From: Claudio Jeker Subject: Re: rpki-client: rename cert_parse() to cert_parse_filemode() To: Theo Buehler Cc: tech@openbsd.org Date: Tue, 3 Feb 2026 13:43:27 +0100 On Tue, Feb 03, 2026 at 01:28:44PM +0100, Theo Buehler wrote: > Now that we have more specialized cert parser functions, cert_parse() > should no longer be used in normal mode. Rename it to indicate its > purpose more clearly. > > I'm a bit undecided if we should to keep the der == NULL shortcut or if > we should rather fix up test-cert.c. I kept it to avoid a trap since it > matches the behavior of the other cert_parse_foo() (cert_parse_ee_cert() > is special anyway). OK claudio@ If you want to remove the der == NULL check we can move that into the test-cert.c code quite easily. I'm happy either way. Having less NULL magic in functions is normally good (apart from all the free functions). > Index: usr.sbin/rpki-client/cert.c > =================================================================== > RCS file: /cvs/src/usr.sbin/rpki-client/cert.c,v > diff -u -p -r1.223 cert.c > --- usr.sbin/rpki-client/cert.c 29 Jan 2026 09:52:41 -0000 1.223 > +++ usr.sbin/rpki-client/cert.c 3 Feb 2026 12:05:08 -0000 > @@ -1951,16 +1951,16 @@ cert_parse_ca_or_brk(const char *fn, con > } > > /* > - * Parse and partially validate an RPKI X509 certificate (either a trust > - * anchor or a certificate) as defined in RFC 6487. > + * Parse and partially validate an RPKI X.509 certificate as defined in RFC 6487 > + * from its DER encoding. This is intended to be used only from filemode. > * Returns the parse results or NULL on failure. > */ > struct cert * > -cert_parse(const char *fn, const unsigned char *der, size_t len) > +cert_parse_filemode(const char *fn, const unsigned char *der, size_t len) > { > struct cert *cert = NULL; > > - /* just fail for empty buffers, the warning was printed elsewhere */ > + /* Handle possible load_file() failure in regress. */ > if (der == NULL) > return NULL; > > Index: usr.sbin/rpki-client/extern.h > =================================================================== > RCS file: /cvs/src/usr.sbin/rpki-client/extern.h,v > diff -u -p -r1.276 extern.h > --- usr.sbin/rpki-client/extern.h 28 Jan 2026 08:28:34 -0000 1.276 > +++ usr.sbin/rpki-client/extern.h 3 Feb 2026 11:57:55 -0000 > @@ -719,7 +719,8 @@ struct cert *cert_parse_ca_or_brk(const > struct cert *cert_parse_ee_cert(const char *, int, X509 *); > struct cert *cert_parse_ta(const char *, const unsigned char *, size_t, > const unsigned char *, size_t); > -struct cert *cert_parse(const char *, const unsigned char *, size_t); > +struct cert *cert_parse_filemode(const char *, const unsigned char *, > + size_t); > struct cert *ta_validate(const char *, struct cert *, const unsigned char *, > size_t); > struct cert *cert_read(struct ibuf *); > Index: usr.sbin/rpki-client/filemode.c > =================================================================== > RCS file: /cvs/src/usr.sbin/rpki-client/filemode.c,v > diff -u -p -r1.80 filemode.c > --- usr.sbin/rpki-client/filemode.c 28 Jan 2026 08:28:34 -0000 1.80 > +++ usr.sbin/rpki-client/filemode.c 3 Feb 2026 11:57:55 -0000 > @@ -152,7 +152,7 @@ parse_load_cert(char *uri) > goto done; > } > > - cert = cert_parse(uri, f, flen); > + cert = cert_parse_filemode(uri, f, flen); > free(f); > > if (cert == NULL) > @@ -511,7 +511,7 @@ proc_parser_file(char *file, unsigned ch > ccr_print(ccr); > break; > case RTYPE_CER: > - cert = cert_parse(file, buf, len); > + cert = cert_parse_filemode(file, buf, len); > if (cert == NULL) > break; > is_ta = (cert->purpose == CERT_PURPOSE_TA); > Index: regress/usr.sbin/rpki-client/test-cert.c > =================================================================== > RCS file: /cvs/src/regress/usr.sbin/rpki-client/test-cert.c,v > diff -u -p -r1.29 test-cert.c > --- regress/usr.sbin/rpki-client/test-cert.c 28 Jan 2026 08:29:19 -0000 1.29 > +++ regress/usr.sbin/rpki-client/test-cert.c 3 Feb 2026 12:06:49 -0000 > @@ -81,7 +81,7 @@ main(int argc, char *argv[]) > break; > > buf = load_file(cert_path, &len); > - p = cert_parse(cert_path, buf, len); > + p = cert_parse_filemode(cert_path, buf, len); > free(buf); > if (p == NULL) > break; > @@ -100,7 +100,7 @@ main(int argc, char *argv[]) > size_t len; > > buf = load_file(argv[i], &len); > - p = cert_parse(argv[i], buf, len); > + p = cert_parse_filemode(argv[i], buf, len); > free(buf); > if (p == NULL) > break; > -- :wq Claudio