The CRL's purported signing time actually is called thisUpdate, not lastUpdate

OK tb@ claudio@

diff --git a/usr.sbin/rpki-client/crl.c b/usr.sbin/rpki-client/crl.c
index c57c038..4b213a5 100644 (file)
--- a/usr.sbin/rpki-client/crl.c
+++ b/usr.sbin/rpki-client/crl.c
@@ -1,4 +1,4 @@
-/*     $OpenBSD: crl.c,v 1.30 2023/12/10 14:18:23 job Exp $ */
+/*     $OpenBSD: crl.c,v 1.31 2024/01/18 14:34:26 job Exp $ */
 /*
  * Copyright (c) 2019 Kristaps Dzonsons <kristaps@bsd.lv>
  *
@@ -96,7 +96,7 @@ crl_parse(const char *fn, const unsigned char *der, size_t len)
                warnx("%s: X509_CRL_get0_lastUpdate failed", fn);
                goto out;
        }
-       if (!x509_get_time(at, &crl->lastupdate)) {
+       if (!x509_get_time(at, &crl->thisupdate)) {
                warnx("%s: ASN1_TIME_to_tm failed", fn);
                goto out;
        }

diff --git a/usr.sbin/rpki-client/extern.h b/usr.sbin/rpki-client/extern.h
index 727d5e9..61527fd 100644 (file)
--- a/usr.sbin/rpki-client/extern.h
+++ b/usr.sbin/rpki-client/extern.h
@@ -1,4 +1,4 @@
-/*     $OpenBSD: extern.h,v 1.198 2024/01/07 09:48:29 tb Exp $ */
+/*     $OpenBSD: extern.h,v 1.199 2024/01/18 14:34:26 job Exp $ */
 /*
  * Copyright (c) 2019 Kristaps Dzonsons <kristaps@bsd.lv>
  *
@@ -435,7 +435,7 @@ struct crl {
        char            *aki;
        char            *number;
        X509_CRL        *x509_crl;
-       time_t           lastupdate;    /* do not use before */
+       time_t           thisupdate;    /* do not use before */
        time_t           nextupdate;    /* do not use after */
 };
 /*

diff --git a/usr.sbin/rpki-client/parser.c b/usr.sbin/rpki-client/parser.c
index cfa9ed2..851b5c5 100644 (file)
--- a/usr.sbin/rpki-client/parser.c
+++ b/usr.sbin/rpki-client/parser.c
@@ -1,4 +1,4 @@
-/*     $OpenBSD: parser.c,v 1.107 2024/01/08 19:46:19 tb Exp $ */
+/*     $OpenBSD: parser.c,v 1.108 2024/01/18 14:34:26 job Exp $ */
 /*
  * Copyright (c) 2019 Claudio Jeker <claudio@openbsd.org>
  * Copyright (c) 2019 Kristaps Dzonsons <kristaps@bsd.lv>
@@ -429,7 +429,7 @@ proc_parser_mft(struct entity *entp, struct mft **mp, char **crlfile,
        }
 
        if (*mp != NULL) {
-               *crlmtime = crl->lastupdate;
+               *crlmtime = crl->thisupdate;
                if (!crl_insert(&crlt, crl)) {
                        warnx("%s: duplicate AKI %s", file, crl->aki);
                        crl_free(crl);

diff --git a/usr.sbin/rpki-client/print.c b/usr.sbin/rpki-client/print.c
index bcd688f..03112fe 100644 (file)
--- a/usr.sbin/rpki-client/print.c
+++ b/usr.sbin/rpki-client/print.c
@@ -1,4 +1,4 @@
-/*     $OpenBSD: print.c,v 1.44 2023/11/16 11:18:47 tb Exp $ */
+/*     $OpenBSD: print.c,v 1.45 2024/01/18 14:34:26 job Exp $ */
 /*
  * Copyright (c) 2021 Claudio Jeker <claudio@openbsd.org>
  * Copyright (c) 2019 Kristaps Dzonsons <kristaps@bsd.lv>
@@ -352,12 +352,12 @@ crl_print(const struct crl *p)
        free(issuer);
 
        if (outformats & FORMAT_JSON) {
-               json_do_int("valid_since", p->lastupdate);
+               json_do_int("valid_since", p->thisupdate);
                json_do_int("valid_until", p->nextupdate);
                json_do_array("revoked_certs");
        } else {
-               printf("CRL last update:          %s\n",
-                   time2str(p->lastupdate));
+               printf("CRL this update:          %s\n",
+                   time2str(p->thisupdate));
                printf("CRL next update:          %s\n",
                    time2str(p->nextupdate));
                printf("Revoked Certificates:\n");