 2019 Kristaps Dzonsons <kristaps@bsd.lv> * @@ -401,6 +401,7 @@ valid_x509(char *file, X509_STORE_CTX *store_ctx, X509 *x509, struct auth *a, cryptoerrx("OBJ_dup"); if (!X509_VERIFY_PARAM_add0_policy(params, cp_oid)) cryptoerrx("X509_VERIFY_PARAM_add0_policy"); + X509_VERIFY_PARAM_set_time(params, get_current_time()); flags = X509_V_FLAG_CRL_CHECK; flags |= X509_V_FLAG_POLICY_CHECK; |