diff options
| author | Job Snijders <job@cvs.openbsd.org> | 2024-02-02 12:35:16 +0000 |
|---|---|---|
| committer | Job Snijders <job@cvs.openbsd.org> | 2024-02-02 12:35:16 +0000 |
| commit | 3ef663365241850645b088083b3dcbe138bf5e0c (patch) | |
| tree | 42cbbeb06c81c25114269725e219f04ec2c39e64 /usr.sbin | |
| parent | f649e6a488e87a552070f3336140b71faed320f7 (diff) | |
refactoring: move time validity window checks out of proc_parser_mft_post()
OK tb@
Diffstat (limited to 'usr.sbin')
| -rw-r--r-- | usr.sbin/rpki-client/parser.c | 33 |
1 files changed, 17 insertions, 16 deletions
diff --git a/usr.sbin/rpki-client/parser.c b/usr.sbin/rpki-client/parser.c index 6820122a18d..11db25de65a 100644 --- a/usr.sbin/rpki-client/parser.c +++ b/usr.sbin/rpki-client/parser.c @@ -1,4 +1,4 @@ -/* $OpenBSD: parser.c,v 1.115 2024/02/02 12:23:16 job Exp $ */ +/* $OpenBSD: parser.c,v 1.116 2024/02/02 12:35:15 job Exp $ */ /* * Copyright (c) 2019 Claudio Jeker <claudio@openbsd.org> * Copyright (c) 2019 Kristaps Dzonsons <kristaps@bsd.lv> @@ -266,6 +266,7 @@ proc_parser_mft_pre(struct entity *entp, enum location loc, char **file, struct auth *a; unsigned char *der; size_t len; + time_t now; int issued_cmp, seqnum_cmp; *crl = NULL; @@ -307,6 +308,21 @@ proc_parser_mft_pre(struct entity *entp, enum location loc, char **file, mft->repoid = entp->repoid; mft->talid = a->cert->talid; + now = get_current_time(); + /* check that now is not before from */ + if (now < mft->thisupdate) { + warnx("%s: manifest not yet valid %s", *file, + time2str(mft->thisupdate)); + mft->stale = 1; + } + /* check that now is not after until */ + if (now > mft->nextupdate) { + warnx("%s: manifest expired on %s", *file, + time2str(mft->nextupdate)); + mft->stale = 1; + } + + /* if there is nothing to compare to, return now */ if (cached_mft == NULL) return mft; @@ -366,9 +382,6 @@ static struct mft * proc_parser_mft_post(char *file, struct mft *mft, const char *path, const char *errstr, int *warned) { - /* check that now is not before from */ - time_t now = get_current_time(); - if (mft == NULL) { if (errstr == NULL) errstr = "no valid mft available"; @@ -378,18 +391,6 @@ proc_parser_mft_post(char *file, struct mft *mft, const char *path, return NULL; } - /* check that now is not before from */ - if (now < mft->thisupdate) { - warnx("%s: mft not yet valid %s", file, - time2str(mft->thisupdate)); - mft->stale = 1; - } - /* check that now is not after until */ - if (now > mft->nextupdate) { - warnx("%s: mft expired on %s", file, - time2str(mft->nextupdate)); - mft->stale = 1; - } if (path != NULL) if ((mft->path = strdup(path)) == NULL) |