diff options
author | Job Snijders <job@cvs.openbsd.org> | 2023-03-03 16:19:06 +0000 |
---|---|---|
committer | Job Snijders <job@cvs.openbsd.org> | 2023-03-03 16:19:06 +0000 |
commit | 73065cb058df33f9aa416d2c1e46f145275127d9 (patch) | |
tree | 3a9a8066cde534e1b0aa4815a91f6c4e26f578b9 /usr.sbin/rpki-client | |
parent | 1b19c0bdee7343bd192d8a1ce03411d818d45d53 (diff) |
In filemode, print the certification path towards the Trust Anchor
with and OK tb@
Diffstat (limited to 'usr.sbin/rpki-client')
-rw-r--r-- | usr.sbin/rpki-client/filemode.c | 41 |
1 files changed, 34 insertions, 7 deletions
diff --git a/usr.sbin/rpki-client/filemode.c b/usr.sbin/rpki-client/filemode.c index 85da152a27f..9d0c7ebd576 100644 --- a/usr.sbin/rpki-client/filemode.c +++ b/usr.sbin/rpki-client/filemode.c @@ -1,4 +1,4 @@ -/* $OpenBSD: filemode.c,v 1.19 2023/01/06 16:06:43 claudio Exp $ */ +/* $OpenBSD: filemode.c,v 1.20 2023/03/03 16:19:05 job Exp $ */ /* * Copyright (c) 2019 Claudio Jeker <claudio@openbsd.org> * Copyright (c) 2019 Kristaps Dzonsons <kristaps@bsd.lv> @@ -257,6 +257,22 @@ find_tal(struct cert *cert) return NULL; } +static void +print_certification_path(const char *crl, const char *aia, const struct auth *a) +{ + if (crl != NULL) + printf("Certification path: %s\n", crl); + if (aia != NULL) + printf(" %s\n", aia); + + for (; a != NULL; a = a->parent) { + if (a->cert->crl != NULL) + printf(" %s\n", a->cert->crl); + if (a->cert->aia != NULL) + printf(" %s\n", a->cert->aia); + } +} + /* * Parse file passed with -f option. */ @@ -417,7 +433,6 @@ proc_parser_file(char *file, unsigned char *buf, size_t len) x509_get_crl(x509, file, &crl_uri); parse_load_crl(crl_uri); - free(crl_uri); if (auth_find(&auths, aki) == NULL) parse_load_certchain(aia); a = auth_find(&auths, aki); @@ -441,16 +456,29 @@ proc_parser_file(char *file, unsigned char *buf, size_t len) break; } } - if (status) + if (status) { + if ((outformats & FORMAT_JSON) == 0) + printf(" "); printf("OK"); - else { + if ((outformats & FORMAT_JSON) == 0) { + printf("\n"); + print_certification_path(crl_uri, aia, a); + } + } else { + if ((outformats & FORMAT_JSON) == 0) + printf(" "); printf("Failed"); if (errstr != NULL) printf(", %s", errstr); + if ((outformats & FORMAT_JSON) == 0) + printf("\n"); } + free(crl_uri); } else if (is_ta) { if ((tal = find_tal(cert)) != NULL) { cert = ta_parse(file, cert, tal->pkey, tal->pkeysz); + if ((outformats & FORMAT_JSON) == 0) + printf(" "); if (cert != NULL) printf("OK"); else @@ -458,7 +486,8 @@ proc_parser_file(char *file, unsigned char *buf, size_t len) if (outformats & FORMAT_JSON) printf("\",\n\t\"tal\": \"%s", tal->descr); else - printf("\nTAL: %s", tal->descr); + printf("\nTAL: %s\n", + tal->descr); tal = NULL; } else { cert_free(cert); @@ -470,8 +499,6 @@ proc_parser_file(char *file, unsigned char *buf, size_t len) if (outformats & FORMAT_JSON) printf("\"\n}\n"); else { - printf("\n"); - if (x509 == NULL) goto out; if (type == RTYPE_TAL || type == RTYPE_CRL) |