diff options
| author | Rob Austein <sra@hactrn.net> | 2014-11-16 06:23:45 +0000 |
|---|---|---|
| committer | Rob Austein <sra@hactrn.net> | 2014-11-16 06:23:45 +0000 |
| commit | 234971a981c893854254f8319fdacb4c84924f16 (patch) | |
| tree | 1dee491a2b3eac6ab40a9681188795ad511d656e | |
| parent | e816cdfd4cd069134c9a5c599a662131a8663149 (diff) | |
Now working against Tim's RRDP repository (really, was working a few
days ago, but forgot to check in changes at the time).
svn path=/branches/tk705/; revision=6024
| -rwxr-xr-x | potpourri/rrdp-fetch-from-tal | 13 | ||||
| -rw-r--r-- | rp/rcynic/rcynic.c | 4 |
2 files changed, 13 insertions, 4 deletions
diff --git a/potpourri/rrdp-fetch-from-tal b/potpourri/rrdp-fetch-from-tal index db4c0270..0a97955e 100755 --- a/potpourri/rrdp-fetch-from-tal +++ b/potpourri/rrdp-fetch-from-tal @@ -58,6 +58,7 @@ class main(object): if url is None: sys.exit("Couldn't get RRDP URI from trust anchor") self.rrdp_fetch(url) + self.write_ta() def rrdp_fetch(self, url): if url in self.urls: @@ -135,7 +136,7 @@ class main(object): def del_obj(self, uri, hash): fn = self.uri_to_filename(uri) with open(fn, "rb") as f: - if hash != rpki.x509.sha256(f.read()).encode("hex"): + if hash.lower() != rpki.x509.sha256(f.read()).encode("hex"): raise RuntimeError("Hash mismatch for URI %s" % uri) os.unlink(fn) dn = os.path.dirname(fn) @@ -149,7 +150,7 @@ class main(object): def xml_fetch(self, elt): url = elt.get("uri") - hash = elt.get("hash") + hash = elt.get("hash").lower() print "Fetching", url text = urllib2.urlopen(url).read() h = rpki.x509.sha256(text).encode("hex") @@ -190,5 +191,13 @@ class main(object): self.add_obj(elt.get("uri"), elt.text.decode("base64")) self.set_serial(new_serial) + def write_ta(self): + der = self.ta.get_DER() + fn = rpki.x509.sha256(der).encode("hex") + ".cer" + if not os.path.exists(fn): + print "Writing", fn + with open(fn, "wb") as f: + f.write(der) + if __name__ == "__main__": main() diff --git a/rp/rcynic/rcynic.c b/rp/rcynic/rcynic.c index c5b82266..a6f80890 100644 --- a/rp/rcynic/rcynic.c +++ b/rp/rcynic/rcynic.c @@ -3188,7 +3188,7 @@ static int extract_access_uri(rcynic_ctx_t *rc, if (OBJ_obj2nid(a->method) != nid) continue; ++*count; - if (!relevant((char *) a->location->d.uniformResourceIdentifier->data)) + if (relevant && !relevant((char *) a->location->d.uniformResourceIdentifier->data)) continue; if (sizeof(result->s) <= a->location->d.uniformResourceIdentifier->length) log_validation_status(rc, uri, uri_too_long, generation); @@ -3705,7 +3705,7 @@ static int check_x509(rcynic_ctx_t *rc, int n_caIssuers = 0; ex_count--; if (!extract_access_uri(rc, uri, generation, aia, NID_ad_ca_issuers, - &certinfo->aia, &n_caIssuers, is_rsync) || + &certinfo->aia, &n_caIssuers, NULL) || !certinfo->aia.s[0] || sk_ACCESS_DESCRIPTION_num(aia) != n_caIssuers) { log_validation_status(rc, uri, malformed_aia_extension, generation); |