From: Job Snijders <job@bsd.nl>
Subject: Re: rpki-client: disallow superfluous encoding of AS0 in providers
To: Theo Buehler <tb@theobuehler.org>
Cc: tech@openbsd.org
Date: Sat, 7 Feb 2026 19:12:47 +0000

On Sat, Feb 07, 2026 at 01:49:10PM +0100, Theo Buehler wrote:
> On Sat, Feb 07, 2026 at 12:12:53PM +0000, Job Snijders wrote:
> > Implement this check:
> > 
> > https://author-tools.ietf.org/iddiff?url1=draft-ietf-sidrops-aspa-profile-21&url2=draft-ietf-sidrops-aspa-profile-22&difftype=--html
> 
> I think making me watch a video where you type out the three lines of
> interest would be even more convenient :)

Maybe next time! :)

> Your check doesn't implement "this check".

whelp! Thanks!

> Or, probably better, after the for loop:
> 
> 	if (aspa->num_providers > 1 && aspa->providers[0] == 0) {
> 		warnx(...);
> 		return 0;
> 	}
> 
> > +				warnx("%s: ASPA: invalid mixed AS 0 Provider",
> 
> I would have no clue what this warning is trying to tell me if I didn't
> already know.

alright, take #2

Index: aspa.c
===================================================================
RCS file: /cvs/src/usr.sbin/rpki-client/aspa.c,v
diff -u -p -r1.41 aspa.c
--- aspa.c	14 Nov 2025 08:30:22 -0000	1.41
+++ aspa.c	7 Feb 2026 19:10:06 -0000
@@ -104,6 +104,11 @@ aspa_parse_providers(const char *fn, str
 		aspa->providers[aspa->num_providers++] = provider;
 	}
 
+	if (aspa->num_providers > 1 && aspa->providers[0] == 0) {
+		warnx("%s: ASPA: invalid ProviderASSet", fn);
+		return 0;
+	}
+
 	return 1;
 }