| Age | Commit message (Collapse) | Author |
|---|
|
svn path=/branches/tk705/; revision=6407
|
|
Still have irdb and pubd to do.
svn path=/branches/tk705/; revision=6406
|
|
that anybody is likely to care.
svn path=/branches/tk705/; revision=6405
|
|
svn path=/branches/tk705/; revision=6404
|
|
results, of course, but Django behavior so far suggests that this
approach will probably work.
svn path=/branches/tk705/; revision=6403
|
|
svn path=/branches/tk705/; revision=6402
|
|
svn path=/branches/tk705/; revision=6400
|
|
svn path=/branches/tk705/; revision=6398
|
|
svn path=/branches/tk705/; revision=6396
|
|
encapsulate all (well, we hope) relevant configuration and state from
a trunk/ CA in a form we can easily load on another machine, or on the
same machine after a software upgrade, or ....
Transfer format is an ad hoc Python dictionary, encoded in Python's
native "Pickle" format, compressed by "xz" with SHA-256 integrity
checking enabled. See #807.
svn path=/trunk/; revision=6395
|
|
rpkid.
closes #805
svn path=/branches/tk705/; revision=6394
|
|
commands. Fixes #808.
svn path=/branches/tk705/; revision=6393
|
|
svn path=/branches/tk705/; revision=6392
|
|
svn path=/branches/tk705/; revision=6391
|
|
and logging setup. Most programs now use the unified mechanism,
although there are still a few holdouts: the GUI, which is a special
case because it has no command line, and the rpki-rtr program, which,
for historical reasons has its own implementation of the logging setup
infrastructure.
svn path=/branches/tk705/; revision=6390
|
|
svn path=/trunk/; revision=6389
|
|
the default configuration to be production rather than testing.w
svn path=/branches/tk705/; revision=6388
|
|
startup error messages logged properly if at all possible. See #806.
svn path=/branches/tk705/; revision=6387
|
|
svn path=/branches/tk705/; revision=6386
|
|
to stdout or stderr instead of the logging system.
svn path=/branches/tk705/; revision=6385
|
|
svn path=/branches/tk705/; revision=6384
|
|
.up_down_query() must handle errors signaled by .up_down_query_root() correctly.
svn path=/branches/tk705/; revision=6383
|
|
svn path=/branches/tk705/; revision=6382
|
|
"Try adding .all(), idiot."
svn path=/branches/tk705/; revision=6381
|
|
new scheme. Rewrite pubd code which was whacking top-level
certificate files with names other than "root.cer".
svn path=/branches/tk705/; revision=6380
|
|
svn path=/branches/tk705/; revision=6379
|
|
svn path=/branches/tk705/; revision=6378
|
|
svn path=/branches/tk705/; revision=6377
|
|
worker CA and going straight from the root to certifying children,
which is wrong. However...this is far enough along that we can now
remove all the rootd glorp, which is a worthwhile simplification in
its own right, so checkpoint here, remove rootd glorp, then figure out
what's wrong with the internal certificate hierarchy.
rcynic does validate the current output, given a manually constructed
TAL, even if the current output isn't quite what it should be. So we
should also be able to sort out the new TAL generation code now.
Yes, checking in a version that works for the wrong reasons is weird,
but the current sort-of-broken state lets us confirm that the lower
levels of the tree are still correct as we go, which would be much
harder if the poor thing just sat there and whimpered until we had
the new internal CA code completely finished.
svn path=/branches/tk705/; revision=6376
|
|
into an expanded rpki.irdb.models.Parent, as the two are more alike
than I expected them to be, but archive this version first.
svn path=/branches/tk705/; revision=6375
|
|
the companion Root object.
svn path=/branches/tk705/; revision=6374
|
|
svn path=/branches/tk705/; revision=6373
|
|
subelements in left-right responses, so we don't have to duplicate the
mechanism used for BSC <pkcs10_request/> subelements when handling
Parent <rpki_root_cert/> subelements.
svn path=/branches/tk705/; revision=6372
|
|
left-right schema. Not really using of this stuff yet, but haven't
broken existing code yet either.
svn path=/branches/tk705/; revision=6371
|
|
Parents do, because Roots will be uniquely named by reference to their
associated Parent. So move the handle back to Parent.
svn path=/branches/tk705/; revision=6370
|
|
svn path=/branches/tk705/; revision=6369
|
|
Still need equivalent hack for plain git, later.
svn path=/branches/tk705/; revision=6368
|
|
Parent model into base Turtle model and derived Parent model.
svn path=/branches/tk705/; revision=6367
|
|
This is a transitional version of rpki-nanny: in the long run, the
daemons it runs should take care of reading their own log
configuration from rpki.conf, but that's a yak for another day.
svn path=/branches/tk705/; revision=6366
|
|
svn path=/branches/tk705/; revision=6365
|
|
Fixes #804.
svn path=/branches/tk705/; revision=6364
|
|
svn path=/branches/tk705/; revision=6363
|
|
to chdir(), to avoid confusing clients if inetd decides to merge
stderr into stdout (text error messages don't parse well as PDUs).
svn path=/trunk/; revision=6362
|
|
svn path=/branches/tk705/; revision=6361
|
|
I think Subversion's merge tracking data is turning into cream cheese.
svn path=/branches/tk705/; revision=6360
|
|
if <group> column is omitted, we now use the <pnm> value as the
<group>, in effect requesting a separate ROA for each ROA request,
which is almost certainly what the user wanted. Explictly specifying
the <group> value should still work, in case anybody still needs
multi-prefix ROAs for testing or other purposes.
svn path=/trunk/; revision=6359
|
|
svn path=/branches/tk705/; revision=6352
|
|
OpenSSL 1.1 will include some backwards-compatible API changes. In
some cases, the new API won't be available until OpenSSL 1.1, but a
lot of the new API already exists in OpenSSL 1.0.2.
This commit switches the parts that can be switched with OpenSSL 1.0.
Other changes deferred until OpenSSL 1.1 public release.
svn path=/branches/tk705/; revision=6351
|
|
svn path=/trunk/; revision=6350
|
|
svn path=/branches/tk705/; revision=6350
|
