Fix confused handling of staleness flags.

svn path=/branches/tk705/; revision=6207

2 files changed, 15 insertions, 40 deletions

diff --git a/ext/POW.c b/ext/POW.c
index 04cf0d01..50844afa 100644
--- a/ext/POW.c
+++ b/ext/POW.c
@@ -320,12 +320,7 @@ static const ASN1_INTEGER *asn1_zero, *asn1_four_octets, *asn1_twenty_octets;
  */
 
 static const int
-  allow_stale_crl = 1,
-  allow_stale_manifest = 1,
-  allow_digest_mismatch = 1,
-  allow_crl_digest_mismatch = 1,
   allow_nonconformant_name = 1,
-  allow_ee_without_signedObject = 1,
   allow_1024_bit_ee_key = 1,
   allow_wrong_cms_si_attributes = 1,
   allow_non_self_signed_trust_anchor = 0;
@@ -1234,22 +1229,10 @@ validation_status_x509_verify_cert_cb(int ok, X509_STORE_CTX *ctx, PyObject *sta
 
   case X509_V_ERR_CRL_HAS_EXPIRED:
     /*
-     * This isn't really an error, exactly.  CRLs don't really
-     * "expire".  What OpenSSL really means by this error is just
-     * "it's now later than the issuer said it intended to publish a
-     * new CRL".  Whether we treat this as an error or not is
-     * configurable, see the allow_stale_crl parameter.
-     *
-     * Deciding whether to allow stale CRLs is check_crl()'s job,
-     * not ours.  By the time this callback occurs, we've already
-     * accepted the CRL; this callback is just notifying us that the
-     * object being checked is tainted by a stale CRL.  So we mark the
-     * object as tainted and carry on.
+     * This isn't really an error, because CRLs don't really
+     * "expire".
      */
 
-#warning Could be done in Python
-    record_validation_status(status, TAINTED_BY_STALE_CRL);
-
 #warning Should be kept in C
     return 1;
 
@@ -1840,14 +1823,6 @@ static int check_manifest(CMS_ContentInfo *cms,
     lose_validation_error_from_code(status, WRONG_OBJECT_VERSION);
 
 #warning Could be done in Python
-  if (X509_cmp_current_time(manifest->thisUpdate) > 0)
-    lose_validation_error_from_code(status, MANIFEST_NOT_YET_VALID);
-
-#warning Could be done in Python
-  if (X509_cmp_current_time(manifest->nextUpdate) < 0)
-    lose_validation_error_from_code_maybe(allow_stale_manifest, status, STALE_CRL_OR_MANIFEST);
-
-#warning Could be done in Python
   if ((certs = CMS_get1_certs(cms)) == NULL || sk_X509_num(certs) != 1)
     lose_validation_error_from_code(status, BAD_CMS_SIGNER);
 
diff --git a/rp/rcynic/rcynicng b/rp/rcynic/rcynicng
index b5139dec..6c0a9b46 100755
--- a/rp/rcynic/rcynicng
+++ b/rp/rcynic/rcynicng
@@ -392,6 +392,11 @@ class Manifest(rpki.POW.Manifest):
         self.notAfter   = self.ee.getNotAfter()
         if self.thisUpdate < self.notBefore or self.nextUpdate > self.notAfter:
             status.add(codes.MANIFEST_INTERVAL_OVERRUNS_CERT)
+        now = rpki.sundial.now()
+        if self.thisUpdate > now:
+            status.add(codes.MANIFEST_NOT_YET_VALID)
+        if self.nextUpdate < now:
+            status.add(codes.STALE_CRL_OR_MANIFEST)
         codes.normalize(status)
         return not any(s.kind == "bad" for s in status)
 
@@ -566,20 +571,10 @@ class  WalkFrame(object):
         install_object(self.mft)
         Status.add(mft_uri, self.mft.generation, codes.OBJECT_ACCEPTED)
 
-        now = rpki.sundial.now()
-
-        self.stale_crl = now > self.crl.nextUpdate
-        if self.stale_crl:
-            logger.debug("Stale CRL %s %s", self.crl.nextUpdate, self.crl.uri)
-            Status.add(self.crl.uri, self.crl.generation, codes.STALE_CRL_OR_MANIFEST)            
+        self.stale_crl = Status.test(self.crl.uri, self.crl.generation, codes.STALE_CRL_OR_MANIFEST)
+        self.stale_mft = Status.test(self.mft.uri, self.mft.generation, codes.STALE_CRL_OR_MANIFEST)
 
-        self.stale_mft = now > self.mft.nextUpdate
-        if self.stale_mft:
-            logger.debug("Stale Manifest %s %s", self.mft.nextUpdate, self.mft.uri)
-            Status.add(self.mft.uri, self.mft.generation, codes.STALE_CRL_OR_MANIFEST)
-
-        # Use an explicit iterator so we can resume it later.
-        # Run the loop in a separate method for the same reason.
+        # Use an explicit iterator so we can resume it; run loop in separate method, same reason.
 
         self.mft_iterator = iter(self.mft.getFiles())
         self.state        = self.loop
@@ -810,6 +805,11 @@ class Fetcher(object):
             # process exit status directly from the operating system.  In theory, the WNOHANG
             # isn't necessary here, we use it anyway to be safe in case theory is wrong.
 
+            # If we need to add a timeout here to guard against rsync processes taking too long
+            # (which has happened in the past with, eg, LACNIC), see tornado.gen.with_timeout()
+            # (documented in the utility functions section of the tornado.gen page), which wraps
+            # any future in a timeout.
+
             t0 = time.time()
             rsync = tornado.process.Subprocess(cmd, stdout = tornado.process.Subprocess.STREAM, stderr = subprocess.STDOUT)
             logger.debug("rsync[%s] started \"%s\"", rsync.pid, " ".join(cmd))