Download raw body.
rpki-client: rename cert_parse() to cert_parse_filemode()
Now that we have more specialized cert parser functions, cert_parse()
should no longer be used in normal mode. Rename it to indicate its
purpose more clearly.
I'm a bit undecided if we should to keep the der == NULL shortcut or if
we should rather fix up test-cert.c. I kept it to avoid a trap since it
matches the behavior of the other cert_parse_foo() (cert_parse_ee_cert()
is special anyway).
Index: usr.sbin/rpki-client/cert.c
===================================================================
RCS file: /cvs/src/usr.sbin/rpki-client/cert.c,v
diff -u -p -r1.223 cert.c
--- usr.sbin/rpki-client/cert.c 29 Jan 2026 09:52:41 -0000 1.223
+++ usr.sbin/rpki-client/cert.c 3 Feb 2026 12:05:08 -0000
@@ -1951,16 +1951,16 @@ cert_parse_ca_or_brk(const char *fn, con
}
/*
- * Parse and partially validate an RPKI X509 certificate (either a trust
- * anchor or a certificate) as defined in RFC 6487.
+ * Parse and partially validate an RPKI X.509 certificate as defined in RFC 6487
+ * from its DER encoding. This is intended to be used only from filemode.
* Returns the parse results or NULL on failure.
*/
struct cert *
-cert_parse(const char *fn, const unsigned char *der, size_t len)
+cert_parse_filemode(const char *fn, const unsigned char *der, size_t len)
{
struct cert *cert = NULL;
- /* just fail for empty buffers, the warning was printed elsewhere */
+ /* Handle possible load_file() failure in regress. */
if (der == NULL)
return NULL;
Index: usr.sbin/rpki-client/extern.h
===================================================================
RCS file: /cvs/src/usr.sbin/rpki-client/extern.h,v
diff -u -p -r1.276 extern.h
--- usr.sbin/rpki-client/extern.h 28 Jan 2026 08:28:34 -0000 1.276
+++ usr.sbin/rpki-client/extern.h 3 Feb 2026 11:57:55 -0000
@@ -719,7 +719,8 @@ struct cert *cert_parse_ca_or_brk(const
struct cert *cert_parse_ee_cert(const char *, int, X509 *);
struct cert *cert_parse_ta(const char *, const unsigned char *, size_t,
const unsigned char *, size_t);
-struct cert *cert_parse(const char *, const unsigned char *, size_t);
+struct cert *cert_parse_filemode(const char *, const unsigned char *,
+ size_t);
struct cert *ta_validate(const char *, struct cert *, const unsigned char *,
size_t);
struct cert *cert_read(struct ibuf *);
Index: usr.sbin/rpki-client/filemode.c
===================================================================
RCS file: /cvs/src/usr.sbin/rpki-client/filemode.c,v
diff -u -p -r1.80 filemode.c
--- usr.sbin/rpki-client/filemode.c 28 Jan 2026 08:28:34 -0000 1.80
+++ usr.sbin/rpki-client/filemode.c 3 Feb 2026 11:57:55 -0000
@@ -152,7 +152,7 @@ parse_load_cert(char *uri)
goto done;
}
- cert = cert_parse(uri, f, flen);
+ cert = cert_parse_filemode(uri, f, flen);
free(f);
if (cert == NULL)
@@ -511,7 +511,7 @@ proc_parser_file(char *file, unsigned ch
ccr_print(ccr);
break;
case RTYPE_CER:
- cert = cert_parse(file, buf, len);
+ cert = cert_parse_filemode(file, buf, len);
if (cert == NULL)
break;
is_ta = (cert->purpose == CERT_PURPOSE_TA);
Index: regress/usr.sbin/rpki-client/test-cert.c
===================================================================
RCS file: /cvs/src/regress/usr.sbin/rpki-client/test-cert.c,v
diff -u -p -r1.29 test-cert.c
--- regress/usr.sbin/rpki-client/test-cert.c 28 Jan 2026 08:29:19 -0000 1.29
+++ regress/usr.sbin/rpki-client/test-cert.c 3 Feb 2026 12:06:49 -0000
@@ -81,7 +81,7 @@ main(int argc, char *argv[])
break;
buf = load_file(cert_path, &len);
- p = cert_parse(cert_path, buf, len);
+ p = cert_parse_filemode(cert_path, buf, len);
free(buf);
if (p == NULL)
break;
@@ -100,7 +100,7 @@ main(int argc, char *argv[])
size_t len;
buf = load_file(argv[i], &len);
- p = cert_parse(argv[i], buf, len);
+ p = cert_parse_filemode(argv[i], buf, len);
free(buf);
if (p == NULL)
break;
rpki-client: rename cert_parse() to cert_parse_filemode()