Allow multiple X.509 locations

While currently everyone only uses a single location, the spec allows for multiple locations ordered by preference. While rpki-client does not support more than one location this should not be a fatal error. Instead, pick the first location and warn if there are more than one. ok job
2025-01-10 06:47:55 -08:00 · 2022-09-03 13:06:15 +00:00 · 2022-09-03 13:06:15 +00:00 · 4c866cd6bc
commit 4c866cd6bc
parent bc1fb2e98a
1 changed files with 7 additions and 7 deletions
--- a/usr.sbin/rpki-client/x509.c
+++ b/usr.sbin/rpki-client/x509.c
@ -1,4 +1,4 @@
-/*	$OpenBSD: x509.c,v 1.48 2022/08/30 18:56:49 job Exp $ */
+/*	$OpenBSD: x509.c,v 1.49 2022/09/03 13:06:15 tb Exp $ */
 /*
 * Copyright (c) 2022 Theo Buehler <tb@openbsd.org>
 * Copyright (c) 2021 Claudio Jeker <claudio@openbsd.org>
@ -549,12 +549,6 @@ x509_location(const char *fn, const char *descr, const char *proto,
 {
 	ASN1_IA5STRING	*uri;

-	if (*out != NULL) {
-		warnx("%s: RFC 6487 section 4.8: %s already specified", fn,
-		    descr);
-		return 0;
-	}
-
 	if (location->type != GEN_URI) {
 		warnx("%s: RFC 6487 section 4.8: %s not URI", fn, descr);
 		return 0;
@ -567,6 +561,12 @@ x509_location(const char *fn, const char *descr, const char *proto,
 		return 0;
 	}

+	if (*out != NULL) {
+		warnx("%s: RFC 6487 section 4.8: multiple %s specified, "
+		    "using the first one", fn, descr);
+		return 1;
+	}
+
 	if ((*out = strndup(uri->data, uri->length)) == NULL)
 		err(1, NULL);