| Age | Commit message (Collapse) | Author |
|---|
|
The file still needs to match its hash to make the MFT valid but then
there will only be a warning printed. Parsing of other files from that
MFT are not influenced.
OK tb@
|
|
The error should be more helpful thisway.
OK tb@
|
|
tweak/ok claudio
|
|
|
|
discussed with and ok claudio
|
|
poll loop. In the main process move the timeout handling for repositories
into a single function that does the timeouts and the calculation of the
timeout in one go.
OK tb@
|
|
delivery checks at the end still need to happen. So that on EINTR bgpd
processes reconfigure or mrt files ASAP.
Fix for mrt integration tests.
Reported by and ok anton@
|
|
|
|
Change -f to be a mode flag and pass one or multiple files as arguments
to rpki-client. Some extra checks need to be done to not load the same
certificate or CRL multiple times.
Input and OK tb@
|
|
of looking it up again. For this valid_roa() needs to be moved up in
proc_parser_roa() also move out the assignment of the TAL id. Not the
right thing to alter an object in a validation function.
OK tb@
|
|
rtype_from_mftfile(). Move both rtype_from functions to mft.c.
ok beck claudio
|
|
There are now four levels of verbosity:
0. Prints only the summary
1. Prints a line when installing/removing
2. Uses the ftp(1) progress bar
3. Provides more details for debugging
With some excellent ksh knowledge provided by kn@
|
|
|
|
rpki-client uses the same idiom to determine the file type in too many
places. Use one function that determines the appropriate RTYPE from the
file name. Add that type to struct mftfile and use this new member to
simplify queue_add_from_mft*().
input/ok claudio
|
|
|
|
so that it can be reused light-weight by portgen and the likes.
(the actual move will happen once the base sets all have the new files)
|
|
contain an extension of length four.
ok claudio
|
|
Also either fail hard or restart after other errors. In anycase do not
look at pollfds after an error.
OK benno@
|
|
ok millert@ claudio@
|
|
to ta_parse(). This fits better there. Also drop extracting and
printing the x509 subject of the TAs. The subject is more or less
the filename anyway which is already printed.
OK tb@
|
|
... including those inlined into print_dname(). This also fixes
-Wunused-but-set-variable warnings warnings in smtpd and smtpctl.
The code was imported with asr and then copied around.
ok deraadt@ guenther@
|
|
ok guenther@
|
|
ok guenther@
|
|
ok guenther@
|
|
ospf6d.c: sync a missing bit of (disabled) code with ospfd
rde.c: ifdef out some more incomplete code
ok denis@ claudio@
|
|
|
|
OK tb@
|
|
|
|
printed in human readable form and is also verified against the valid
cache of rpki-client.
To validate the file the chain is explored backwards by looking at the
Authority Information Access URI and X509v3 CRL Distribution Point of
the cert. Once the trust anchor is found this chain can be verified.
Feedback and OK job@ tb@
|
|
OK jmatthew@
tested as part of larger diff by sthen@ and Joel Carnat
|
|
- Asynchronous design, which should allow us to cleanly implement agentx
support.
- Cluster requests when sending them to backends
- Return a better error code in a lot of cases.
- Allow bulkget to return row by row instead of column by column (as per
RFC3416)
- Better SNMPv1 mapping as per RFC3584
- Allow registration of overlapping regions.
- Stricter OID comparison.
- We loose write support. Previous write support didn't guarantee
atomicity, wasn't persistent across restarts and didn't implement
anything useful. This can be added later if it's missed.
- This is quite a bit slower, but this should clear up once the current
mps.c and mib.c code gets pushed out. Other tricks could help speed
things up, but I don't want to resort to extra tricks if it's not needed.
- More detailed debugging output.
This commit is stand-alone and gets hooked in with the following commit.
"Looks good at first glance" benno@
minor issues pointed out by and OK jmatthew@
Performance loss aceptable to sthen@
tested as part of larger diff by sthen@ and Joel Carnat
|
|
messages through the current transport mapping code.
OK jmatthew@
tested as part of larger diff by sthen@ and Joel Carnat
|
|
OK jmatthew@
tested as part of larger diff by sthen@ and Joel Carnat
|
|
application layer.
OK jmatthew@
tested as part of larger diff by sthen@ and Joel Carnat
|
|
These are needed for a new application layer, where a lot of the snmpd.h
stuff just clutter.
OK jmatthew@
tested as part of larger diff by sthen@ and Joel Carnat
|
|
These functions are needed from the new application layer and don't
really belong in snmpd.h.
OK jmatthew@
tested as part of larger diff by sthen@ and Joel Carnat
|
|
This is needed for a new application layer where, where a lot of the
snmpd.h stuff just clutter.
Requested by benno@
OK jmatthew@
tested as part of larger diff by sthen@ and Joel Carnat
|
|
ok claudio
|
|
For mfts this flag is cleared since the CRL is referenced by the MFT itself.
Also remove some if (crl != NULL) checks since they are not needed.
The functions protected by it are all handling NULL as an input.
OK job@ tb@
|
|
Suggested by and OK tb@
|
|
argument. The x509 cert is also inside struct cert and easy to access.
Also switch auth_insert() to a void function since it can't fail.
OK tb@
|
|
|
|
|
|
|
|
|
|
it into its own function valid_x509(). Simplifies the code substantially.
This may report a few more errors for .roa and .gbr files but IMO that
special case was a left-over from long time ago.
OK tb@
|
|
x509_init_oid() to initalize all necessary OID objects at start.
OK tb@
|
|
ok florian@
|
|
ok krw@
|
|
Remove a warning that has outlived its usefulness.
From Brian Conway, thanks.
|
