diff options
| author | Job Snijders <job@cvs.openbsd.org> | 2022-04-12 11:05:51 +0000 |
|---|---|---|
| committer | Job Snijders <job@cvs.openbsd.org> | 2022-04-12 11:05:51 +0000 |
| commit | 8d761dec7edf54deed87cbd8269b9ec99ec5dbfd (patch) | |
| tree | 8962b0ce0bfda437e858bc06857eb8c42074ee2f /usr.sbin | |
| parent | c5dc47048a61e601b03dc773c7dffc4d08e280ce (diff) | |
Extend -f filemode to decode & print TAL details
"fine" claudio@ tb@
Diffstat (limited to 'usr.sbin')
| -rw-r--r-- | usr.sbin/rpki-client/print.c | 41 | ||||
| -rw-r--r-- | usr.sbin/rpki-client/rpki-client.8 | 8 |
2 files changed, 42 insertions, 7 deletions
diff --git a/usr.sbin/rpki-client/print.c b/usr.sbin/rpki-client/print.c index 54139b397d9..d1a54f4d524 100644 --- a/usr.sbin/rpki-client/print.c +++ b/usr.sbin/rpki-client/print.c @@ -1,4 +1,4 @@ -/* $OpenBSD: print.c,v 1.6 2022/03/21 10:39:51 claudio Exp $ */ +/* $OpenBSD: print.c,v 1.7 2022/04/12 11:05:50 job Exp $ */ /* * Copyright (c) 2021 Claudio Jeker <claudio@openbsd.org> * Copyright (c) 2019 Kristaps Dzonsons <kristaps@bsd.lv> @@ -25,6 +25,8 @@ #include <string.h> #include <time.h> +#include <openssl/evp.h> + #include "extern.h" static const char * @@ -62,10 +64,41 @@ time2str(time_t t) void tal_print(const struct tal *p) { - size_t i; - + char *ski; + EVP_PKEY *pk; + RSA *r; + const unsigned char *der; + unsigned char *rder = NULL; + unsigned char md[SHA_DIGEST_LENGTH]; + int rder_len; + size_t i; + + printf("Trust anchor name: %s\n", p->descr); + + der = p->pkey; + pk = d2i_PUBKEY(NULL, &der, p->pkeysz); + if (pk == NULL) + errx(1, "d2i_PUBKEY failed in %s", __func__); + + r = EVP_PKEY_get0_RSA(pk); + if (r == NULL) + errx(1, "EVP_PKEY_get0_RSA failed in %s", __func__); + if ((rder_len = i2d_RSAPublicKey(r, &rder)) <= 0) + errx(1, "i2d_RSAPublicKey failed in %s", __func__); + + if (!EVP_Digest(rder, rder_len, md, NULL, EVP_sha1(), NULL)) + errx(1, "EVP_Digest failed in %s", __func__); + + ski = hex_encode(md, SHA_DIGEST_LENGTH); + printf("Subject key identifier: %s\n", pretty_key_id(ski)); + + printf("Trust anchor locations:\n"); for (i = 0; i < p->urisz; i++) - printf("%5zu: URI: %s\n", i + 1, p->uri[i]); + printf("%5zu: %s\n", i + 1, p->uri[i]); + + EVP_PKEY_free(pk); + free(rder); + free(ski); } void diff --git a/usr.sbin/rpki-client/rpki-client.8 b/usr.sbin/rpki-client/rpki-client.8 index 56164f1dc2e..7bfed64ff76 100644 --- a/usr.sbin/rpki-client/rpki-client.8 +++ b/usr.sbin/rpki-client/rpki-client.8 @@ -1,4 +1,4 @@ -.\" $OpenBSD: rpki-client.8,v 1.57 2022/03/31 17:27:31 naddy Exp $ +.\" $OpenBSD: rpki-client.8,v 1.58 2022/04/12 11:05:50 job Exp $ .\" .\" Copyright (c) 2019 Kristaps Dzonsons <kristaps@bsd.lv> .\" @@ -14,7 +14,7 @@ .\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF .\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. .\" -.Dd $Mdocdate: March 31 2022 $ +.Dd $Mdocdate: April 12 2022 $ .Dt RPKI-CLIENT 8 .Os .Sh NAME @@ -99,7 +99,9 @@ and .Fl -address flags and connect with rsync-protocol locations. .It Fl f Ar -Validate the +Decode the +. Em TAL +or validate the .Em Signed Object in .Ar file |