| Age | Commit message (Collapse) | Author |
|---|
|
svn path=/branches/tk705/; revision=6207
|
|
generations inside the loop over manifest entries.
svn path=/branches/tk705/; revision=6206
|
|
svn path=/branches/tk705/; revision=6205
|
|
from having SIA extensions, unlike all other RPKI certificates which
are required to have them.
Start moving RPKI conformance checks which can be performed in Python
out of POW.c, tag a bunch more for consideration.
svn path=/branches/tk705/; revision=6204
|
|
resolve immediately, just in case something throws an exception.
Don't try to be clever about when to yield in main object checking
loop: just trusting Tornado's scheduler to do the right thing seems to
give better rsync throughput.
svn path=/branches/tk705/; revision=6203
|
|
svn path=/branches/tk705/; revision=6202
|
|
svn path=/branches/tk705/; revision=6201
|
|
svn path=/branches/tk705/; revision=6200
|
|
matters more when object has a __str__() method.
svn path=/branches/tk705/; revision=6199
|
|
backup manifests, we just need to walk the best manifest we can find,
twice.
svn path=/branches/tk705/; revision=6198
|
|
which hasn't previously had X509_check_ca() called on it.
svn path=/branches/tk705/; revision=6197
|
|
svn path=/branches/tk705/; revision=6196
|
|
svn path=/branches/tk705/; revision=6195
|
|
results from the original rcynic, still some loose ends and unfinished
bits, and no support for RRDP yet (which was sort of the ultimate
point of the exercise), but approaching the point of being usable, and
about an order of magnitude shorter than the C original.
svn path=/branches/tk705/; revision=6194
|
|
svn path=/branches/tk705/; revision=6191
|
|
summary from rcynic-text.
svn path=/branches/tk705/; revision=6187
|
|
svn path=/branches/tk705/; revision=6186
|
|
svn path=/branches/tk705/; revision=6185
|
|
Get full rsync code working, history cache and all.
svn path=/branches/tk705/; revision=6184
|
|
issuer. Not sure we really need the complex issuer-finding code at
all anymore, but dumping core is not an appropriate form of social
criticism.
svn path=/branches/tk705/; revision=6183
|
|
svn path=/branches/tk705/; revision=6182
|
|
OpenSSL certificate verification errors.
svn path=/branches/tk705/; revision=6181
|
|
makes the C code considerably simpler.
svn path=/branches/tk705/; revision=6180
|
|
left to do, still need to add in stuff that we pushed out to Python
rather than trying to do in C (eg, a lot of the URI tests), but basics
seem to work. Checkpointing before attempting a major simplification
of the StatusCode mechanism.
svn path=/branches/tk705/; revision=6179
|
|
svn path=/branches/tk705/; revision=6178
|
|
svn path=/branches/tk705/; revision=6177
|
|
X509Store.verify() to X509.verify(). Result seems to run properly
with trivial modification to existing Python BPKI code.
RPKI extended validation via this interface (the real point of this
exercise) still not tested.
svn path=/branches/tk705/; revision=6176
|
|
POW.c, still totally untested. X.509 certificate validation is in a
transitional state, currently spiced with awful kludges so that we're
still doing the right thing cryptographically, albeit in a completely
disgusting way as far as the API is concerned. Serious cleanup
needed, but wanted to get a post-merge version with CMS and X.509
working again after the merge into the repository for backup.
svn path=/branches/tk705/; revision=6175
|
|
rcynic.c. New functionality not yet tested, but doesn't seem to have
broken break anything in the CA software.
(Previous commit accidently included POW.c, oops, but no harm done.)
svn path=/branches/tk705/; revision=6174
|
|
svn path=/branches/tk705/; revision=6173
|
|
Regenerate EE certificates along with everything else when activating
a new CADetail (ie, when rolling a CA key).
svn path=/branches/tk705/; revision=6172
|
|
hacks: in practice, we always bypassed it (except when we forgot...).
Make sure we revoke and withdraw the old certs and objects for ROAs
and Ghostbusters rather than the new ones during forced reissue.
svn path=/branches/tk705/; revision=6171
|
|
.publish_world_now() to something a little less whacky. Consolidate
fix for singleton URIs in SIA fields.
svn path=/branches/tk705/; revision=6170
|
|
Tweak publication callback mechanism to use uri instead of tag.
svn path=/branches/tk705/; revision=6169
|
|
svn path=/branches/tk705/; revision=6168
|
|
svn path=/branches/tk705/; revision=6167
|
|
svn path=/branches/tk705/; revision=6166
|
|
svn path=/branches/tk705/; revision=6165
|
|
rpkid_task code. Combine and simplify CRL and manifest generation.
svn path=/branches/tk705/; revision=6164
|
|
svn path=/branches/tk705/; revision=6163
|
|
understands Django's exotic metaclasses, which in turn allows us to
re-enable a number of pylint checks we had disabled. While we were at
this, stripped out a bunch of old pylint pragmas, then added back the
subset that were really needed. As usual with pylint, this turned up
a few real bugs along with an awful lot of noise.
svn path=/branches/tk705/; revision=6162
|
|
sequence trace code to rpki.rpkidb.models to assist in simplifying
some of the gratuitously complicated method call chains. Various
trivial PyLint cleanups.
svn path=/branches/tk705/; revision=6161
|
|
svn path=/branches/tk705/; revision=6160
|
|
through to X509 verification callback handler so it can record status
properly.
svn path=/branches/tk705/; revision=6159
|
|
RPKI validation in POW.c. So far this is mostly notes and the support
for the status code mechanism.
svn path=/branches/tk705/; revision=6158
|
|
svn path=/branches/tk705/; revision=6157
|
|
svn path=/branches/tk705/; revision=6156
|
|
for portability. With this change, the GUI appears to work with SQLite3.
svn path=/branches/tk705/; revision=6155
|
|
under yamltest. No obvious way to tell Django's CSRF protection to
allow this, not entirely sure we'd want to do so even if we could.
svn path=/branches/tk705/; revision=6154
|
|
running with new code base. Now working with
$ yamltest.py --sql mysql --gui smoketest.1.yaml
svn path=/branches/tk705/; revision=6153
|
