Make build_crls() behave like build_chain(). If there is not auth data

just NULL the STACK_OF() pointer since libcrypto calls can handle that.
Update comments to be more accurate.
With and OK tb@

1 files changed, 12 insertions, 9 deletions

diff --git a/usr.sbin/rpki-client/parser.c b/usr.sbin/rpki-client/parser.c
index b884249253d..7ba4221251f 100644
--- a/usr.sbin/rpki-client/parser.c
+++ b/usr.sbin/rpki-client/parser.c
@@ -1,4 +1,4 @@
-/*	$OpenBSD: parser.c,v 1.6 2021/03/02 09:00:46 claudio Exp $ */
+/*	$OpenBSD: parser.c,v 1.7 2021/04/01 08:29:10 claudio Exp $ */
 /*
  * Copyright (c) 2019 Claudio Jeker <claudio@openbsd.org>
  * Copyright (c) 2019 Kristaps Dzonsons <kristaps@bsd.lv>
@@ -417,10 +417,9 @@ proc_parser_gbr(struct entity *entp, X509_STORE *store,
 }
 
 /*
- * Use the parent (id) to walk the tree to the root and
- * build a certificate chain from cert->x509. Do not include
- * the root node since this node should already be in the X509_STORE
- * as a trust anchor.
+ * Use the parent to walk the tree to the root and build a certificate
+ * chain from cert->x509. Do not include the root node since this node
+ * should already be in the X509_STORE as a trust anchor.
  */
 static void
 build_chain(const struct auth *a, STACK_OF(X509) **chain)
@@ -439,20 +438,24 @@ build_chain(const struct auth *a, STACK_OF(X509) **chain)
 	}
 }
 
-/* use the parent (id) to walk the tree to the root and
-   build a stack of CRLs */
+/*
+ * Add the CRL based on the certs SKI value.
+ * No need to insert any other CRL since those were already checked.
+ */
 static void
 build_crls(const struct auth *a, struct crl_tree *crlt,
     STACK_OF(X509_CRL) **crls)
 {
 	struct crl	find, *found;
 
-	if ((*crls = sk_X509_CRL_new_null()) == NULL)
-		errx(1, "sk_X509_CRL_new_null");
+	*crls = NULL;
 
 	if (a == NULL)
 		return;
 
+	if ((*crls = sk_X509_CRL_new_null()) == NULL)
+		errx(1, "sk_X509_CRL_new_null");
+
 	find.aki = a->cert->ski;
 	found = RB_FIND(crl_tree, crlt, &find);
 	if (found && !sk_X509_CRL_push(*crls, found->x509_crl))