From d61b9ff10a459d5f50454a30c8359ecb3519ad5b Mon Sep 17 00:00:00 2001 From: job Date: Thu, 25 Aug 2022 17:31:26 +0000 Subject: [PATCH] In verbose filemode print details about encapsulated certificates. Add command line flag to print the certificate in PEM format. OK tb@ --- usr.sbin/rpki-client/filemode.c | 25 +++++++++++++++++++++++-- usr.sbin/rpki-client/main.c | 11 ++++++++--- usr.sbin/rpki-client/rpki-client.8 | 7 +++++-- 3 files changed, 36 insertions(+), 7 deletions(-) diff --git a/usr.sbin/rpki-client/filemode.c b/usr.sbin/rpki-client/filemode.c index 32121eec637..86a82038637 100644 --- a/usr.sbin/rpki-client/filemode.c +++ b/usr.sbin/rpki-client/filemode.c @@ -1,4 +1,4 @@ -/* $OpenBSD: filemode.c,v 1.10 2022/08/25 17:11:34 job Exp $ */ +/* $OpenBSD: filemode.c,v 1.11 2022/08/25 17:31:26 job Exp $ */ /* * Copyright (c) 2019 Claudio Jeker * Copyright (c) 2019 Kristaps Dzonsons @@ -34,11 +34,15 @@ #include #include #include +#include #include #include #include "extern.h" +extern int printpem; +extern int verbose; + static X509_STORE_CTX *ctx; static struct auth_tree auths = RB_INITIALIZER(&auths); static struct crl_tree crlt = RB_INITIALIZER(&crlt); @@ -419,9 +423,26 @@ proc_parser_file(char *file, unsigned char *buf, size_t len) if (outformats & FORMAT_JSON) printf("\"\n}\n"); - else + else { printf("\n"); + if (x509 == NULL) + goto out; + if (type == RTYPE_TAL || type == RTYPE_CRL) + goto out; + + if (verbose) { + if (!X509_print_fp(stdout, x509)) + errx(1, "X509_print_fp"); + } + + if (printpem) { + if (!PEM_write_X509(stdout, x509)) + errx(1, "PEM_write_X509"); + } + } + + out: X509_free(x509); cert_free(cert); crl_free(crl); diff --git a/usr.sbin/rpki-client/main.c b/usr.sbin/rpki-client/main.c index 91a15c820f7..a96345007e2 100644 --- a/usr.sbin/rpki-client/main.c +++ b/usr.sbin/rpki-client/main.c @@ -1,4 +1,4 @@ -/* $OpenBSD: main.c,v 1.209 2022/08/04 13:44:07 claudio Exp $ */ +/* $OpenBSD: main.c,v 1.210 2022/08/25 17:31:26 job Exp $ */ /* * Copyright (c) 2021 Claudio Jeker * Copyright (c) 2019 Kristaps Dzonsons @@ -64,6 +64,7 @@ const char *bird_tablename = "ROAS"; int verbose; int noop; int filemode; +int printpem; int rrdpon = 1; int repo_timeout; @@ -819,7 +820,7 @@ main(int argc, char *argv[]) "proc exec unveil", NULL) == -1) err(1, "pledge"); - while ((c = getopt(argc, argv, "b:Bcd:e:fjnorRs:S:t:T:vV")) != -1) + while ((c = getopt(argc, argv, "b:Bcd:e:fjnoprRs:S:t:T:vV")) != -1) switch (c) { case 'b': bind_addr = optarg; @@ -849,6 +850,9 @@ main(int argc, char *argv[]) case 'o': outformats |= FORMAT_OPENBGPD; break; + case 'p': + printpem = 1; + break; case 'R': rrdpon = 0; break; @@ -1278,6 +1282,7 @@ usage: " [-e rsync_prog]\n" " [-S skiplist] [-s timeout] [-T table] [-t tal]" " [outputdir]\n" - " rpki-client [-Vv] [-d cachedir] [-t tal] -f file ...\n"); + " rpki-client [-Vv] [-d cachedir] [-j | -p] [-t tal] -f file" + " ...\n"); return 1; } diff --git a/usr.sbin/rpki-client/rpki-client.8 b/usr.sbin/rpki-client/rpki-client.8 index 5c30428fb4a..a363d4cdede 100644 --- a/usr.sbin/rpki-client/rpki-client.8 +++ b/usr.sbin/rpki-client/rpki-client.8 @@ -1,4 +1,4 @@ -.\" $OpenBSD: rpki-client.8,v 1.68 2022/06/30 10:27:52 job Exp $ +.\" $OpenBSD: rpki-client.8,v 1.69 2022/08/25 17:31:26 job Exp $ .\" .\" Copyright (c) 2019 Kristaps Dzonsons .\" @@ -14,7 +14,7 @@ .\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF .\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. .\" -.Dd $Mdocdate: June 30 2022 $ +.Dd $Mdocdate: August 25 2022 $ .Dt RPKI-CLIENT 8 .Os .Sh NAME @@ -34,6 +34,7 @@ .Nm .Op Fl Vv .Op Fl d Ar cachedir +.Op Fl j | p .Op Fl t Ar tal .Fl f .Ar @@ -144,6 +145,8 @@ If the and .Fl j options are not specified this is the default. +.It Fl p +Print the encapsulated X.509 certificate in PEM format. .It Fl R Synchronize via RSYNC only. .It Fl r -- 2.20.1