| Age | Commit message (Collapse) | Author |
|---|
|
attempting to share between different kinds of signed objects. This
closes #82.
svn path=/trunk/; revision=4276
|
|
svn path=/trunk/; revision=4275
|
|
apparently ASID extensions are legal in EE certificates for ROAs,
although given the other constraints I can't think of a sane reason
why this is allowed when so much else is nailed down.
svn path=/trunk/; revision=4269
|
|
svn path=/trunk/; revision=4268
|
|
Use ASN1_INTEGER_cmp() instead of ASN1_INTEGER_get(), the latter's
behavior is too quirky.
Add config variable allowing compatability with manifest EE certs that
have no SIA extension, which is a technical violation of the spec,
albeit a harmless one as far as I can tell; at present, the default
for this variable allows these manifests, at some point the default
will flip to disallow, as a first step towards phasing this out.
svn path=/trunk/; revision=4267
|
|
svn path=/trunk/; revision=4265
|
|
svn path=/trunk/; revision=4264
|
|
svn path=/trunk/; revision=4263
|
|
svn path=/trunk/; revision=4262
|
|
checks, RFC 3779 canonical form checks, other nits. Closes #172.
svn path=/trunk/; revision=4261
|
|
check_ta() as first step towards fixing extension checks (closes #107,
see #172).
svn path=/trunk/; revision=4260
|
|
svn path=/trunk/; revision=4259
|
|
svn path=/trunk/; revision=4258
|
|
svn path=/trunk/; revision=4257
|
|
svn path=/trunk/; revision=4256
|
|
(defaults off) to make nonconformant issuer and subject names fatal.
svn path=/trunk/; revision=4255
|
|
now that this bug isn't masked by the one I fixed earlier today.
svn path=/trunk/; revision=4081
|
|
svn path=/trunk/; revision=4080
|
|
walk_ctx_loop_init(): need to bump walk state -before- looking for
files not in manifest.
svn path=/trunk/; revision=4079
|
|
svn path=/trunk/; revision=4074
|
|
svn path=/trunk/; revision=4072
|
|
svn path=/trunk/; revision=4070
|
|
svn path=/trunk/; revision=4069
|
|
unnecessary. Add missing assertion. See #112.
svn path=/trunk/; revision=4068
|
|
svn path=/trunk/; revision=4067
|
|
three or more paths to a given object in pathological cases, but doing
better would require us to record the parent URI for every check and
recheck, which doesn't seem worth it for the expected usage. So we
don't choose the freshest object in really sick cases. Tough noogies.
svn path=/trunk/; revision=4066
|
|
svn path=/trunk/; revision=4060
|
|
svn path=/trunk/; revision=4059
|
|
rc->rsync_cache and rc->dead_host_cache have merged, acquired
timestamps, and been renamed rc->rsync_history. Revised code is
simpler, even. This is most of #110, but addition of connection data
to XML output still needs to be done.
rc->backup_cache is gone, as the information it held was a subset of
what we were already keeping in rc->validation_status. This was most
of the groundwork for #109, but code still needs tweaking to perform
this sort of check for objects other than certificates.
svn path=/trunk/; revision=4058
|
|
svn path=/trunk/; revision=4050
|
|
svn path=/trunk/; revision=4049
|
|
needs much cleanup, but already runs an order of magnitude faster than
the XSL version.
svn path=/trunk/; revision=4048
|
|
event codes.
svn path=/trunk/; revision=4047
|
|
svn path=/trunk/; revision=4044
|
|
to understand rcynic's output.
svn path=/trunk/; revision=4043
|
|
svn path=/trunk/; revision=4042
|
|
runnable. [4018] changed rsync_run()'s behavior slightly, needed to
compensate for that to avoid skipping the next entry in the queue when
rsync_run() detects a cache hit. See #98 for the original problem.
svn path=/rcynic/rcynic.c; revision=4019
|
|
retrieved the data we want while this rsync was queued. Fixes #98.
svn path=/rcynic/rcynic.c; revision=4018
|
|
svn path=/rcynic/rcynic.c; revision=4017
|
|
closes #93.
svn path=/rcynic/rcynic.c; revision=4013
|
|
svn path=/rcynic/rcynic.c; revision=4012
|
|
warn and allow. Digest mismatch is now a warning message only.
Missing object that's listed in manifest is now logged as a serious
problem. At the moment, we do this for missing objects in both
current and backup generations. I'm not sure that's right, might make
more sense to log this only for current generation, but let's try
running this way for a little while to see what patterns show up.
svn path=/rcynic/README; revision=4007
|
|
when logging stuff related to rsync subprocesses.
svn path=/rcynic/rcynic.c; revision=4004
|
|
This fixes #91.
svn path=/rcynic/rcynic.c; revision=4003
|
|
exited yet. Dunno why this happens, but it does. Apply upper bound
to how long rcynic goes to sleep for any one select(); pity kqueue()
isn't portable, that'd be a better solution. This closes #87.
svn path=/rcynic/rcynic.c; revision=4002
|
|
svn path=/rcynic/bio_f_linebreak.c; revision=4000
|
|
svn path=/rcynic/rcynic.c; revision=3999
|
|
is to see whether this commit closes #83 properly.
svn path=/rcynic/README; revision=3998
|
|
know how to manage. Cache values we use on every call to check_x509()
in the walk_ctx_t. This closes #83.
svn path=/rcynic/rcynic.c; revision=3997
|
|
svn path=/rcynic/Doxyfile; revision=3996
|
