From 7cd197b5a208ba4dc9b2430f9e20e28f504e7892 Mon Sep 17 00:00:00 2001 From: Rob Austein Date: Mon, 7 Apr 2008 23:02:39 +0000 Subject: Hideously inefficient first cut at dynamic TLS trust anchor handling. With this enabled, client certificate validation finally works. Efficiency issues deferred until new trust anchor model is in place, since it will need to be rewritten at that point anyway. svn path=/rpkid/rpki/gctx.py; revision=1628 --- rpkid/testbed.py | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) (limited to 'rpkid/testbed.py') diff --git a/rpkid/testbed.py b/rpkid/testbed.py index daa73f50..a6843a08 100644 --- a/rpkid/testbed.py +++ b/rpkid/testbed.py @@ -409,7 +409,7 @@ class allocation(object): def apply_revoke(self, target): if self.is_leaf(): rpki.log.info("Attempting to revoke YAML leaf %s" % self.name) - subprocess.check_call((prog_python, prog_poke, "-y", self.name + ".yaml", "-r", "revoke")) + subprocess.check_call((prog_python, prog_poke, "-y", self.name + ".yaml", "-r", "revoke", "-d")) elif target is None: rpki.log.info("Revoking %s" % self.name) self.call_rpkid(rpki.left_right.self_elt.make_pdu(action = "set", self_id = self.self_id, revoke = "yes")) @@ -634,8 +634,8 @@ class allocation(object): def run_yaml(self): """Run YAML scripts for this leaf entity.""" rpki.log.info("Running YAML for %s" % self.name) - subprocess.check_call((prog_python, prog_poke, "-y", self.name + ".yaml", "-r", "list")) - subprocess.check_call((prog_python, prog_poke, "-y", self.name + ".yaml", "-r", "issue")) + subprocess.check_call((prog_python, prog_poke, "-y", self.name + ".yaml", "-r", "list", "-d")) + subprocess.check_call((prog_python, prog_poke, "-y", self.name + ".yaml", "-r", "issue", "-d")) def setup_biz_cert_chain(name): """Build a set of business certs.""" @@ -764,6 +764,7 @@ cms-cert-chain-file: [ %(my_name)s-RPKI-CA.cer ] ssl-cert-file: %(my_name)s-RPKI-EE.cer ssl-key-file: %(my_name)s-RPKI-EE.key ssl-ca-cert-file: %(parent_name)s-RPKI-TA.cer +ssl-cert-chain-file: [ %(my_name)s-RPKI-CA.cer ] requests: list: -- cgit v1.2.3