| Age | Commit message (Collapse) | Author |
|---|
|
svn path=/branches/tk705/; revision=6223
|
|
tested, and final_cleanup() needs work to avoid trashing RRDP state.
svn path=/branches/tk705/; revision=6222
|
|
svn path=/branches/tk705/; revision=6221
|
|
programs use rcynicng's output. Long term, such programs should read
the database instead, but being able to diff directory trees is useful
while testing.
svn path=/branches/tk705/; revision=6220
|
|
disk files. rcynic.xml output looks reasonable. Don't yet have any
other tools which know how to walk the result database, so can't (yet)
compare results with rcynic.
Does not yet do any cleanup of old data, so will eventually consume
all disk space in the universe until this is fixed.
svn path=/branches/tk705/; revision=6219
|
|
svn path=/branches/tk705/; revision=6218
|
|
svn path=/branches/tk705/; revision=6217
|
|
svn path=/branches/tk705/; revision=6216
|
|
latest specification says HTTPS, but enough of the existing code has
not yet caught up that it's useful to see the HTTP URIs when the HTTPS
ones are missing.
svn path=/branches/tk705/; revision=6215
|
|
svn path=/branches/tk705/; revision=6214
|
|
svn path=/branches/tk705/; revision=6213
|
|
svn path=/trunk/; revision=6212
|
|
verification per se. Clean up nasty mess in profile conformance
checks for router certificates.
svn path=/branches/tk705/; revision=6211
|
|
svn path=/branches/tk705/; revision=6210
|
|
keys.
svn path=/branches/tk705/; revision=6209
|
|
cleanup of POW.c RPKI conformance checking code.
svn path=/branches/tk705/; revision=6208
|
|
svn path=/branches/tk705/; revision=6207
|
|
generations inside the loop over manifest entries.
svn path=/branches/tk705/; revision=6206
|
|
svn path=/branches/tk705/; revision=6205
|
|
from having SIA extensions, unlike all other RPKI certificates which
are required to have them.
Start moving RPKI conformance checks which can be performed in Python
out of POW.c, tag a bunch more for consideration.
svn path=/branches/tk705/; revision=6204
|
|
resolve immediately, just in case something throws an exception.
Don't try to be clever about when to yield in main object checking
loop: just trusting Tornado's scheduler to do the right thing seems to
give better rsync throughput.
svn path=/branches/tk705/; revision=6203
|
|
svn path=/branches/tk705/; revision=6202
|
|
svn path=/branches/tk705/; revision=6201
|
|
svn path=/branches/tk705/; revision=6200
|
|
matters more when object has a __str__() method.
svn path=/branches/tk705/; revision=6199
|
|
backup manifests, we just need to walk the best manifest we can find,
twice.
svn path=/branches/tk705/; revision=6198
|
|
which hasn't previously had X509_check_ca() called on it.
svn path=/branches/tk705/; revision=6197
|
|
svn path=/branches/tk705/; revision=6196
|
|
svn path=/branches/tk705/; revision=6195
|
|
results from the original rcynic, still some loose ends and unfinished
bits, and no support for RRDP yet (which was sort of the ultimate
point of the exercise), but approaching the point of being usable, and
about an order of magnitude shorter than the C original.
svn path=/branches/tk705/; revision=6194
|
|
latin1 to work around MySQL 5.6 insanity. Fixes #782 (again).
svn path=/trunk/; revision=6193
|
|
svn path=/trunk/; revision=6192
|
|
svn path=/branches/tk705/; revision=6191
|
|
MySQL 5.5, so try the kludge, whine if it fails, then blunder ahead.
Fixes #781.
svn path=/trunk/; revision=6190
|
|
5.6 Latin1 kludge.
svn path=/trunk/; revision=6189
|
|
character set is UTF8 (fine so far), which causes MySQL to reject
ASN.1 DER stored in BLOBs (or, more likely, any operations against
such columns) on the grounds that ASN.1 DER is not well-formed UTF8.
svn path=/trunk/; revision=6188
|
|
summary from rcynic-text.
svn path=/branches/tk705/; revision=6187
|
|
svn path=/branches/tk705/; revision=6186
|
|
svn path=/branches/tk705/; revision=6185
|
|
Get full rsync code working, history cache and all.
svn path=/branches/tk705/; revision=6184
|
|
issuer. Not sure we really need the complex issuer-finding code at
all anymore, but dumping core is not an appropriate form of social
criticism.
svn path=/branches/tk705/; revision=6183
|
|
svn path=/branches/tk705/; revision=6182
|
|
OpenSSL certificate verification errors.
svn path=/branches/tk705/; revision=6181
|
|
makes the C code considerably simpler.
svn path=/branches/tk705/; revision=6180
|
|
left to do, still need to add in stuff that we pushed out to Python
rather than trying to do in C (eg, a lot of the URI tests), but basics
seem to work. Checkpointing before attempting a major simplification
of the StatusCode mechanism.
svn path=/branches/tk705/; revision=6179
|
|
svn path=/branches/tk705/; revision=6178
|
|
svn path=/branches/tk705/; revision=6177
|
|
X509Store.verify() to X509.verify(). Result seems to run properly
with trivial modification to existing Python BPKI code.
RPKI extended validation via this interface (the real point of this
exercise) still not tested.
svn path=/branches/tk705/; revision=6176
|
|
POW.c, still totally untested. X.509 certificate validation is in a
transitional state, currently spiced with awful kludges so that we're
still doing the right thing cryptographically, albeit in a completely
disgusting way as far as the API is concerned. Serious cleanup
needed, but wanted to get a post-merge version with CMS and X.509
working again after the merge into the repository for backup.
svn path=/branches/tk705/; revision=6175
|
|
rcynic.c. New functionality not yet tested, but doesn't seem to have
broken break anything in the CA software.
(Previous commit accidently included POW.c, oops, but no harm done.)
svn path=/branches/tk705/; revision=6174
|
