On Wed, Jun 05, 2024 at 11:55:02AM +0200, Theo Buehler wrote:
> krill is very dormant these days and even if they fix that soon, it will
> take years until the ecosystem has moved on to deploying the fixed
> version. The noise from this warning is distracting, so I suggest to
> increase the verbosity level required or to remove it entirely (but
> then we might forget).
> 
> Index: crl.c
> ===================================================================
> RCS file: /cvs/src/usr.sbin/rpki-client/crl.c,v
> diff -u -p -r1.36 crl.c
> --- crl.c	31 May 2024 02:45:15 -0000	1.36
> +++ crl.c	5 Jun 2024 09:47:43 -0000
> @@ -132,7 +132,7 @@ crl_check_revoked(const char *fn, X509_C
>  		 * to a bug in rpki-rs/Krill. So silently accept this for now.
>  		 * https://github.com/NLnetLabs/krill/issues/1197
>  		 */
> -		if (verbose > 0)
> +		if (verbose > 1)
>  			warnx("%s: RFC 5280, section 5.1.2.6: revoked "
>  			    "certificate list without entries disallowed", fn);
>  		return 1;
> 

Fine with me. OK claudio@

-- 
:wq Claudio