From: Job Snijders Subject: rpki-client: add thisUpdate in ManifestRef in CCR To: tech@openbsd.org Date: Mon, 15 Sep 2025 11:41:02 +0000 This adds the thisUpdate value from Manifest eContent payloads into the CCR/Erik protocol ManifestRef structure. This will be useful for debugging Erik protocol exchanges, but also allows me to generate Erik objects based on CCR data without having to open() any of the tens of thousands of underlying objects. The formal ASN.1 notation will also be updated along these lines: https://github.com/job/draft-rpki-erik-protocol/commit/f30b8a0913b0f955677e041c2a849ef505e524c5 I'll upload a -02 of the associated drafts after landing this. OK? Index: ccr.c =================================================================== RCS file: /cvs/src/usr.sbin/rpki-client/ccr.c,v diff -u -p -r1.11 ccr.c --- ccr.c 14 Sep 2025 14:09:08 -0000 1.11 +++ ccr.c 15 Sep 2025 11:34:22 -0000 @@ -94,6 +94,7 @@ ASN1_SEQUENCE(ManifestRef) = { ASN1_SIMPLE(ManifestRef, size, ASN1_INTEGER), ASN1_SIMPLE(ManifestRef, aki, ASN1_OCTET_STRING), ASN1_SIMPLE(ManifestRef, manifestNumber, ASN1_INTEGER), + ASN1_SIMPLE(ManifestRef, thisUpdate, ASN1_GENERALIZEDTIME), ASN1_SEQUENCE_OF(ManifestRef, location, ACCESS_DESCRIPTION), } ASN1_SEQUENCE_END(ManifestRef); @@ -278,6 +279,10 @@ append_cached_manifest(STACK_OF(Manifest asn1int_set_seqnum(mftref->manifestNumber, cm->seqnum); + if (ASN1_GENERALIZEDTIME_set(mftref->thisUpdate, cm->thisupdate) + == NULL) + errx(1, "ASN1_GENERALIZEDTIME_set"); + location_add_sia(mftref->location, cm->sia); if (sk_ManifestRef_push(mftrefs, mftref) <= 0) @@ -939,6 +944,10 @@ parse_mft_refs(const char *fn, struct cc ref->manifestNumber); if (ccr_mft->seqnum == NULL) goto out; + + if (!x509_get_generalized_time(fn, "ManifestRef thisUpdate", + ref->thisUpdate, &ccr_mft->thisupdate)) + goto out; if (sk_ACCESS_DESCRIPTION_num(ref->location) != 1) { warnx("%s: unexpected number of locations", fn); Index: print.c =================================================================== RCS file: /cvs/src/usr.sbin/rpki-client/print.c,v diff -u -p -r1.68 print.c --- print.c 14 Sep 2025 15:15:57 -0000 1.68 +++ print.c 15 Sep 2025 11:34:23 -0000 @@ -918,12 +918,14 @@ print_ccr_mftstate(struct ccr *ccr) json_do_uint("size", ccr_mft->size); json_do_string("aki", aki); json_do_string("seqnum", ccr_mft->seqnum); + json_do_int("thisupdate", ccr_mft->thisupdate); json_do_string("sia", ccr_mft->sia); json_do_end(); } else { - printf("%26shash:%s size:%zu aki:%s seqnum:%s sia:%s\n", - "", hash, ccr_mft->size, aki, ccr_mft->seqnum, - ccr_mft->sia); + printf("%26shash:%s size:%zu aki:%s seqnum:%s " + "thisupdate:%lld sia:%s\n", "", hash, + ccr_mft->size, aki, ccr_mft->seqnum, + ccr_mft->thisupdate, ccr_mft->sia); } free(aki); Index: rpki-asn1.h =================================================================== RCS file: /cvs/src/usr.sbin/rpki-client/rpki-asn1.h,v diff -u -p -r1.6 rpki-asn1.h --- rpki-asn1.h 14 Sep 2025 14:02:27 -0000 1.6 +++ rpki-asn1.h 15 Sep 2025 11:34:23 -0000 @@ -65,6 +65,7 @@ typedef struct { ASN1_INTEGER *size; ASN1_OCTET_STRING *aki; ASN1_INTEGER *manifestNumber; + ASN1_GENERALIZEDTIME *thisUpdate; STACK_OF(ACCESS_DESCRIPTION) *location; } ManifestRef;