diff options
| author | Rob Austein <sra@hactrn.net> | 2016-04-23 15:03:37 +0000 |
|---|---|---|
| committer | Rob Austein <sra@hactrn.net> | 2016-04-23 15:03:37 +0000 |
| commit | 784b20d33070a8450b23d846a0d936a356646739 (patch) | |
| tree | 493851ea6578209bf4715e6d770c83837eb37865 /rpki/rootd.py | |
| parent | f81321b26b8112dc971288ec116aa64178dd3259 (diff) | |
Internal root sort of working, but only sort of. It's skipping the
worker CA and going straight from the root to certifying children,
which is wrong. However...this is far enough along that we can now
remove all the rootd glorp, which is a worthwhile simplification in
its own right, so checkpoint here, remove rootd glorp, then figure out
what's wrong with the internal certificate hierarchy.
rcynic does validate the current output, given a manually constructed
TAL, even if the current output isn't quite what it should be. So we
should also be able to sort out the new TAL generation code now.
Yes, checking in a version that works for the wrong reasons is weird,
but the current sort-of-broken state lets us confirm that the lower
levels of the tree are still correct as we go, which would be much
harder if the poor thing just sat there and whimpered until we had
the new internal CA code completely finished.
svn path=/branches/tk705/; revision=6376
Diffstat (limited to 'rpki/rootd.py')
| -rw-r--r-- | rpki/rootd.py | 11 |
1 files changed, 7 insertions, 4 deletions
diff --git a/rpki/rootd.py b/rpki/rootd.py index 08259a9a..70669345 100644 --- a/rpki/rootd.py +++ b/rpki/rootd.py @@ -349,16 +349,19 @@ class main(object): q_msg = q_cms.unwrap((self.bpki_ta, self.child_bpki_cert)) q_type = q_msg.get("type") logger.info("Serving %s query", q_type) - r_msg = Element(rpki.up_down.tag_message, nsmap = rpki.up_down.nsmap, version = rpki.up_down.version, - sender = q_msg.get("recipient"), recipient = q_msg.get("sender"), type = q_type + "_response") + r_msg = Element(rpki.up_down.tag_message, nsmap = rpki.up_down.nsmap, + version = rpki.up_down.version, + sender = q_msg.get("recipient"), recipient = q_msg.get("sender"), + type = q_type + "_response") try: self.rpkid_cms_timestamp = q_cms.check_replay(self.rpkid_cms_timestamp, request.path) getattr(self, "handle_" + q_type)(q_msg, r_msg) except Exception, e: logger.exception("Exception processing up-down %s message", q_type) rpki.up_down.generate_error_response_from_exception(r_msg, e, q_type) - request.send_cms_response(rpki.up_down.cms_msg().wrap(r_msg, self.rootd_bpki_key, self.rootd_bpki_cert, - self.rootd_bpki_crl if self.include_bpki_crl else None)) + request.send_cms_response(rpki.up_down.cms_msg().wrap( + r_msg, self.rootd_bpki_key, self.rootd_bpki_cert, + self.rootd_bpki_crl if self.include_bpki_crl else None)) except Exception, e: logger.exception("Unhandled exception processing up-down message") request.send_error(500, "Unhandled exception %s: %s" % (e.__class__.__name__, e)) |