| Age | Commit message (Collapse) | Author |
|---|
|
svn path=/trunk/; revision=4560
|
|
mandatory-to-support CMS signatureAlgorithm OID. All known existing
RPKI engines and validators use CMS engines which follow the base CMS
specifications, so this is almost certainly an error in RFC 6485.
Allow either rsaEncryption or sha256WithRSAEncryption, pending
resolution of this issue by the IETF SIDR WG.
svn path=/trunk/; revision=4554
|
|
svn path=/trunk/; revision=4553
|
|
svn path=/trunk/; revision=4551
|
|
svn path=/trunk/; revision=4550
|
|
svn path=/trunk/; revision=4549
|
|
svn path=/trunk/; revision=4548
|
|
svn path=/trunk/; revision=4547
|
|
svn path=/trunk/; revision=4542
|
|
svn path=/trunk/; revision=4538
|
|
svn path=/trunk/; revision=4407
|
|
svn path=/trunk/; revision=4392
|
|
svn path=/trunk/; revision=4391
|
|
svn path=/trunk/; revision=4385
|
|
check it (eg, recent AfriNIC incident). Fixes #187.
svn path=/trunk/; revision=4382
|
|
from command line, to simplify use with alternate fetch mechanisms.
svn path=/trunk/; revision=4371
|
|
file when we can't run to completion, eg, when some other process is
sitting on our lock file. This closes #184.
svn path=/trunk/; revision=4335
|
|
svn path=/trunk/; revision=4334
|
|
1024-bit RSA keys for EE certificates, or so some of the implementors
believe, so downgrade that error to a warning for now. This is
configurable using the "allow-1024-bit-ee-key" option and defaults to
allowing such keys with a warning for now, but that default is subject
to change.
svn path=/trunk/; revision=4331
|
|
svn path=/trunk/; revision=4284
|
|
having an alternate URI, do check the whole extension rather than
stopping on first success.
svn path=/trunk/; revision=4280
|
|
svn path=/trunk/; revision=4277
|
|
attempting to share between different kinds of signed objects. This
closes #82.
svn path=/trunk/; revision=4276
|
|
svn path=/trunk/; revision=4275
|
|
apparently ASID extensions are legal in EE certificates for ROAs,
although given the other constraints I can't think of a sane reason
why this is allowed when so much else is nailed down.
svn path=/trunk/; revision=4269
|
|
svn path=/trunk/; revision=4268
|
|
Use ASN1_INTEGER_cmp() instead of ASN1_INTEGER_get(), the latter's
behavior is too quirky.
Add config variable allowing compatability with manifest EE certs that
have no SIA extension, which is a technical violation of the spec,
albeit a harmless one as far as I can tell; at present, the default
for this variable allows these manifests, at some point the default
will flip to disallow, as a first step towards phasing this out.
svn path=/trunk/; revision=4267
|
|
svn path=/trunk/; revision=4265
|
|
svn path=/trunk/; revision=4264
|
|
svn path=/trunk/; revision=4263
|
|
svn path=/trunk/; revision=4262
|
|
checks, RFC 3779 canonical form checks, other nits. Closes #172.
svn path=/trunk/; revision=4261
|
|
check_ta() as first step towards fixing extension checks (closes #107,
see #172).
svn path=/trunk/; revision=4260
|
|
svn path=/trunk/; revision=4259
|
|
svn path=/trunk/; revision=4258
|
|
svn path=/trunk/; revision=4257
|
|
svn path=/trunk/; revision=4256
|
|
(defaults off) to make nonconformant issuer and subject names fatal.
svn path=/trunk/; revision=4255
|
|
now that this bug isn't masked by the one I fixed earlier today.
svn path=/trunk/; revision=4081
|
|
walk_ctx_loop_init(): need to bump walk state -before- looking for
files not in manifest.
svn path=/trunk/; revision=4079
|
|
unnecessary. Add missing assertion. See #112.
svn path=/trunk/; revision=4068
|
|
svn path=/trunk/; revision=4067
|
|
three or more paths to a given object in pathological cases, but doing
better would require us to record the parent URI for every check and
recheck, which doesn't seem worth it for the expected usage. So we
don't choose the freshest object in really sick cases. Tough noogies.
svn path=/trunk/; revision=4066
|
|
svn path=/trunk/; revision=4060
|
|
svn path=/trunk/; revision=4059
|
|
rc->rsync_cache and rc->dead_host_cache have merged, acquired
timestamps, and been renamed rc->rsync_history. Revised code is
simpler, even. This is most of #110, but addition of connection data
to XML output still needs to be done.
rc->backup_cache is gone, as the information it held was a subset of
what we were already keeping in rc->validation_status. This was most
of the groundwork for #109, but code still needs tweaking to perform
this sort of check for objects other than certificates.
svn path=/trunk/; revision=4058
|
|
event codes.
svn path=/trunk/; revision=4047
|
|
svn path=/trunk/; revision=4044
|
|
to understand rcynic's output.
svn path=/trunk/; revision=4043
|
|
svn path=/trunk/; revision=4042
|
