aboutsummaryrefslogtreecommitdiff
path: root/rcynic
AgeCommit message (Collapse)Author
2014-04-05Source tree reorg, phase 1. Almost everything moved, no file contents changed.Rob Austein
svn path=/branches/tk685/; revision=5757
2014-03-06Clang found a few issues.Rob Austein
svn path=/trunk/; revision=5698
2014-02-27More router certificate checks.Rob Austein
svn path=/trunk/; revision=5689
2014-02-26Add EKU checks for BGPSEC router certificates, now that we have aRob Austein
value for id-kp-bgpsec-router. svn path=/trunk/; revision=5687
2014-01-22Add --help and long option names to rcynic.Rob Austein
svn path=/trunk/; revision=5641
2014-01-10Even more getopt -> argparse.Rob Austein
svn path=/trunk/; revision=5627
2014-01-10Still more getopt -> argparse.Rob Austein
svn path=/trunk/; revision=5625
2014-01-09Update more copyrights, clean up module doc blocks.Rob Austein
svn path=/trunk/; revision=5624
2013-12-19Rewrite all uses of readdir() to avoid using on dirent d_type field.Rob Austein
Some of this code was fairly unreadable, so this turned into a general clean up of the affected functions. See #660. svn path=/trunk/; revision=5610
2013-12-17Handle subprocess exit codes more gracefully.Rob Austein
svn path=/trunk/; revision=5609
2013-11-23Emit better(?) error message when we hit can't open a TAL file. Fixes #113.Rob Austein
svn path=/trunk/; revision=5603
2013-11-22Add object count table, per ancient request from Keyur. See #10.Rob Austein
svn path=/trunk/; revision=5602
2013-11-22Conformance: Make sure CMS contains exactly one certificate and thatRob Austein
it matches the certificate specified by the SignerInfo. svn path=/trunk/; revision=5600
2013-11-22Check certificate policy for qualifiers: allow id-qt-cps with aRob Austein
warning, since there's a WG draft about that, reject anything else. Fixes #640. svn path=/trunk/; revision=5599
2013-11-22Add NIDs for OIDs OpenSSL doesn't know about, convert all use ofRob Austein
literal OIDs in rcynic to use the NID API. We could probably do something a bit prettier with a .h file built by a script, but this addresses the basic problem. Closes #263. svn path=/trunk/; revision=5598
2013-11-21TypoRob Austein
svn path=/trunk/; revision=5592
2013-11-07More precise checking of attributes in CMS SignerInfos. Fixes #644.Rob Austein
svn path=/trunk/; revision=5588
2013-11-07Check manifest validity dates against its EE certificate. Fixes #651.Rob Austein
svn path=/trunk/; revision=5587
2013-11-07Don't allow EKU in signed objects. Fixes #645.Rob Austein
svn path=/trunk/; revision=5586
2013-11-07JPNIC is now under APNIC testbed, so remove old jpnic.tal.Rob Austein
svn path=/trunk/; revision=5585
2013-11-06Check ROA max prefix length against prefix length. Fixes #648.Rob Austein
svn path=/trunk/; revision=5584
2013-11-06Check certificates for non-null SAFI. While we're at it, check forRob Austein
unknown AFI in case that somehow slips past OpenSSL. Fixes #641. svn path=/trunk/; revision=5583
2013-11-06Check for manifestNumber too big. Fixes #652.Rob Austein
svn path=/trunk/; revision=5582
2013-11-06Check for certificate serial number too big. Fixes #642.Rob Austein
svn path=/trunk/; revision=5581
2013-11-06RFC 5280 restriction to 20 octets is 20 octets in two's complement, soRob Austein
max value has to allow for sign bit. See #642. svn path=/trunk/; revision=5580
2013-10-09Fix inconsistent names for rpki-rtr's data directory. Fixes #635.Rob Austein
svn path=/trunk/; revision=5559
2013-09-09Send mail from rcynic-cron to root, not rcynic. Closes #610.Rob Austein
svn path=/trunk/; revision=5488
2013-07-30Log a warning if we accept an EE certificate whenRob Austein
allow_ee_without_signedObject is active. Fixes #591. svn path=/trunk/; revision=5445
2013-07-18GCC warning.Rob Austein
svn path=/trunk/; revision=5439
2013-07-17Sigh, RIPE's web page is confusing, going with what Tim said on theRob Austein
SIDR list, which suggests that they've collapsed down to a single TAL for both hosted and non-hosted pilot service. Closes #584. svn path=/trunk/; revision=5434
2013-07-17RIPE's hosted pilot (different from RIPE's non-hosted pilot, which isRob Austein
also different from RIPE's production service). Closes #584. svn path=/trunk/; revision=5433
2013-07-16Save rcynic-html for last in rcynic-cron, as it's less critical thanRob Austein
tasks like feeding the rpki-rtr engine. Treat failure to find rrdtool as a fatal error during ./configure, to avoid building a version of rcynic-html that can't generate graphs. Closes #583. svn path=/trunk/; revision=5430
2013-07-16Outdated comment.Rob Austein
svn path=/trunk/; revision=5429
2013-07-06Switch rpki-rtr sockets directory from being owned by "nobody" toRob Austein
being owned by another userid we invented, so kickme works right when not running --cronjob as root. See #557. May need more testing as I am committing this in haste at NRT RedRug and testing on VMs while in transit.... svn path=/trunk/; revision=5426
2013-07-03APNIC's testbed TAL.Rob Austein
svn path=/trunk/; revision=5424
2013-06-27Report what we're doing before blocking select().Rob Austein
svn path=/trunk/; revision=5419
2013-06-27Flip default for allow-object-not-in-manifest to false.Rob Austein
svn path=/trunk/; revision=5418
2013-06-27Don't whine about stale CRLs and manifests that are only stale becauseRob Austein
we check them before running rsync when rsync-early is off. svn path=/trunk/; revision=5417
2013-06-19Name correction from JPNIC.Rob Austein
svn path=/trunk/; revision=5414
2013-06-18".der" is not a legal filename suffix for a trust anchor certificate.Rob Austein
See #492. svn path=/trunk/; revision=5413
2013-06-14Pruning now keys off the validation_status database rather than theRob Austein
rsync_history database, which solves the problem of how to prune when we skip rsyncing publication points for which we have a cached current manifest. svn path=/trunk/; revision=5409
2013-06-14Experimental feature: skip rsync_tree() if we have a valid manifestRob Austein
and haven't yet reached its nextUpdate time. Disabled by default, doesn't yet handle pruning correctly, may give surprising results. svn path=/trunk/; revision=5408
2013-06-14[5389] removed code that installed default TALs as side effect ofRob Austein
generating rcynic.conf. Oops. See #550. svn path=/trunk/; revision=5406
2013-06-11Add mild degree of parallelism to default rcynic configuration.Rob Austein
svn path=/trunk/; revision=5391
2013-06-10Switch default configuration to use trust-anchor-directory.Rob Austein
svn path=/trunk/; revision=5389
2013-06-07NitRob Austein
svn path=/trunk/; revision=5379
2013-06-07Forgot a globfree().Rob Austein
svn path=/trunk/; revision=5378
2013-06-06Consolidate to a single event loop, queue up all TALs at start. ThisRob Austein
makes things run a lot faster with multiple trust anchors. svn path=/trunk/; revision=5377
2013-06-06Type signatures of rsync_*() and task_*() frameworkss should not be soRob Austein
tightly coupled to walk_cert(). Checkpoint along the way to adding handlers for the check_ta*() functions so that we can run multiple trust anchors in parallel. svn path=/trunk/; revision=5374
2013-06-06Reorganize TA handling code, add trust-anchor-directory directive.Rob Austein
Latter is not yet fully tested, so not yet ready for prime time. svn path=/trunk/; revision=5373
generated by cgit v1.2.3 (git 2.25.1) at 2025-05-11 11:14:14 +0000