diff options
| -rw-r--r-- | rcynic/README | 8 | ||||
| -rw-r--r-- | rcynic/rcynic.c | 10 |
2 files changed, 13 insertions, 5 deletions
diff --git a/rcynic/README b/rcynic/README index 3367f9af..27a2e455 100644 --- a/rcynic/README +++ b/rcynic/README @@ -266,7 +266,7 @@ trust-anchor-uri-with-key that order, separated by whitespace. No default. -indirect-trust-anchor +trust-anchor-locator Specify one RPKI trust anchor, represented as a local file containing an rsync URI and the RSA public key of the X.509 object specified @@ -275,6 +275,12 @@ indirect-trust-anchor encoded DER format. Value of this option is the pathname of the file. No default. +indirect-trust-anchor + An old name for trust-anchor-locator, kept for + backwards compatability. See description of + trust-anchor-locator. The name was changed + to keep members of the IETF SIDR WG happy. + trust-anchor-uri-with-key and indirect-trust-anchor are semantically identical, the difference is just how the URI and public key are stored. diff --git a/rcynic/rcynic.c b/rcynic/rcynic.c index b78e2410..ee038b09 100644 --- a/rcynic/rcynic.c +++ b/rcynic/rcynic.c @@ -3119,7 +3119,8 @@ int main(int argc, char *argv[]) } if (!name_cmp(val->name, "trust-anchor-uri-with-key") || - !name_cmp(val->name, "indirect-trust-anchor")) { + !name_cmp(val->name, "indirect-trust-anchor") || + !name_cmp(val->name, "trust-anchor-locator")) { /* * Newfangled URI + public key method. Two different versions * of essentially the same mechanism. @@ -3128,7 +3129,8 @@ int main(int argc, char *argv[]) * other xyz_cmp() function in the entire OpenSSL library. * Go figure. */ - int unified = !name_cmp(val->name, "indirect-trust-anchor"); + int unified = (!name_cmp(val->name, "indirect-trust-anchor") || + !name_cmp(val->name, "trust-anchor-locator")); EVP_PKEY *pkey = NULL, *xpkey = NULL; char *fn; if (unified) { @@ -3173,12 +3175,12 @@ int main(int argc, char *argv[]) if ((x = read_cert(path1, NULL, 0)) == NULL) logmsg(&rc, log_data_err, "Couldn't read trust anchor %s", path1); if (x && (xpkey = X509_get_pubkey(x)) == NULL) - logmsg(&rc, log_data_err, "Rejected %s because couldn't read public key from indirect trust anchor", uri); + logmsg(&rc, log_data_err, "Rejected %s because couldn't read public key from trust anchor locator", uri); j = (xpkey && EVP_PKEY_cmp(pkey, xpkey) == 1); EVP_PKEY_free(pkey); EVP_PKEY_free(xpkey); if (!j) { - logmsg(&rc, log_data_err, "Rejected %s because known public key didn't match indirect trust anchor", uri); + logmsg(&rc, log_data_err, "Rejected %s because known public key didn't match trust anchor locator", uri); X509_free(x); continue; } |