| Age | Commit message (Collapse) | Author |
|---|
|
|
|
Add an extra state to distinguish in between chunks CRLF handling from
the last chunk which can optionally have some trailer fields included.
rpki-client ignores these trailer header fields (they are also not common
it seems).
Also remove the empty line handling in http_parse_chunked() for explicit
checks in http_read(). Because of the extra state the switch back to
non-chunked mode can now be delayed until the transfer is over.
OK tb@
|
|
In many places the HTTP allows for extra spaces which need to be ignored.
Similar the chunked encoding extensions are separated from the chunk size
by a ':' but the spec also allows for bad whitespaces in all shapes and
forms. Adjust the logic in http_parse_chunked() to stop when the first
space, tab or ':' is seen. There is no need to check for newlines since
those are stripped by http_get_line().
OK tb@
|
|
RFC9112 allows any amount of space/tabs between the ':' and the value.
Until now this code required exactly one space which works most of the
time but is not RFC compliant.
Problem reported by Ties de Kock (tdekock (at) ripe.net)
OK tb@
|
|
OK tb@
|
|
|
|
If a providerAS sets an afiLimit, subsequent providerAS that don't set it
would erroneously inherit that limit. Zero out the provider at the top of
the loop to avoid this problem.
ok job
|
|
ok job
|
|
OK claudio@
|
|
|
|
elements
The RSC ASN.1 templates make it impossible to pass an RFC3779-style inherit option
because of the use of ConstrainedIPAddressFamily and ConstrainedASIdentifiers.
OK tb@
|
|
Unify conformance checking of Trust Anchors, ROAs, ASPAs, RSCs - none of which
may have any 'inherit' elements in the RFC 3779 IP/AS Resources extension of
the X509 certificate.
OK tb@
|
|
to track the parent repository id of a publication point.
Nomenclature is confusing but not much we can do here.
OK tb@ job@
|
|
While currently everyone only uses a single location, the spec allows for
multiple locations ordered by preference. While rpki-client does not
support more than one location this should not be a fatal error. Instead,
pick the first location and warn if there are more than one.
ok job
|
|
ok claudio job (as part of a larger diff)
|
|
|
|
OK tb@
|
|
With this rpki-client has a chance to still finish and produce an output
even when a CA is excessivly slow and holds back progress.
With and OK benno@ tb@ and job@
|
|
OK tb@ job@
|
|
then just failing the repo fetch but leaving the backends running.
OK tb@
|
|
The abort is done in a way that waits for any inflight files or http
requests to finish before removing the rrdp state and before sending
the rrdp done message indicating failure.
OK tb@ and benno@
|
|
The only caller does nothing with it.
with/ok claudio
|
|
|
|
directories in -n mode
OK claudio@
|
|
the limit on that queue instead of stopping to read new messages.
This is needed to implement an abort request.
"There is not enough RB_TREE in this diff" tb@
|
|
|
|
|
|
|
|
ASPA objects are published in the RPKI and can be used to detect and
mitigate BGP route leaks. Validated ASPA Payloads are visible through
filemode (-f) and the JSON output format (-j).
With feedback from tb@
OK claudio@ tb@
|
|
with/ok claudio
|
|
no longer valid while the newer file in the .rrdp directory is not (yet)
valid. In this case do not copy the old file over the newer file.
RRDP has no method to identiy inconsistent repos (unlike rsync) so if
the wrong file is put in .rrdp it is not noticed appart from the
verification process failing for that file.
OK tb@ job@
|
|
Instead of copy-pasting valid_uri(), we can call the real thing. That's
also not ideal since we actually check for an FQDN, but it's a bit
simpler.
ok claudio
|
|
If there's an issue opening the default skip list file other than its
absence (most likely bad permissions), we should not silently ignore
that. Also, use err() instead of errx() to display the error.
Second, linelen, the return value of getline(), is not currently used.
Repurpose it to save the result of strcspn() which calculates the length
of the string we're interested in and use that instead of strlen().
ok claudio
|
|
Suggestion from claudio@
OK tb@
|
|
Add command line flag to print the certificate in PEM format.
OK tb@
|
|
OK tb@
|
|
OK tb@ claudio@
|
|
Explicitly forbidden in sections 2 and 5 of draft-ietf-sidrops-rpki-rsc-10.
looks good to claudio
|
|
The resources delegated in the RFC 3779 extensions of the EE cert for
ROAs or RSCs can be a subset of the resources in the auth chain. So far
we compared that the resources of ROAs and RSCs are covered by the auth
chain, which is not entirely correct. Extract the necessary data from
the EE cert into rpki-client's own data structures, then verify that
the EE cert's resources cover the ones claimed in the ROA or RSC.
Do this as part or ROA and RSC parsing, that the EE cert's resources are
covered by the auth chain is checked in valid_x509() later on.
All this is a bit more annoying and intrusive than it should be...
ok claudio job
|
|
OK tb@
|
|
OK tb@
|
|
The EE Cert has just been allocated as part of deserializing the cms.
There is no need for an expensive copy, we can just keep a reference.
ok job
|
|
|
|
The ROA specification (RFC 6482 section 4) is a bit underspecified, however
in the wild the RFC 3779 AS Resources extension never ever appears on ROA EE
certificates, as it serves no purpose in the validation process.
OK tb@
|
|
If a repository is uncommunicative, rpki-client will try other transports,
or come back later (because of a next crontab invocation).
OK claudio@
|
|
hit this timeout. This is in line with the rsync code.
OK tb@ job@
|
|
OK claudio@
|
|
OK sthen@
|
|
the cachedir and if output files are written to outputdir. In -f mode
the unveil can be read-only in normal operation rwc is required because
the main process writes the RRDP files and also does the cleanup at the
end of the run.
Input from tb@ and mestre@, OK tb@
|
|
|
