Allow multiple X.509 locations

While currently everyone only uses a single location, the spec allows for
multiple locations ordered by preference. While rpki-client does not
support more than one location this should not be a fatal error. Instead,
pick the first location and warn if there are more than one.

ok job

diff --git a/usr.sbin/rpki-client/x509.c b/usr.sbin/rpki-client/x509.c
index d3e65d8..f49d059 100644 (file)
--- a/usr.sbin/rpki-client/x509.c
+++ b/usr.sbin/rpki-client/x509.c
@@ -1,4 +1,4 @@
-/*     $OpenBSD: x509.c,v 1.48 2022/08/30 18:56:49 job Exp $ */
+/*     $OpenBSD: x509.c,v 1.49 2022/09/03 13:06:15 tb Exp $ */
 /*
  * Copyright (c) 2022 Theo Buehler <tb@openbsd.org>
  * Copyright (c) 2021 Claudio Jeker <claudio@openbsd.org>
@@ -549,12 +549,6 @@ x509_location(const char *fn, const char *descr, const char *proto,
 {
        ASN1_IA5STRING  *uri;
 
-       if (*out != NULL) {
-               warnx("%s: RFC 6487 section 4.8: %s already specified", fn,
-                   descr);
-               return 0;
-       }
-
        if (location->type != GEN_URI) {
                warnx("%s: RFC 6487 section 4.8: %s not URI", fn, descr);
                return 0;
@@ -567,6 +561,12 @@ x509_location(const char *fn, const char *descr, const char *proto,
                return 0;
        }
 
+       if (*out != NULL) {
+               warnx("%s: RFC 6487 section 4.8: multiple %s specified, "
+                   "using the first one", fn, descr);
+               return 1;
+       }
+
        if ((*out = strndup(uri->data, uri->length)) == NULL)
                err(1, NULL);