trace: error:02001002:system library:fopen:No such file or directory

[robert-scheck]

The errors spewn by OpenSSL feel like a bug or a not cached error or a race condition…

# rpki-client -e rsync -v tals/*.tal
rpki-client: rpki.afrinic.net/repository: loading
rpki-client: rpki.apnic.net/repository: loading
rpki-client: repository.lacnic.net/rpki: loading
rpki-client: rpki.ripe.net/ta: loading
The RIPE NCC Certification Repository is subject to Terms and Conditions
See http://www.ripe.net/lir-services/ncc/legal/certification/repository-tc

rpki-client: /var/cache/rpki-client/rpki.ripe.net/ta: loaded
rpki-client: rpki.ripe.net/repository: loading
The RIPE NCC Certification Repository is subject to Terms and Conditions
See http://www.ripe.net/lir-services/ncc/legal/certification/repository-tc

rpki-client: /var/cache/rpki-client/rpki.afrinic.net/repository: loaded
rpki-client: /var/cache/rpki-client/rpki.apnic.net/repository: loaded
rpki-client: rpki.apnic.net/member_repository: loading
rpki-client: rpkica.twnic.tw/rpki: loading
rpki-client: rpki-repository.nic.ad.jp/ap: loading
rpki-client: rpki.cnnic.cn/rpki: loading
rpki-client: /var/cache/rpki-client/rpki-repository.nic.ad.jp/ap: loaded
rpki-client: /var/cache/rpki-client/rpkica.twnic.tw/rpki: loaded
rpki-client: period stats: 4 pending repos
rpki-client: period stats: 1390 pending entries
rpki-client: /var/cache/rpki-client/rpki.ripe.net/repository: loaded
rpki-client: ca.rg.net/rpki: loading
rpki-client: /var/cache/rpki-client/ca.rg.net/rpki: loaded
rpki-client: /var/cache/rpki-client/rpki.cnnic.cn/rpki: loaded
rpki-client: /var/cache/rpki-client/rpki.apnic.net/member_repository: loaded
rpki-client: /var/cache/rpki-client/repository.lacnic.net/rpki: loaded
rpki-client:  ...trace: error:02001002:system library:fopen:No such file or directory
rpki-client:  ...trace: error:2006D080:BIO routines:BIO_new_file:no such file
rpki-client: /var/cache/rpki-client/ca.rg.net/rpki/RGnet/WWz_C2qLO_yVk8-8glRCLHuz7Fw.mft: BIO_new_file
rpki-client: read: short read: 6 remain
rpki-client: read: short read: 2 remain
rpki-client: all files parsed: exiting
[…]
rpki-client: Route origins: 15933 (0 failed parse, 0 invalid)
rpki-client: Certificates: 11598 (0 failed parse, 0 invalid)
rpki-client: Trust anchor locators: 4
rpki-client: Manifests: 11598 (1 failed parse, 0 stale)
rpki-client: Certificate revocation lists: 23191
rpki-client: Repositories: 10
rpki-client: Routes: 82702 (82043 unique)
# 

That's rpki-client 0.2.0 with openssl-1.1.1b-5.fc29.x86_64 here.

[job]

This is not a bug in rpki-client, this is a problem in RIPE NCC's RPKI repository where it delegates to RG. Once RIPE & RG fix their publication, these traces will disappear.

I'm inclined to close this, unless I misunderstood your request.

[robert-scheck]

So the raw errors

rpki-client:  ...trace: error:02001002:system library:fopen:No such file or directory
rpki-client:  ...trace: error:2006D080:BIO routines:BIO_new_file:no such file

are intended? I would have simply expected something more admin-friendly.

[job]

Ah! Now I understand what you mean. I'll check with the developers.

[kristapsdz]

Thanks for the report---I'm looking into it!

[kristapsdz]

These warnings are fine! They're simply reporting that the MFT file was specified, but not found. It's common (apparently) for repositories to be in flux and internally inconsistent. (The "short read" is also fine: it's just a debugging message.) If a fatal error occurs, the system will exit.

You can actually see in the epilogue that an MFT file failed parsing.

Job, can you propose a change in the error-reporting language that makes this less scary to folks?

[robert-scheck]

As per 0.3.0 these scary error messages still exist, while other errors (e.g. "mft expired on Feb 18 10:00:00 2020 GMT", "certificate has expired", "RFC 3779 resource not subset of parent's resources") got pretty nice error messages.

[kristapsdz]

The last checkin makes these error messages nicer.