sra/rpki.net - Dragon Research Labs RPKI Toolkit

path: root/openssl/trunk/doc/ssl/SSL_CTX_use_certificate.pod

diff options

author	Rob Austein <sra@hactrn.net>	2006-08-29 23:37:35 +0000
committer	Rob Austein <sra@hactrn.net>	2006-08-29 23:37:35 +0000
commit	26192428936c7e2c5c9daa2c68e64513bf2f7b1a (patch)
tree	16efc21dbd2e9194d1933faaaaf0cc332f884e0e /openssl/trunk/doc/ssl/SSL_CTX_use_certificate.pod
parent	ff9c60fc05e315455cfb3a5da15606ef1bbf84f5 (diff)

Apparently we need to fetch the CRL in order to verify the cert in

which we found the CRL's URI. Ick. Have asked on list, deferring work briefly in the hope that someone will tell me that I'm wrong about this. svn path=/scripts/rcynic-prototype.pl; revision=243

Diffstat (limited to 'openssl/trunk/doc/ssl/SSL_CTX_use_certificate.pod')

0 files changed, 0 insertions, 0 deletions

oc */ .highlight .cpf { color: #888 } /* Comment.PreprocFile */ .highlight .c1 { color: #888 } /* Comment.Single */ .highlight .cs { color: #C00; font-weight: bold; background-color: #FFF0F0 } /* Comment.Special */ .highlight .gd { color: #000; background-color: #FDD } /* Generic.Deleted */ .highlight .ge { font-style: italic } /* Generic.Emph */ .highlight .ges { font-weight: bold; font-style: italic } /* Generic.EmphStrong */ .highlight .gr { color: #A00 } /* Generic.Error */ .highlight .gh { color: #333 } /* Generic.Heading */ .highlight .gi { color: #000; background-color: #DFD } /* Generic.Inserted */ .highlight .go { color: #888 } /* Generic.Output */ .highlight .gp { color: #555 } /* Generic.Prompt */ .highlight .gs { font-weight: bold } /* Generic.Strong */ .highlight .gu { color: #666 } /* Generic.Subheading */ .highlight .gt { color: #A00 } /* Generic.Traceback */ .highlight .kc { color: #080; font-weight: bold } /* Keyword.Constant */ .highlight .kd { color: #080; font-weight: bold } /* Keyword.Declaration */ .highlight .kn { color: #080; font-weight: bold } /* Keyword.Namespace */ .highlight .kp { color: #080 } /* Keyword.Pseudo */ .highlight .kr { color: #080; font-weight: bold } /* Keyword.Reserved */ .highlight .kt { color: #888; font-weight: bold } /* Keyword.Type */ .highlight .m { color: #00D; font-weight: bold } /* Literal.Number */ .highlight .s { color: #D20; background-color: #FFF0F0 } /* Literal.String */ .highlight .na { color: #369 } /* Name.Attribute */ .highlight .nb { color: #038 } /* Name.Builtin */ .highlight .nc { color: #B06; font-weight: bold } /* Name.Class */ .highlight .no { color: #036; font-weight: bold } /* Name.Constant */ .highlight .nd { color: #555 } /* Name.Decorator */ .highlight .ne { color: #B06; font-weight: bold } /* Name.Exception */ .highlight .nf { color: #06B; font-weight: bold } /* Name.Function */ .highlight .nl { color: #369; font-style: italic } /* Name.Label */ .highlight .nn { color: #B06; font-weight: bold } /* Name.Namespace */ .highlight .py { color: #369; font-weight: bold } /* Name.Property */ .highlight .nt { color: #B06; font-weight: bold } /* Name.Tag */ .highlight .nv { color: #369 } /* Name.Variable */ .highlight .ow { color: #080 } /* Operator.Word */ .highlight .w { color: #BBB } /* Text.Whitespace */ .highlight .mb { color: #00D; font-weight: bold } /* Literal.Number.Bin */ .highlight .mf { color: #00D; font-weight: bold } /* Literal.Number.Float */ .highlight .mh { color: #00D; font-weight: bold } /* Literal.Number.Hex */ .highlight .mi { color: #00D; font-weight: bold } /* Literal.Number.Integer */ .highlight .mo { color: #00D; font-weight: bold } /* Literal.Number.Oct */ .highlight .sa { color: #D20; background-color: #FFF0F0 } /* Literal.String.Affix */ .highlight .sb { color: #D20; background-color: #FFF0F0 } /* Literal.String.Backtick */ .highlight .sc { color: #D20; background-color: #FFF0F0 } /* Literal.String.Char */ .highlight .dl { color: #D20; background-color: #FFF0F0 } /* Literal.String.Delimiter */ .highlight .sd { color: #D20; background-color: #FFF0F0 } /* Literal.String.Doc */ .highlight .s2 { color: #D20; background-color: #FFF0F0 } /* Literal.String.Double */ .highlight .se { color: #04D; background-color: #FFF0F0 } /* Literal.String.Escape */ .highlight .sh { color: #D20; background-color: #FFF0F0 } /* Literal.String.Heredoc */ .highlight .si { color: #33B; background-color: #FFF0F0 } /* Literal.String.Interpol */ .highlight .sx { color: #2B2; background-color: #F0FFF0 } /* Literal.String.Other */ .highlight .sr { color: #080; background-color: #FFF0FF } /* Literal.String.Regex */ .highlight .s1 { color: #D20; background-color: #FFF0F0 } /* Literal.String.Single */ .highlight .ss { color: #A60; background-color: #FFF0F0 } /* Literal.String.Symbol */ .highlight .bp { color: #038 } /* Name.Builtin.Pseudo */ .highlight .fm { color: #06B; font-weight: bold } /* Name.Function.Magic */ .highlight .vc { color: #369 } /* Name.Variable.Class */ .highlight .vg { color: #D70 } /* Name.Variable.Global */ .highlight .vi { color: #33B } /* Name.Variable.Instance */ .highlight .vm { color: #369 } /* Name.Variable.Magic */ .highlight .il { color: #00D; font-weight: bold } /* Literal.Number.Integer.Long */

"""
Extract a private key from rpkid's database.

This is a debugging tool.  rpkid goes to some trouble not to expose
private keys, which is correct for normal operation, but for debugging
it is occasionally useful to be able to extract the private key from
MySQL.  This script is just a convenience, it doesn't enable anything
that couldn't be done via the mysql command line tool.

While we're at this we also extract the corresponding certificate.

Usage: python extract-key.py [ { -s | --self     } self_handle    ]
                             [ { -b | --bsc      } bsc_handle     ]
                             [ { -u | --user     } mysql_user_id  ]
                             [ { -d | --db       } mysql_database ]
                             [ { -p | --password } mysql_password ]
                             [ { -h | --help     } ]

Default for both user and db is "rpki".

$Id$

Copyright (C) 2008  American Registry for Internet Numbers ("ARIN")

Permission to use, copy, modify, and distribute this software for any
purpose with or without fee is hereby granted, provided that the above
copyright notice and this permission notice appear in all copies.

THE SOFTWARE IS PROVIDED "AS IS" AND ARIN DISCLAIMS ALL WARRANTIES WITH
REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
AND FITNESS.  IN NO EVENT SHALL ARIN BE LIABLE FOR ANY SPECIAL, DIRECT,
INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
PERFORMANCE OF THIS SOFTWARE.
"""

import os, time, getopt, sys, MySQLdb
import rpki.x509

os.environ["TZ"] = "UTC"
time.tzset()

def usage(code):
  print __doc__
  sys.exit(code)

self_handle = None
bsc_handle  = None

user = "rpki"
passwd = "fnord"
db   = "rpki"

opts, argv = getopt.getopt(sys.argv[1:], "s:b:u:p:d:h?",
                           ["self=", "bsc=", "user=", "password=", "db=", "help"])
for o, a in opts:
  if o in ("-h", "--help", "-?"):
    usage(0)
  elif o in ("-s", "--self"):
    self_handle = a
  elif o in ("-b", "--bsc"):
    bsc_handle = a
  elif o in ("-u", "--user"):
    user = a
  elif o in ("-p", "--password"):
    passwd = a
  elif o in ("-d", "--db"):
    db = a
if argv:
  usage(1)

cur = MySQLdb.connect(user = user, db = db, passwd = passwd).cursor()

cur.execute(
  """
    SELECT bsc.private_key_id, bsc.signing_cert
    FROM bsc, self
    WHERE self.self_handle = %s AND self.self_id = bsc.self_id AND bsc_handle = %s
  """,
  (self_handle, bsc_handle))

key, cer = cur.fetchone()

print rpki.x509.RSA(DER = key).get_PEM()

if cer:
  print rpki.x509.X509(DER = cer).get_PEM()


context:
space:
mode: