From c527cc7aacd83543103743a659bb6a9ef0ebd994 Mon Sep 17 00:00:00 2001 From: job Date: Thu, 18 Jan 2024 14:34:26 +0000 Subject: [PATCH] The CRL's purported signing time actually is called thisUpdate, not lastUpdate OK tb@ claudio@ --- usr.sbin/rpki-client/crl.c | 4 ++-- usr.sbin/rpki-client/extern.h | 4 ++-- usr.sbin/rpki-client/parser.c | 4 ++-- usr.sbin/rpki-client/print.c | 8 ++++---- 4 files changed, 10 insertions(+), 10 deletions(-) diff --git a/usr.sbin/rpki-client/crl.c b/usr.sbin/rpki-client/crl.c index c57c038db84..4b213a5107c 100644 --- a/usr.sbin/rpki-client/crl.c +++ b/usr.sbin/rpki-client/crl.c @@ -1,4 +1,4 @@ -/* $OpenBSD: crl.c,v 1.30 2023/12/10 14:18:23 job Exp $ */ +/* $OpenBSD: crl.c,v 1.31 2024/01/18 14:34:26 job Exp $ */ /* * Copyright (c) 2019 Kristaps Dzonsons * @@ -96,7 +96,7 @@ crl_parse(const char *fn, const unsigned char *der, size_t len) warnx("%s: X509_CRL_get0_lastUpdate failed", fn); goto out; } - if (!x509_get_time(at, &crl->lastupdate)) { + if (!x509_get_time(at, &crl->thisupdate)) { warnx("%s: ASN1_TIME_to_tm failed", fn); goto out; } diff --git a/usr.sbin/rpki-client/extern.h b/usr.sbin/rpki-client/extern.h index 727d5e9bb12..61527fdefb5 100644 --- a/usr.sbin/rpki-client/extern.h +++ b/usr.sbin/rpki-client/extern.h @@ -1,4 +1,4 @@ -/* $OpenBSD: extern.h,v 1.198 2024/01/07 09:48:29 tb Exp $ */ +/* $OpenBSD: extern.h,v 1.199 2024/01/18 14:34:26 job Exp $ */ /* * Copyright (c) 2019 Kristaps Dzonsons * @@ -435,7 +435,7 @@ struct crl { char *aki; char *number; X509_CRL *x509_crl; - time_t lastupdate; /* do not use before */ + time_t thisupdate; /* do not use before */ time_t nextupdate; /* do not use after */ }; /* diff --git a/usr.sbin/rpki-client/parser.c b/usr.sbin/rpki-client/parser.c index cfa9ed254ce..851b5c5f28a 100644 --- a/usr.sbin/rpki-client/parser.c +++ b/usr.sbin/rpki-client/parser.c @@ -1,4 +1,4 @@ -/* $OpenBSD: parser.c,v 1.107 2024/01/08 19:46:19 tb Exp $ */ +/* $OpenBSD: parser.c,v 1.108 2024/01/18 14:34:26 job Exp $ */ /* * Copyright (c) 2019 Claudio Jeker * Copyright (c) 2019 Kristaps Dzonsons @@ -429,7 +429,7 @@ proc_parser_mft(struct entity *entp, struct mft **mp, char **crlfile, } if (*mp != NULL) { - *crlmtime = crl->lastupdate; + *crlmtime = crl->thisupdate; if (!crl_insert(&crlt, crl)) { warnx("%s: duplicate AKI %s", file, crl->aki); crl_free(crl); diff --git a/usr.sbin/rpki-client/print.c b/usr.sbin/rpki-client/print.c index bcd688f6700..03112fe7bd2 100644 --- a/usr.sbin/rpki-client/print.c +++ b/usr.sbin/rpki-client/print.c @@ -1,4 +1,4 @@ -/* $OpenBSD: print.c,v 1.44 2023/11/16 11:18:47 tb Exp $ */ +/* $OpenBSD: print.c,v 1.45 2024/01/18 14:34:26 job Exp $ */ /* * Copyright (c) 2021 Claudio Jeker * Copyright (c) 2019 Kristaps Dzonsons @@ -352,12 +352,12 @@ crl_print(const struct crl *p) free(issuer); if (outformats & FORMAT_JSON) { - json_do_int("valid_since", p->lastupdate); + json_do_int("valid_since", p->thisupdate); json_do_int("valid_until", p->nextupdate); json_do_array("revoked_certs"); } else { - printf("CRL last update: %s\n", - time2str(p->lastupdate)); + printf("CRL this update: %s\n", + time2str(p->thisupdate)); printf("CRL next update: %s\n", time2str(p->nextupdate)); printf("Revoked Certificates:\n"); -- 2.20.1