Download raw body.
rpki-client: print zero signtime
This is a leftover from the time where we had to allow signtime to be
absent. cms_parse_validate_internal() has rejected signed objects
without signing-time since cms.c r1.43 (April 2024). The signed object
parsers all set it. If signtime happens to be 0, it is because the
signed object is weird. No reason to treat such an object specially at
this point in the code.
PS: the Manifest this/next update lines are longer than 80. I'll wrap
them in a follow-up.
Index: print.c
===================================================================
RCS file: /cvs/src/usr.sbin/rpki-client/print.c,v
diff -u -p -r1.63 print.c
--- print.c 20 Jul 2025 12:00:49 -0000 1.63
+++ print.c 20 Jul 2025 12:05:27 -0000
@@ -461,8 +461,7 @@ mft_print(const struct cert *c, const st
json_do_string("aia", c->aia);
json_do_string("sia", c->signedobj);
json_do_string("manifest_number", p->seqnum);
- if (p->signtime != 0)
- json_do_int("signing_time", p->signtime);
+ json_do_int("signing_time", p->signtime);
json_do_int("valid_since", p->thisupdate);
json_do_int("valid_until", p->nextupdate);
if (p->expires)
@@ -474,9 +473,7 @@ mft_print(const struct cert *c, const st
printf("Authority info access: %s\n", c->aia);
printf("Subject info access: %s\n", c->signedobj);
printf("Manifest number: %s\n", p->seqnum);
- if (p->signtime != 0)
- printf("Signing time: %s\n",
- time2str(p->signtime));
+ printf("Signing time: %s\n", time2str(p->signtime));
printf("Manifest this update: %s\n", time2str(p->thisupdate));
printf("Manifest next update: %s\n", time2str(p->nextupdate));
printf("Files and hashes: ");
@@ -520,8 +517,7 @@ roa_print(const struct cert *c, const st
json_do_string("aki", c->aki);
json_do_string("aia", c->aia);
json_do_string("sia", c->signedobj);
- if (p->signtime != 0)
- json_do_int("signing_time", p->signtime);
+ json_do_int("signing_time", p->signtime);
json_do_int("valid_since", c->notbefore);
json_do_int("valid_until", c->notafter);
if (p->expires)
@@ -532,9 +528,7 @@ roa_print(const struct cert *c, const st
printf("Authority key identifier: %s\n", pretty_key_id(c->aki));
printf("Authority info access: %s\n", c->aia);
printf("Subject info access: %s\n", c->signedobj);
- if (p->signtime != 0)
- printf("Signing time: %s\n",
- time2str(p->signtime));
+ printf("Signing time: %s\n", time2str(p->signtime));
printf("ROA not before: %s\n",
time2str(c->notbefore));
printf("ROA not after: %s\n", time2str(c->notafter));
@@ -576,8 +570,7 @@ spl_print(const struct cert *c, const st
json_do_string("aki", c->aki);
json_do_string("aia", c->aia);
json_do_string("sia", c->signedobj);
- if (s->signtime != 0)
- json_do_int("signing_time", s->signtime);
+ json_do_int("signing_time", s->signtime);
json_do_int("valid_since", c->notbefore);
json_do_int("valid_until", c->notafter);
if (s->expires)
@@ -589,9 +582,7 @@ spl_print(const struct cert *c, const st
printf("Authority key identifier: %s\n", pretty_key_id(c->aki));
printf("Authority info access: %s\n", c->aia);
printf("Subject info access: %s\n", c->signedobj);
- if (s->signtime != 0)
- printf("Signing time: %s\n",
- time2str(s->signtime));
+ printf("Signing time: %s\n", time2str(s->signtime));
printf("SPL not before: %s\n",
time2str(c->notbefore));
printf("SPL not after: %s\n", time2str(c->notafter));
@@ -627,8 +618,7 @@ gbr_print(const struct cert *c, const st
json_do_string("aki", c->aki);
json_do_string("aia", c->aia);
json_do_string("sia", c->signedobj);
- if (p->signtime != 0)
- json_do_int("signing_time", p->signtime);
+ json_do_int("signing_time", p->signtime);
json_do_int("valid_since", c->notbefore);
json_do_int("valid_until", c->notafter);
if (p->expires)
@@ -640,9 +630,7 @@ gbr_print(const struct cert *c, const st
printf("Authority key identifier: %s\n", pretty_key_id(c->aki));
printf("Authority info access: %s\n", c->aia);
printf("Subject info access: %s\n", c->signedobj);
- if (p->signtime != 0)
- printf("Signing time: %s\n",
- time2str(p->signtime));
+ printf("Signing time: %s\n", time2str(p->signtime));
printf("GBR not before: %s\n",
time2str(c->notbefore));
printf("GBR not after: %s\n", time2str(c->notafter));
@@ -662,8 +650,7 @@ rsc_print(const struct cert *c, const st
x509_print(c->x509);
json_do_string("aki", c->aki);
json_do_string("aia", c->aia);
- if (p->signtime != 0)
- json_do_int("signing_time", p->signtime);
+ json_do_int("signing_time", p->signtime);
json_do_int("valid_since", c->notbefore);
json_do_int("valid_until", c->notafter);
if (p->expires)
@@ -674,9 +661,7 @@ rsc_print(const struct cert *c, const st
printf("Authority key identifier: %s\n", pretty_key_id(c->aki));
x509_print(c->x509);
printf("Authority info access: %s\n", c->aia);
- if (p->signtime != 0)
- printf("Signing time: %s\n",
- time2str(p->signtime));
+ printf("Signing time: %s\n", time2str(p->signtime));
printf("RSC not before: %s\n",
time2str(c->notbefore));
printf("RSC not after: %s\n", time2str(c->notafter));
@@ -731,8 +716,7 @@ aspa_print(const struct cert *c, const s
json_do_string("aki", c->aki);
json_do_string("aia", c->aia);
json_do_string("sia", c->signedobj);
- if (p->signtime != 0)
- json_do_int("signing_time", p->signtime);
+ json_do_int("signing_time", p->signtime);
json_do_int("valid_since", c->notbefore);
json_do_int("valid_until", c->notafter);
if (p->expires)
@@ -745,9 +729,7 @@ aspa_print(const struct cert *c, const s
printf("Authority key identifier: %s\n", pretty_key_id(c->aki));
printf("Authority info access: %s\n", c->aia);
printf("Subject info access: %s\n", c->signedobj);
- if (p->signtime != 0)
- printf("Signing time: %s\n",
- time2str(p->signtime));
+ printf("Signing time: %s\n", time2str(p->signtime));
printf("ASPA not before: %s\n",
time2str(c->notbefore));
printf("ASPA not after: %s\n", time2str(c->notafter));
@@ -820,8 +802,7 @@ tak_print(const struct cert *c, const st
json_do_string("aki", c->aki);
json_do_string("aia", c->aia);
json_do_string("sia", c->signedobj);
- if (p->signtime != 0)
- json_do_int("signing_time", p->signtime);
+ json_do_int("signing_time", p->signtime);
json_do_int("valid_since", c->notbefore);
json_do_int("valid_until", c->notafter);
if (p->expires)
@@ -833,9 +814,7 @@ tak_print(const struct cert *c, const st
printf("Authority key identifier: %s\n", pretty_key_id(c->aki));
printf("Authority info access: %s\n", c->aia);
printf("Subject info access: %s\n", c->signedobj);
- if (p->signtime != 0)
- printf("Signing time: %s\n",
- time2str(p->signtime));
+ printf("Signing time: %s\n", time2str(p->signtime));
printf("TAK not before: %s\n",
time2str(c->notbefore));
printf("TAK not after: %s\n", time2str(c->notafter));
@@ -863,8 +842,7 @@ geofeed_print(const struct cert *c, cons
x509_print(c->x509);
json_do_string("aki", c->aki);
json_do_string("aia", c->aia);
- if (p->signtime != 0)
- json_do_int("signing_time", p->signtime);
+ json_do_int("signing_time", p->signtime);
json_do_int("valid_since", c->notbefore);
json_do_int("valid_until", c->notafter);
if (p->expires)
@@ -875,9 +853,7 @@ geofeed_print(const struct cert *c, cons
x509_print(c->x509);
printf("Authority key identifier: %s\n", pretty_key_id(c->aki));
printf("Authority info access: %s\n", c->aia);
- if (p->signtime != 0)
- printf("Signing time: %s\n",
- time2str(p->signtime));
+ printf("Signing time: %s\n", time2str(p->signtime));
printf("Geofeed not before: %s\n",
time2str(c->notbefore));
printf("Geofeed not after: %s\n", time2str(c->notafter));
rpki-client: print zero signtime