aboutsummaryrefslogtreecommitdiff
path: root/rcynic
AgeCommit message (Collapse)Author
2011-10-06Move fcntl(F_SETFL, O_NONBLOCK) to after fork().Rob Austein
svn path=/rcynic/rcynic.c; revision=4017
2011-10-05Check manifest generation before whining about missing backup objects. This ↵Rob Austein
closes #93. svn path=/rcynic/rcynic.c; revision=4013
2011-10-04More explicit certificate expiration checks in CMS verify (see #94).Rob Austein
svn path=/rcynic/rcynic.c; revision=4012
2011-10-03Fixes #93. New config parameter allow-digest-mismatch, default isRob Austein
warn and allow. Digest mismatch is now a warning message only. Missing object that's listed in manifest is now logged as a serious problem. At the moment, we do this for missing objects in both current and backup generations. I'm not sure that's right, might make more sense to log this only for current generation, but let's try running this way for a little while to see what patterns show up. svn path=/rcynic/README; revision=4007
2011-09-29Tweak logging levels for what's debugging vs what's mergely verboseRob Austein
when logging stuff related to rsync subprocesses. svn path=/rcynic/rcynic.c; revision=4004
2011-09-29Remove gratuitous and incorrect assertion unmasked by [4002].Rob Austein
This fixes #91. svn path=/rcynic/rcynic.c; revision=4003
2011-09-29Add rsync_state_closed: pipe from rsync has closed, but rsync hasn'tRob Austein
exited yet. Dunno why this happens, but it does. Apply upper bound to how long rcynic goes to sleep for any one select(); pity kqueue() isn't portable, that'd be a better solution. This closes #87. svn path=/rcynic/rcynic.c; revision=4002
2011-09-24CleanupRob Austein
svn path=/rcynic/bio_f_linebreak.c; revision=4000
2011-09-23Compiler warningRob Austein
svn path=/rcynic/rcynic.c; revision=3999
2011-09-23Minor doc edit, needed to be done, but real purpose of this changesetRob Austein
is to see whether this commit closes #83 properly. svn path=/rcynic/README; revision=3998
2011-09-23Handle multiple CRLs from same issuer properly, or as properly as IRob Austein
know how to manage. Cache values we use on every call to check_x509() in the walk_ctx_t. This closes #83. svn path=/rcynic/rcynic.c; revision=3997
2011-09-21rcynic is now more than one file.Rob Austein
svn path=/rcynic/Doxyfile; revision=3996
2011-09-21Still more #83: rework CRL digest check to allow local policy, addRob Austein
check (warning only) of CRLDPs in other objects against manifest EE certificate CRLDP. svn path=/rcynic/README; revision=3995
2011-09-20Further #83: rework check_manifest() to compare manifest numbers,Rob Austein
postpone CRL digest check until we've picked the manifest. svn path=/rcynic/rcynic.c; revision=3993
2011-09-19Progress (not complete) on #83: check CRL numbers rather than justRob Austein
blindly accepting current when both exist, further nit-picky checks (AKI, CRL extensions, CRL and certificate versions). svn path=/rcynic/rcynic.c; revision=3992
2011-09-16Rework CMS checking to use check_x509(). (#82)Rob Austein
Start cleaning up tangled mess of interlocked checks between CRL and manifests. (#83) svn path=/rcynic/README; revision=3991
2011-09-15Consolidate and rationalize validation status codes. (#81)Rob Austein
svn path=/rcynic/rcynic.c; revision=3988
2011-09-15Check TAL URI properly. (#80)Rob Austein
Clean up a bit of dead code. svn path=/rcynic/rcynic.c; revision=3987
2011-09-15Merge rcynic-ng/ back into rcynic/. Used svn merge --ignore-ancestryRob Austein
to minimize problems for people mirroring the repository. svn path=/configure; revision=3985
2011-09-01Clean up old APNIC trust anchor, long since replaced by TAL.Rob Austein
svn path=/rcynic-ng/sample-trust-anchors/apnic.cer; revision=3965
2011-06-27Construct file:// URI to name local trust anchorsRob Austein
svn path=/rcynic-ng/rcynic.c; revision=3901
2011-06-17Log validation status of trust anchors tooRob Austein
svn path=/rcynic/rcynic.c; revision=3886
2011-06-12Preserve timestamps when copying files.Rob Austein
svn path=/rcynic-ng/rcynic.c; revision=3864
2011-06-07First kill() the subprocess, *then* wait for it to exit. Doh.Rob Austein
svn path=/rcynic/rcynic.c; revision=3855
2011-05-09First cut at scanning both manifest and directory. Disabled byRob Austein
default, because not really right yet: doesn't pay close enough attention to manifest staleness, and doesn't handle directory with multiple manifests gracefully. svn path=/rcynic/rcynic.c; revision=3809
2011-05-07Clean up URI cache checks; fix bug introduced in previous editRob Austein
(walk_cert_1() call that should have been walk_cert_2()). svn path=/rcynic/rcynic.c; revision=3805
2011-05-07Tighten up various checksRob Austein
svn path=/rcynic/rcynic.c; revision=3803
2011-05-06DESTDIRRob Austein
svn path=/rcynic/installation-scripts/darwin/install.sh; revision=3802
2011-05-06DESTDIRRob Austein
svn path=/pywrap/Makefile.in; revision=3801
2011-04-21doxygen -uRob Austein
svn path=/rcynic/Doxyfile; revision=3782
2011-04-21Tweak Doxygen stuffRob Austein
svn path=/rcynic/Makefile.in; revision=3780
2011-04-20Finish Makefile support for Doxygen.Rob Austein
svn path=/rcynic/Makefile.in; revision=3779
2011-04-20SEPARATE_MEMBER_PAGES is a big win for a large single-file program.Rob Austein
svn path=/rcynic/Doxyfile; revision=3778
2011-04-13Don't allow EKU extension in CA certs.Rob Austein
svn path=/rcynic/rcynic.c; revision=3771
2011-04-13First cut at restricting X.509v3 extensions to only those allowed by profile.Rob Austein
svn path=/rcynic/rcynic.c; revision=3770
2011-04-04fix rcynic linux installation script to work on x86_64Michael Elkins
svn path=/rcynic/installation-scripts/linux/install.sh.in; revision=3759
2011-03-30Make make-tal.sh executableRob Austein
svn path=/rcynic/make-tal.sh; revision=3750
2011-03-22Blank line for better readabilityRob Austein
svn path=/rcynic/make-tal.sh; revision=3735
2011-03-22First cut at Ghostbuster record support. Doesn't (yet?) checkRob Austein
anything about the VCard itself. CMS checking code could stand refactoring if I can figure out a sane way to do it while still postponing expensive signature checks until after the cheaper checks. svn path=/rcynic/Makefile.in; revision=3734
2011-03-17Updated BBN testbed TAL per request from Andrew ChiRob Austein
svn path=/rcynic/sample-trust-anchors/bbn-testbed.tal; revision=3724
2011-02-18APNIC accidently whacked their testbed RPKI TA, so update TALRob Austein
svn path=/rcynic/sample-trust-anchors/testbed-apnicrpki.tal; revision=3683
2011-02-12running rsync in a chroot under CentOS 5.x requires libresolv.so.2Michael Elkins
svn path=/rcynic/installation-scripts/linux/install.sh.in; revision=3676
2011-02-12quick fix to use -n argument to useradd when executed on CentOSMichael Elkins
svn path=/rcynic/installation-scripts/linux/install.sh.in; revision=3675
2011-01-28Whack this into working on Ubuntu 10.04Rob Austein
svn path=/configure; revision=3672
2011-01-28Autoconf installation script for rcynic on Linux, because at least oneRob Austein
required program (awk) lives in different places in different distros. rcynic installation parameters probably ought to be configurable via autoconf too, but don't worry about that for now. svn path=/configure; revision=3671
2011-01-26s/wheel/root/gRob Austein
svn path=/rcynic/installation-scripts/linux/install.sh; revision=3668
2011-01-26Twisty maze of shell scriptsRob Austein
svn path=/rcynic/Makefile.in; revision=3667
2011-01-26Update distcleanRob Austein
svn path=/rcynic/Makefile.in; revision=3666
2011-01-26Jailed rcynic installation working (I think) on Fedora. Remains to beRob Austein
seen whether it works on any other Linux distro. What a mess. svn path=/configure; revision=3665
2011-01-25Feh, need to hard-link /var/run/mDNSResponder into jailRob Austein
svn path=/rcynic/installation-scripts/darwin/RCynic/RCynic; revision=3664
generated by cgit v1.2.3 (git 2.25.1) at 2025-06-06 10:58:05 +0000