| Age | Commit message (Collapse) | Author |
|---|
|
|
|
queue element around once it is sent to the parser process. Instead just
keep a count of pending entities and make the parser send back the entity
type instead of the id (since this is the only field needed to figure out
what to do).
OK job@
|
|
data between processes. This completely decouples the write side.
rpki-client can't really use the imsg framework but it can use the ibuf
bits wich imsg is built on.
OK benno@ job@
|
|
OK claudio@
|
|
extra has_xyz integers to indicate if the following buffer is present
or not. At the same time sprinkle some asserts for strings which must
be not NULL.
OK tb@
|
|
empty strings. There are no empty strings being passed around but a
fair amount of optional strings and this will simplify this code.
OK tb@
|
|
location and the filename of the referenced file. Use the same method
both in main.c and mft.c which is a fair bit simpler than using calloc
and strlcpy/strlcat to build the string by hand.
OK tb@
|
|
|
|
provided vcard payload. This change verifies the certificate of the .gbr
file and makes sure it is valid (like we do for e.g. .roa files).
OK job@
|
|
hash even if rpki-client ignores this file later on.
OK job@
|
|
ispunct characters. Everything else is fishy and so block those early on.
OK millert@ job@
|
|
Found by naddy@
|
|
OK naddy@
|
|
internally. This is a step in direction of more async aware io in rpki-client.
Now everything uses a buffer which is then written.
OK tb@
|
|
OK deraadt@
|
|
|
|
There is currently dead code in mft_parse() that handles stale
manifests by setting the stale flag and removing all files they
reference. This code was made unreachable in a refactor that
fixed a logic error that made mft_parse() succeed despite its
error handling. check_validity() returns three possible values.
Report failures and stale mfts back immediately via rc. Success
needs to reset rc to -1, so subsequent errors are reported as
such.
This is mostly cosmetic and only changes the rpki-client output
in that the comment at the top of the config now actually shows
stale manifests. This makes regress pass again.
ok claudio job
|
|
|
|
The check_validity() function used the X509_cmp_time() functions with
GeneralizedTime. This doesn't work with current dates since LibreSSL
enforces conformance with RFC 5280 in X509_cmp_time(), which requires
that dates before 2050 are represented with UTCTime. The functions
would return an error, but missing error checking led to failing to
detect expired or not yet valid manifests. Fix this by converting the
dates into struct tm and using ASN1_time_tm_cmp() instead.
With input from claudio, jsing
ok benno claudio jsing
|
|
validated certs / tals and there is no need to double check if the URIs
point to the right resource again. rtype_resolve() is now unused and can
be removed.
OK tb@
|
|
Instead of rsync_uri_parse() check the start of the uri for rsync:// and
also check that the uri ends in .mft.
OK tb@
|
|
|
|
OK claudio@ deraadt@
|
|
The URI are sorted which results in preferrence of https URI.
To make rpki-client's handling easier enforce that all URI use the same
filename.
OK benno@
|
|
path to that resource. This will be needed for future RRDP support.
Additionally support more then one TAL URI and select the rsync URI
in that list. Finally queue_add_from_cert() got modified to include
both the rsync URI and the RRDP notify URI (which is still unused).
OK benno@
|
|
allocated with EVP_ENCODE_CTX_new(). Do this once on the first call
and keep the context around for all subsequent calls.
OK tb@ and benno@
|
|
in the main loop. This removes a few portability issues.
OK benno@
|
|
an argument. Will help with further changes.
OK benno@
|
|
Use errx(), remove the extra \n and use the correct argument (-s not -t).
|
|
to the -lcrypto base64 decoder using EVP_Decode* this is more portable.
With and OK tb@, OK benno@ (on a less polished version)
|
|
sure benno@
|
|
(for an amusing long time), so that the partnership with cron "~ -ns" could
not make progress ingesting new ROAs. Add a "-s timeout" feature (default 1H,
0 to disable) after which rpki-client gives up the ghost, allowing cron to
perform a fresh try. Log loudly when this occurs.
ok job claudio beck
|
|
there in structs and prototypes. Remove the openssl/ssl.h and other strange
openssl includes in the .c files that don't use openssl specific functions.
OK beck@ and tb@
|
|
|
|
main.c is too crowded
OK deraadt@
|
|
ok claudio@
|
|
is no reason to run the rsync subprocess. Just immediatly make the
repo valid when inserting it to the repo_list.
OK benno@ (some time ago)
|
|
Should hopefully fix an issue seen by Robert Scheck
OK deraadt@
|
|
what is used for adding other certificates.
-Don't call X509_verify on trust anchors for no reason.
-Add basic checks for TA certificate (subject can parse, cert is not expired)
-Add some useful error reporting if the TA cert we fetched is no good.
ok claudio@
|
|
Extract the notify URL from the cert if it is available and pass it back to
the parent process. The parent process can then use this info to load the
repo via RRDP instead of rsync.
OK benno@ (some long time ago)
|
|
Feedback and ok cladio@
ok patrick@, tb@
|
|
The -f option existed for some initial debugging work.
Thanks Weerd for review
OK claudio@
|
|
use the files referenced in the manifests to build up a list of files
to keep and remove anything that is not in the list after doing the
full computation.
OK job@ benno@
|
|
outside of ppoll() it is possible that multiple processes exited before
waitpid is called. Because of this all childs need to be picked up and
not only one. Fixes a hang seen more often now since there is a lot more
repositories to sync.
OK deraadt@ who came up with a very similar fix also OK job@ benno@
|
|
|
|
preserve symbolic links in the repositories.
From Robert Scheck < robert at fedoraproject.org >
|
|
preserve symbolic links. Instead just ignore them.
OK benno@ deraadt@
|
|
ok job, input claudio benno
|
|
ok job
|
|
OK deraadt@
|
