aboutsummaryrefslogtreecommitdiff
AgeCommit message (Collapse)Author
2012-02-01AKI checks still weren't quite right.Rob Austein
svn path=/trunk/; revision=4277
2012-01-31Refactor CMS checks, which have gotten complex enough to be worthRob Austein
attempting to share between different kinds of signed objects. This closes #82. svn path=/trunk/; revision=4276
2012-01-31AKI extension is optional for self-signed RPKI certificates.Rob Austein
svn path=/trunk/; revision=4275
2012-01-31Rewrite to avoid running out of memory. Painfully slow with threeRob Austein
month's worth of data, but at least it now runs again. svn path=/trunk/; revision=4273
2012-01-26Back out over-zealous change introduced as part of [4267] --Rob Austein
apparently ASID extensions are legal in EE certificates for ROAs, although given the other constraints I can't think of a sane reason why this is allowed when so much else is nailed down. svn path=/trunk/; revision=4269
2012-01-26Conformance: Check SKI value.Rob Austein
svn path=/trunk/; revision=4268
2012-01-26Conformance: Check CMS SID against EE SKI in ROAs.Rob Austein
Use ASN1_INTEGER_cmp() instead of ASN1_INTEGER_get(), the latter's behavior is too quirky. Add config variable allowing compatability with manifest EE certs that have no SIA extension, which is a technical violation of the spec, albeit a harmless one as far as I can tell; at present, the default for this variable allows these manifests, at some point the default will flip to disallow, as a first step towards phasing this out. svn path=/trunk/; revision=4267
2012-01-26Manifest EE certificates were not including the SIA signedObject URI,Rob Austein
as required by the current manifest specification. svn path=/trunk/; revision=4266
2012-01-26Conformance tests: tighter checking of AIA and SIA extension values.Rob Austein
svn path=/trunk/; revision=4265
2012-01-25Conformance testing: negative serial numbers, wrong date encoding.Rob Austein
svn path=/trunk/; revision=4264
2012-01-25Conformance testing: Better checking of RSA keys.Rob Austein
svn path=/trunk/; revision=4263
2012-01-25Move a few tests out of the not-TA conditional.Rob Austein
svn path=/trunk/; revision=4262
2012-01-25Conformance: Rework checking of X509v3 extensions, add KeyUsageRob Austein
checks, RFC 3779 canonical form checks, other nits. Closes #172. svn path=/trunk/; revision=4261
2012-01-24Fix manifest digest length check. Move parse_cert() call etc intoRob Austein
check_ta() as first step towards fixing extension checks (closes #107, see #172). svn path=/trunk/; revision=4260
2012-01-24Conformance tests: duplicate extensions.Rob Austein
svn path=/trunk/; revision=4259
2012-01-24Conformance tests: digest lengths.Rob Austein
svn path=/trunk/; revision=4258
2012-01-23Conformance tests: pedantic checks of key and signature algorithms.Rob Austein
svn path=/trunk/; revision=4257
2012-01-23Conformance tests: pedantic checks of CRL timestamps.Rob Austein
svn path=/trunk/; revision=4256
2012-01-23Conformance tests: pedantic checks on CRL issuer name, add optionRob Austein
(defaults off) to make nonconformant issuer and subject names fatal. svn path=/trunk/; revision=4255
2012-01-06Lab test of rpki-rtr over TLS using stunnel and s_clientRob Austein
svn path=/trunk/; revision=4143
2012-01-05OpenSSL 1.0.0fRob Austein
svn path=/trunk/; revision=4141
2011-12-27Python 2.5 doesn't have set.isdisjoint()Rob Austein
svn path=/trunk/; revision=4138
2011-12-22Generate proper error reports for unknown protocol version, unknownRob Austein
PDU type, and various forms of corrupt data. We were catching all of them already, but not reporting them correctly. svn path=/trunk/; revision=4131
2011-12-06Fix graphic on NULL-allowed foreign key constraintRob Austein
svn path=/trunk/; revision=4099
2011-12-06Include GUI directories in Doxygen trawlRob Austein
svn path=/trunk/; revision=4098
2011-12-02RegenRob Austein
svn path=/trunk/; revision=4096
2011-12-02Missing "trunk" in some URLs.Rob Austein
svn path=/trunk/; revision=4095
2011-11-23give the user explanatory feedback about why django is required when ↵Michael Elkins
configure can't find it installed. closes #150. svn path=/trunk/; revision=4094
2011-11-23remove features that depend on django 1.3, so that portal gui works with ↵Michael Elkins
django 1.2 svn path=/trunk/; revision=4093
2011-11-14Misplaced parenthesisRob Austein
svn path=/trunk/; revision=4092
2011-11-13Pull NIST from list of hosts tracked, not as interesting as I had thought at ↵Rob Austein
first svn path=/trunk/; revision=4091
2011-11-12make it clear that the asn and prefixes links are for resources delegated to ↵Michael Elkins
children. closes #115 svn path=/trunk/; revision=4090
2011-11-11reorder models to avoid forward references. closes #149Michael Elkins
svn path=/trunk/; revision=4089
2011-11-11Require both Python and Django >= 1.3 to be installed by default, unless the ↵Michael Elkins
use explicitly uses the --disable-* arguments. closes #120 svn path=/trunk/; revision=4088
2011-11-11set default value of max_length to prefix length, and change help text to ↵Michael Elkins
make it clear this field should be an integer without a leading slash. closes #132 svn path=/trunk/; revision=4087
2011-11-11merging /branches/tk103. closes #103Michael Elkins
svn path=/trunk/; revision=4085
2011-11-11merge with ^/trunkMichael Elkins
svn path=/branches/tk103/; revision=4084
2011-11-11if ${sysconfdir}/rpki/settings.py already exists, append a .new suffix and ↵Michael Elkins
copy the new version svn path=/branches/tk103/; revision=4083
2011-11-11prepend ${sysconfdir}/rpki to sys.path to avoid picking up the wrong ↵Michael Elkins
settings.py by accident svn path=/branches/tk103/; revision=4082
2011-11-10Handle traversal of empty backup directory with no manifest correctly,Rob Austein
now that this bug isn't masked by the one I fixed earlier today. svn path=/trunk/; revision=4081
2011-11-10Prettyprinter for validation_status.Rob Austein
svn path=/trunk/; revision=4080
2011-11-10Andrew's torture tests detected a mis-ordering problem inRob Austein
walk_ctx_loop_init(): need to bump walk state -before- looking for files not in manifest. svn path=/trunk/; revision=4079
2011-11-10move settings.py for portal gui django app to ${sysconfdir}/rpki since it ↵Michael Elkins
really is a configuration file svn path=/branches/tk103/; revision=4078
2011-11-10CleanupRob Austein
svn path=/trunk/; revision=4077
2011-11-10Minor changes I forgot to check in.Rob Austein
svn path=/trunk/; revision=4076
2011-11-03RIPE pilot program Trust Anchor LocatorRob Austein
svn path=/trunk/; revision=4074
2011-11-02Clean up old PF_UNIX inodes in sockets/ subdirectory. This closes #118.Rob Austein
svn path=/trunk/; revision=4073
2011-10-30CleanupRob Austein
svn path=/trunk/; revision=4072
2011-10-30use combination of AKI and issuer name to look up parent cert since the same ↵Michael Elkins
public key can be used in multiple certs svn path=/trunk/; revision=4071
2011-10-30TAL for ARIN pilot, supplied by Alex Band (thanks!)Rob Austein
svn path=/trunk/; revision=4070
generated by cgit v1.2.3 (git 2.25.1) at 2025-05-22 04:31:42 +0000