From: Claudio Jeker Subject: Re: rpki-client: normalize nid printing To: Theo Buehler Cc: tech@openbsd.org Date: Thu, 1 Feb 2024 14:07:04 +0100 On Thu, Feb 01, 2024 at 01:04:35PM +0100, Theo Buehler wrote: > job ran into an issue yesterday, where the organizationName attribute's > short name was "O", easy to misread as a zero. Another issue with using > OBJ_nid2{ln,sn}() is that they can return NULL, which should not be > printed directly. > > The OID database is very inconsistent. Some OIDs have only an SN, others > only an LN, long and short don't really mean anything in particular, but > generally speaking the long name tends to be more human readable than > the short name. > > So add a helper that prefers the long name over the short name and > always prints the nid. The buffer is long because long names can be long: > we have: "GOST R 34.11-2012 with GOST R 34.10-2012 (512 bit)" > OpenSSL 3: "X509v3 Attribute Authority Issuing Distribution Point". Why are those APIs so unusable? Diff is OK claudio@ One minor comment: > char * > +nid2str(int nid) > +{ > + static char buf[128]; > + const char *name; > + > + if ((name = OBJ_nid2ln(nid)) == NULL) > + name = OBJ_nid2sn(nid); > + if (name == NULL) > + name = "unknown"; > + > + snprintf(buf, sizeof(buf), "%s (nid: %d)", name, nid); Would it make sense to reverse this string as in "nid %d (%s)", nid, name? In case OpenSSL adds an even longer long name it would trunkate the string but still show the NID number. > + > + return buf; > +} -- :wq Claudio