| Age | Commit message (Collapse) | Author |
|---|
|
This fixes #218. I think.
svn path=/trunk/; revision=4393
|
|
svn path=/trunk/; revision=4392
|
|
svn path=/trunk/; revision=4391
|
|
in a previous run, which speeds this tediously slow script up by
something close to an order of magnitude.
svn path=/trunk/; revision=4390
|
|
about on the relying party side (time to fetch, time to validate).
svn path=/trunk/; revision=4389
|
|
very different schedules.
svn path=/trunk/; revision=4388
|
|
to "127.0.0.1". Feh.
svn path=/trunk/; revision=4387
|
|
configuration of our idea of the unauthenticated directory independent
of rcynic, to avoid interfering with chroot configuration.
svn path=/trunk/; revision=4386
|
|
svn path=/trunk/; revision=4385
|
|
svn path=/trunk/; revision=4384
|
|
svn path=/trunk/; revision=4383
|
|
check it (eg, recent AfriNIC incident). Fixes #187.
svn path=/trunk/; revision=4382
|
|
svn path=/trunk/; revision=4381
|
|
paramiko about it some day.
svn path=/trunk/; revision=4380
|
|
support atomic rename without a protocol extension which paramiko
doesn't support (yet?). Yeargh.
svn path=/trunk/; revision=4379
|
|
svn path=/trunk/; revision=4378
|
|
serial numbers, to avoid resetting these values when rootd reboots.
rootd is such a kludge. This fixes #214.
svn path=/trunk/; revision=4377
|
|
svn path=/trunk/; revision=4376
|
|
svn path=/trunk/; revision=4375
|
|
svn path=/trunk/; revision=4374
|
|
svn path=/trunk/; revision=4373
|
|
as the BitTorrent engine.
This is a work in progress, and doesn't yet include the hacks either
to generate torrents or to follow multiple torrents in parallel.
svn path=/trunk/; revision=4372
|
|
from command line, to simplify use with alternate fetch mechanisms.
svn path=/trunk/; revision=4371
|
|
svn path=/trunk/; revision=4370
|
|
svn path=/trunk/; revision=4356
|
|
svn path=/trunk/; revision=4355
|
|
left-right destroy action. Clean up empty publication directories on
withdrawal. Fix rootd's handling of CRLs and manifests. See #197.
svn path=/trunk/; revision=4354
|
|
just deletes the <self/> object. See #197.
svn path=/trunk/; revision=4352
|
|
svn path=/trunk/; revision=4347
|
|
svn path=/trunk/; revision=4346
|
|
svn path=/trunk/; revision=4345
|
|
file when we can't run to completion, eg, when some other process is
sitting on our lock file. This closes #184.
svn path=/trunk/; revision=4335
|
|
svn path=/trunk/; revision=4334
|
|
1024-bit RSA keys for EE certificates, or so some of the implementors
believe, so downgrade that error to a warning for now. This is
configurable using the "allow-1024-bit-ee-key" option and defaults to
allowing such keys with a warning for now, but that default is subject
to change.
svn path=/trunk/; revision=4331
|
|
closes #185
svn path=/trunk/; revision=4320
|
|
svn path=/trunk/; revision=4293
|
|
svn path=/trunk/; revision=4292
|
|
the soon-to-be RFC. Closes #37.
svn path=/trunk/; revision=4288
|
|
Up-down specification explictly allows certificates and CRLs we
consider extraneous to be included in CMS messages. I think that any
verification model which relies on these is flawed, so I don't use
them, in fact, nobody does, but I was unable to convince my co-authors
to change the specification. Sigh. So the up-down code has to allow
these. In theory, OpenSSL's verification code should have no problem
picking the useful bits out of the garbage, since that's a normal part
of OpenSSL's job when acting as a TLS client, so we just pass the mess
along to OpenSSL and let OpenSSL sort it out.
This closes #9.
svn path=/trunk/; revision=4287
|
|
svn path=/trunk/; revision=4286
|
|
svn path=/trunk/; revision=4284
|
|
objects when the current objects at the same URL are OK. Enabled
(whining suppressed) by default, use the switch if you prefer the old
behavior. See #177.
svn path=/trunk/; revision=4281
|
|
having an alternate URI, do check the whole extension rather than
stopping on first success.
svn path=/trunk/; revision=4280
|
|
svn path=/trunk/; revision=4277
|
|
attempting to share between different kinds of signed objects. This
closes #82.
svn path=/trunk/; revision=4276
|
|
svn path=/trunk/; revision=4275
|
|
month's worth of data, but at least it now runs again.
svn path=/trunk/; revision=4273
|
|
apparently ASID extensions are legal in EE certificates for ROAs,
although given the other constraints I can't think of a sane reason
why this is allowed when so much else is nailed down.
svn path=/trunk/; revision=4269
|
|
svn path=/trunk/; revision=4268
|
|
Use ASN1_INTEGER_cmp() instead of ASN1_INTEGER_get(), the latter's
behavior is too quirky.
Add config variable allowing compatability with manifest EE certs that
have no SIA extension, which is a technical violation of the spec,
albeit a harmless one as far as I can tell; at present, the default
for this variable allows these manifests, at some point the default
will flip to disallow, as a first step towards phasing this out.
svn path=/trunk/; revision=4267
|
