aboutsummaryrefslogtreecommitdiff
path: root/rpkid/rpki/x509.py
AgeCommit message (Collapse)Author
2012-09-03Switch X501DN to use (new) POW format internally.Rob Austein
svn path=/branches/tk274/; revision=4690
2012-09-02Checkpoint of tweaks to rpki.x509.X501DN class prior to flipping thatRob Austein
class to use POW instead of POW.pkix. svn path=/branches/tk274/; revision=4689
2012-08-20Extend insecure-debug-only-rsa-key hack to something we can use withRob Austein
rpkic under yamltest. svn path=/branches/tk274/; revision=4649
2012-08-14Add POW C function to pull SKI from a certificate, so we can bypassRob Austein
the slower POW.pkix code in what profiling suggests is a serious hotspot during manifest generation. See #20, #274. svn path=/branches/tk274/; revision=4631
2012-08-10Add debug-only hack to let us reuse RSA keys from previous test runs.Rob Austein
Totally insecure. DO NOT USE THIS IN PRODUCTION. We may want to remove this before merging this branch back to trunk, but I've tried to make it difficult to hurt oneself with this by accident, and it makes a big difference in CPU time spent generating keys on large test runs. svn path=/branches/tk274/; revision=4628
2012-08-08Checkpoint of work to date, see #274 and #275.Rob Austein
svn path=/branches/tk274/; revision=4623
2012-08-07Safe mapping functions for OIDs, now that we're using the same code toRob Austein
deal with BPKI certificates with all the whacky distinguished name fields allowed by X.509, or at least by PKIX. See #279. svn path=/trunk/; revision=4621
2012-07-06Implement CMS-timestamp-based replay protection. Closes #35.Rob Austein
svn path=/trunk/; revision=4586
2012-07-03Add .mnf to dispatch list for backwards compatability.Rob Austein
svn path=/trunk/; revision=4569
2012-07-03Add more data to pubd log line, to aid tracking flow of objectsRob Austein
through the RPKI system. svn path=/trunk/; revision=4567
2012-05-10rpki.x509.DeadDrop.dump() should not abort the calling function forRob Austein
any reason. svn path=/trunk/; revision=4482
2012-05-09Fail gracefully if we can't initialize or write to DeadDrop mailbox.Rob Austein
svn path=/trunk/; revision=4480
2012-02-09merge with /trunkMichael Elkins
svn path=/branches/tk161/; revision=4321
2012-01-08Checkpoint. New irdbd now work, after some transaction voodoo.Rob Austein
svn path=/branches/tk100/; revision=4147
2011-12-16Checkpoint. Add EnumField. Debug CertificateManager.Rob Austein
svn path=/branches/tk100/; revision=4124
2011-12-15Checkpoint. Rewrote all the OOB-setup portions of rpkic to use newRob Austein
IRDB, which simplified the code considerably as a nice side effect. svn path=/branches/tk100/; revision=4123
2011-12-15Checkpoint. Add rpki.irdb.models.CertificateManager() to consolidateRob Austein
BPKI object creation logic. Move CSV code out of rpkic. svn path=/branches/tk100/; revision=4122
2011-12-14Start hacking replacement for myrpki comamnd (rpkic) which uses theRob Austein
new Django-model-based entitydb and IRDB. svn path=/branches/tk100/; revision=4121
2011-12-13Flesh out BPKI methodsRob Austein
svn path=/branches/tk100/; revision=4118
2011-12-12Checkpoint. Custom IRDB model fields to handle automatic typeRob Austein
conversion. Debug last night's rewrite of BPKI certificate issuance. svn path=/branches/tk100/; revision=4117
2011-12-12Checkpoint. Add X501DN abstraction, start sorting out BPKI generation code.Rob Austein
svn path=/branches/tk100/; revision=4116
2011-10-07Fix bug in [4025], clean up PKCS 10 checking a bit more (see #6).Rob Austein
svn path=/rpkid/rpki/x509.py; revision=4028
2011-10-07Tighten up PKCS 10 request checking (closes #6).Rob Austein
svn path=/rpkid/rpki/oids.py; revision=4025
2011-10-05Add global traceback control; this closes #95. Clean up someRob Austein
"except:" clauses that should have been "except Exception:". svn path=/rpkid/rpki-sql-setup.py; revision=4014
2011-10-04More explicit certificate expiration checks in CMS verify (see #94).Rob Austein
svn path=/rcynic/rcynic.c; revision=4012
2011-10-04Add explicit check for certificate expiration in CMS verify (see #94).Rob Austein
svn path=/rpkid/rpki/exceptions.py; revision=4011
2011-10-04Don't spew to stderr if dumpasn1 isn't available when we want to dumpRob Austein
CMS that doesn't validate (see #94). Switch CMS-dumping code to use OpenSSL library code rather than dumpasn1 -- dumpasn1 is prettier, but not enough prettier to be worth making people install yet another freaking program that's only used to diagnose strange failures. svn path=/rpkid/rpki/x509.py; revision=4010
2011-10-04Catch IOError when dumping bad CMS (see #94).Rob Austein
svn path=/rpkid/rpki/x509.py; revision=4008
2011-07-25Printouts of lists of certificates and CRLs do not make good exception stringsRob Austein
svn path=/rpkid/rpki/x509.py; revision=3942
2011-06-14do not fail if AIA extension is missing since None is a valid return valueMichael Elkins
svn path=/rpkid/rpki/x509.py; revision=3869
2011-06-09add preliminary support for the ghostbusters recordMichael Elkins
svn path=/rpkid/rpki/ghostbuster.py; revision=3857
2011-04-27First whack at some of the silliest logging codeRob Austein
svn path=/rpkid/rpki/async.py; revision=3793
2011-03-26Don't fail in diagnostic code in dumpasn1 isn't availableRob Austein
svn path=/rpkid/rpki/x509.py; revision=3743
2011-03-21First cut at Ghostbusters support.Rob Austein
svn path=/rpkid/irdbd.sql; revision=3730
2011-03-18Add @property decorators to a bunch of methods that are just syntacticRob Austein
sugar around cached SQL object fetches. Checkpoint of incomplete support for Ghostbusters reords. Clean up a few extraneous imports. svn path=/rpkid/Makefile.in; revision=3725
2011-01-04POW => rpki.POWRob Austein
svn path=/pow/POW-0.7/lib/pkix.py; revision=3598
2010-11-14Implement "reissue" left-right operation. Reformat some doc strings.Rob Austein
svn path=/rpkid/irbe_cli.py; revision=3551
2010-11-10Fix handling of inheritance in EE certsRob Austein
svn path=/rpkid/rootd.py; revision=3544
2010-10-07Merge rpkid.without_tls/ branch to rpkid/ trunk.Rob Austein
svn path=/rpkid/Makefile; revision=3465
2010-09-15Convert interface between Python and OpenSSL to use GeneralizedTimeRob Austein
syntax for both GeneralizedTime and UTCTime: bad enough that the ASN.1 code has to know about Y2050 madness, there's no sane reason why application code should need to know. svn path=/pow/POW-0.7/POW.c; revision=3448
2010-09-10Refactor .wrap()/.unwrap() code prior to adding CMS timestamp checks.Rob Austein
svn path=/rpkid/irdbd.py; revision=3445
2010-09-09Downgrade syslog priority of a few messagesRob Austein
svn path=/rpkid/rpki/https.py; revision=3444
2010-09-07Add support for extracting signingTime from CMS messages.Rob Austein
svn path=/pow/POW-0.7/POW.c; revision=3440
2010-09-03Add new "Auto_update" flavor of DER objects: this is like Auto_file,Rob Austein
but saves the filename from which it was loaded, and attempts to reload itself automatically if the file's st_mtime changes. svn path=/rpkid/irdbd.py; revision=3439
2010-09-03Restrict extra identity checks for trusted BPKI EE certificates toRob Austein
subject name and public key, so that things won't come to a grinding halt if BPKI certificates are updated while daemons are running. svn path=/rpkid/rpki/x509.py; revision=3438
2010-08-29Break XML packet dumps into multiple lines when logging schemaRob Austein
validation errors. svn path=/rpkid/rpki/publication.py; revision=3431
2010-03-16Update copyright noticesRob Austein
svn path=/rpkid/irbe_cli.py; revision=3107
2010-02-24CheckpointRob Austein
svn path=/rpkid/rpki/async.py; revision=3006
2010-02-24Checkpoint. <list_received_resources/> still not quite working yet, but ↵Rob Austein
getting closer. svn path=/rpkid/irbe_cli.py; revision=3005
2010-01-05Tweaks to DeadDrop Maildir format.Rob Austein
svn path=/rpkid/rpki/x509.py; revision=2928
generated by cgit v1.2.3 (git 2.25.1) at 2025-07-05 18:12:32 +0000