Terminate erroneous connections even if they would have been

persistent, on the theory that non-persistent connections have fewer
failure modes and we don't care all that much about efficiency when
something bad is happening.  Reexamine this decision later, as it
smells like a potential DoS vector.

svn path=/myrpki/myirbe.py; revision=2574

3 files changed, 22 insertions, 9 deletions

diff --git a/myrpki/myirbe.py b/myrpki/myirbe.py
index 6198a5a6..a2837741 100644
--- a/myrpki/myirbe.py
+++ b/myrpki/myirbe.py
@@ -43,7 +43,7 @@ class caller(object):
   def __call__(self, cb, eb, pdus):
 
     def done(cms):
-      msg, xml = rpki.left_right.cms_msg.unwrap(cms, (self.server_ta, self.server_cert), pretty_print = True)
+      msg, xml = self.proto.cms_msg.unwrap(cms, (self.server_ta, self.server_cert), pretty_print = True)
       if self.debug:
         print "Reply:", xml
       cb(msg)
@@ -192,12 +192,12 @@ call_rpkid = rpki.async.sync_wrapper(caller(
   url         = "https://localhost:4404/left-right"))
 
 call_pubd = rpki.async.sync_wrapper(caller(
-  proto       = rpki.left_right,
+  proto       = rpki.publication,
   client_key  = rpki.x509.RSA(PEM_file = bpki_pubd.dir + "/irbe_cli.key"),
   client_cert = rpki.x509.X509(PEM_file = bpki_pubd.dir + "/irbe_cli.cer"),
   server_ta   = rpki.x509.X509(PEM_file = bpki_pubd.cer),
   server_cert = rpki.x509.X509(PEM_file = bpki_pubd.dir + "/pubd.cer"),
-  url         = "https://localhost:4404/left-right"))
+  url         = "https://localhost:4402/control"))
 
 rpkid_pdus = [
   rpki.left_right.self_elt.make_pdu(      action = "get",  tag = "self",       self_handle = my_handle),
@@ -207,10 +207,12 @@ rpkid_pdus = [
   rpki.left_right.repository_elt.make_pdu(action = "list", tag = "repository", self_handle = my_handle) ]
 
 pubd_pdus = [
-  rpki.publication.client_elt.make_pdu(   action = "get", client_handle = my_handle) ]
+  rpki.publication.client_elt.make_pdu(   action = "get", tag = "client",    client_handle = my_handle) ]
 
 call_rpkid(rpkid_pdus)
 
+call_pubd(pubd_pdus)
+
 def showcerts():
 
   def showpem(label, b64, kind):
diff --git a/myrpki/run-daemons.sh b/myrpki/run-daemons.sh
index 0eb93c8e..325742b4 100644
--- a/myrpki/run-daemons.sh
+++ b/myrpki/run-daemons.sh
@@ -10,10 +10,19 @@ then
 
 else
 
-  screen python ../rpkid/irdbd.py
-  screen python ../rpkid/rpkid.py
-  screen python ../rpkid/pubd.py
+  #screen python ../rpkid/irdbd.py
+  #screen python ../rpkid/rpkid.py
+  #screen python ../rpkid/pubd.py
 
+  python ../rpkid/irdbd.py &
+  python ../rpkid/rpkid.py &
+  python ../rpkid/pubd.py &
+  
   #if test -n "$*"; then sleep 5; "$@"; fi
 
+  # Apparently Control-C-ing out of this kills the daemons, which is
+  # what we want but was a surprise to me.  Probably SIGHUP effect due
+  # to running under screen, or something like that.
+  wait
+
 fi
diff --git a/rpkid/rpki/https.py b/rpkid/rpki/https.py
index e27c353b..1a433fd5 100644
--- a/rpkid/rpki/https.py
+++ b/rpkid/rpki/https.py
@@ -46,10 +46,10 @@ rpki_content_type = "application/x-rpki"
 # ================================================================
 
 # Chatter about TLS certificates
-debug_tls_certs = False
+debug_tls_certs = True
 
 # Verbose chatter about HTTP streams
-debug = False
+debug = True
 
 # Whether we want persistent HTTP streams, when peer also supports them
 want_persistent_client = True
@@ -440,6 +440,8 @@ class http_server(http_stream):
 
   def send_message(self, code, reason = "OK", body = None):
     self.log("Sending response %s %s" % (code, reason))
+    if code >= 400:
+      self.expect_close = True
     msg = http_response(code = code, reason = reason, body = body,
                         Content_Type = rpki_content_type,
                         Connection = "Close" if self.expect_close else "Keep-Alive")