As discussed in the previous thread, we can simplify the verify callback
by getting rid of the extremely noisy warnx at the end. Fail directly on
encountering an unknown critical extension and succeed otherwise.
Index: parser.c
===================================================================
RCS file: /cvs/src/usr.sbin/rpki-client/parser.c,v
retrieving revision 1.30
diff -u -p -r1.30 parser.c
--- parser.c 4 Jan 2022 13:39:01 -0000 1.30
+++ parser.c 4 Jan 2022 13:44:35 -0000
@@ -55,9 +55,6 @@ verify_cb(int ok, X509_STORE_CTX *store_
ASN1_OBJECT *obj;
char *file;
int depth, error, i, nid;
- int saw_ipAddrBlock = 0;
- int saw_autonomousSysNum = 0;
- int saw_unknown = 0;
error = X509_STORE_CTX_get_error(store_ctx);
depth = X509_STORE_CTX_get_error_depth(store_ctx);
@@ -94,25 +91,16 @@ verify_cb(int ok, X509_STORE_CTX *store_
nid = OBJ_obj2nid(obj);
switch (nid) {
case NID_sbgp_ipAddrBlock:
- saw_ipAddrBlock = 1;
- break;
case NID_sbgp_autonomousSysNum:
- saw_autonomousSysNum = 1;
- break;
+ continue;
default:
warnx("%s: depth %d: unknown extension: nid %d",
file, depth, nid);
- saw_unknown = 1;
- break;
+ return 0;
}
}
- if (verbose > 1)
- warnx("%s: depth %d, ipAddrBlock %d, autonomousSysNum %d",
- file, depth, saw_ipAddrBlock, saw_autonomousSysNum);
-
- /* Fail if we saw an unknown extension. */
- return !saw_unknown;
+ return 1;
}
/*
