aboutsummaryrefslogtreecommitdiff
AgeCommit message (Collapse)Author
2014-04-03Remove deferred-upgrade stuff, we don't need it at the moment, it'sRob Austein
fragile, and this may not really be the right approach anyway. svn path=/branches/tk671/; revision=5744
2014-04-03Turns out we don't really need the whole deferred-upgrade mess afterRob Austein
all, at least not yet. Real problem was AIA handling, now fixed. svn path=/branches/tk671/; revision=5743
2014-04-03Helps to fix the code as well as the comments.Rob Austein
svn path=/branches/tk671/; revision=5742
2014-04-02Need AIA check for signed object certificates too.Rob Austein
svn path=/branches/tk671/; revision=5741
2014-04-02Get AIA comparison right.Rob Austein
svn path=/branches/tk671/; revision=5740
2014-04-02Track changes in URI at which parent publishes our CA certificate, andRob Austein
propegate those changes to certs we issue. svn path=/branches/tk671/; revision=5739
2014-04-02Log something before running deferred upgrades.Rob Austein
svn path=/branches/tk671/; revision=5738
2014-04-02Don't try to batch revocations.Rob Austein
svn path=/branches/tk671/; revision=5737
2014-04-02Hmm, Python "exec" is a bit fragile, may need to do something aboutRob Austein
constructing script-specific symbol table. svn path=/branches/tk671/; revision=5736
2014-04-02Directory cleanup working as expected, but AIA cleanup still flakey.Rob Austein
svn path=/branches/tk671/; revision=5735
2014-04-02Better version of cleanup script, although we might be able to doRob Austein
better if there turns out to be a sane way for rpkid to notice that it wants a different SIA value than previously and therefore request the new certificate automatically. svn path=/branches/tk671/; revision=5734
2014-04-02Pull from trunk.Rob Austein
svn path=/branches/tk671/; revision=5733
2014-04-02Hmm, fun failures withdrawing nonexistent objects. Try postponingRob Austein
revokcation until after we've done everything else. svn path=/branches/tk671/; revision=5731
2014-04-02Sigh, s/--self_id/--self_handle/.Rob Austein
svn path=/branches/tk671/; revision=5730
2014-04-02Different approach to forced-reissue script, using irbe_cli batching.Rob Austein
svn path=/branches/tk671/; revision=5729
2014-04-02And this time it ran perfectly on the first pass. Yep, some kind of timing ↵Rob Austein
thing. svn path=/branches/tk671/; revision=5728
2014-04-02Try doing the entire rekey/reissue thing twice, since that seems toRob Austein
work when doing it manually. This may be a timing issue. svn path=/branches/tk671/; revision=5727
2014-04-01Something seriously weird going on with scoping rules, rewrite yet again.Rob Austein
svn path=/branches/tk671/; revision=5726
2014-04-01Scoping problem in exec-from-sql kludge, sigh.Rob Austein
svn path=/branches/tk671/; revision=5725
2014-04-01Running deferred SQL upgrades from rpki-start-servers doesn't work,Rob Austein
dunno why, but putting it there was always a kludge. Try moving it to an explicit post-start action in platform-specific startup scripts. Rewrite deferred upgrade script for [5678] to do up-down rekey and revoke as well, since that seemed to work better in initial testing. svn path=/branches/tk671/; revision=5724
2014-03-31Debug deferred_upgrade code.Rob Austein
svn path=/branches/tk671/; revision=5723
2014-03-31Pull from trunk.Rob Austein
svn path=/branches/tk671/; revision=5722
2014-03-31Debug apply-scripts database passing.Rob Austein
svn path=/branches/tk671/; revision=5720
2014-03-30First cut at upgrade script for change [5678]. Needs testing.Rob Austein
svn path=/branches/tk671/; revision=5719
2014-03-30Add rpki-sql-setup --apply-deferred-updates to support migrationsRob Austein
which can't be executed until the daemons are up. See #671. svn path=/branches/tk671/; revision=5718
2014-03-30Debug merge of rpki-sql-update into rpki-sql-setup.Rob Austein
svn path=/branches/tk671/; revision=5717
2014-03-29Merge rpki-sql-upgrade into rpki-sql-setup. See #671.Rob Austein
svn path=/branches/tk671/; revision=5716
2014-03-29Pull from trunk.Rob Austein
svn path=/branches/tk671/; revision=5715
2014-03-29Run SQL upgrades in FreeBSD post-install too.Rob Austein
svn path=/branches/tk671/; revision=5713
2014-03-29Debug rpki-sql-upgrade.Rob Austein
svn path=/branches/tk671/; revision=5712
2014-03-28Update to current version before final database close.Rob Austein
svn path=/branches/tk671/; revision=5710
2014-03-28Make upgrade-scripts directory configurable.Rob Austein
svn path=/branches/tk671/; revision=5709
2014-03-28First cut at rpki-sql-upgrade script. See #671.Rob Austein
svn path=/branches/tk671/; revision=5708
2014-03-16Pull from trunk.Rob Austein
svn path=/branches/tk671/; revision=5705
2014-02-27Pull from trunk.Rob Austein
svn path=/branches/tk671/; revision=5694
2014-02-27Log ee_cert objects properly.Rob Austein
svn path=/branches/tk671/; revision=5692
2014-02-27Pull from trunk.Rob Austein
svn path=/branches/tk671/; revision=5691
2014-02-26Pull from trunk.Rob Austein
svn path=/branches/tk671/; revision=5688
2014-02-26Sort OIDs into numerical order.Rob Austein
svn path=/branches/tk671/; revision=5686
2014-02-26id-kp-bgpsec-router assigned by the OID Czar.Rob Austein
svn path=/branches/tk671/; revision=5685
2014-02-25regenRob Austein
svn path=/branches/tk671/; revision=5684
2014-02-25Router certificates working again after changes to get subject name out of ↵Rob Austein
the PKCS !#10. svn path=/branches/tk671/; revision=5683
2014-02-25Something broke MySQLdb on my laptop during a recent upgrade, and IRob Austein
have better things to do than shaving that particular yak today. So I'm committing untested changes (to a development branch that nobody but me is using) so I can test them on a working development platform. svn path=/branches/tk671/; revision=5682
2014-02-21Add EKU when generating router certificates.Rob Austein
svn path=/branches/tk671/; revision=5681
2014-02-21Add router certificate support to yamltest, rpkic, etc.Rob Austein
svn path=/branches/tk671/; revision=5680
2014-02-20Whack RSA-specific code to a more general API using PrivateKey andRob Austein
PublicKey classes, with RSA and ECDSA as subclasses extending PrivateKey. Revised API not necessarily in final form yet, but good enough for smoketest to generate ECDSA keys for testing router certs. svn path=/branches/tk671/; revision=5679
2014-02-20All this router certificate stuff requires enough SQL changes thatRob Austein
we're going to need a fancy upgrade script when we merge this to trunk no matter what else we do, so might as well flip the default on the long-awaited `merge_publication_directories` in the router certificate development branch and handle the upgrade actions for that along with everything else when we finally merge back to trunk. See #479. svn path=/branches/tk671/; revision=5678
2014-02-20Missed case where we have to reissue EE certificate because we justRob Austein
deprecated the issuing ca_detail. svn path=/branches/tk671/; revision=5677
2014-02-20Clean up ee_cert_obj class.Rob Austein
svn path=/branches/tk671/; revision=5676
2014-02-20Pull from trunk.Rob Austein
svn path=/branches/tk671/; revision=5675
generated by cgit v1.2.3 (git 2.25.1) at 2025-06-04 10:28:35 +0000