summaryrefslogtreecommitdiff
Commit message (Collapse)AuthorAgeFilesLines
* DNSSEC validation improvements.Linus Nordberg2016-04-134-78/+174
| | | | | | Use DS signature inception time as the DNSSEC validation time. Validate input data a bit more. Set TTL in DS to "Original TTL" of RRSIG (this time for real).
* Move testdata files to its own directory.Linus Nordberg2016-04-122-0/+0
|
* Make unit tests work again and move rrset files.Linus Nordberg2016-04-111-4/+4
|
* Get submitting and storing working.Linus Nordberg2016-04-088-42/+83
| | | | | | | | | | | | | Add README.dnssec. Do start the dnssecport server. Add config option 'trust_anchors_file'. Pass correct data to validation server. Change URL for submitting to match draft (add-rr-chain). Make add-rr-chain take a base64-encoded string of RR's instead of JSON list with one RR per entry. TODO: Make the python tools know enough DNS to be able to verify SCT's and such (i.e. 'make tests').
* Add knot config dir for local root, for testing.Linus Nordberg2016-04-0722-1/+397
|
* Canonicalise DS RR and refactor dns a bit.Linus Nordberg2016-04-073-33/+70
| | | | | | Rename split_rrset/1 -> decode_rrset/1. Add type rr() and use it. Canonicalise DS RR.
* Add unit test for validation, from dnssecport:handle_call().Linus Nordberg2016-04-079-72/+249
| | | | | | | | - The port now returns the RRset (DS, chain, trust root and all RRSIG's). This in preparatino for when this data will be normalised. - dnssecport decodes and encodes DNS data. - v1 stores the DS RR in the leaf and the rest, including the DS RRSIG, in the chain.
* Implement DNSSEC validation.Linus Nordberg2016-04-071-43/+215
| | | | NOTE: Doesn't return canonicalised RR's, only the getdns return value.
* Don't build test version.Linus Nordberg2016-04-071-2/+2
|
* Add some debugging output to validatechain.Linus Nordberg2016-04-071-1/+20
|
* Add dns-text2wire.Linus Nordberg2016-04-072-1/+47
|
* Update README.Linus Nordberg2016-04-071-0/+10
|
* Add validatechain.c and move some code to common.c.Linus Nordberg2016-04-077-178/+401
| | | | | | | | | dns-net2wire.c is nothing but an ugly hack on top of getdns_query.c making it save answer, validation_chain and trust anchors to three separate files. Used for testing purposes. validatechain takes the above mentioned three files as input and performs DNSSEC validation.
* Read root hints from file "root.txt".Linus Nordberg2016-04-071-1/+26
| | | | Facilitating querying a local nameserver.
* Use a list of dicts; return errcode, not -errcode.Linus Nordberg2016-04-071-58/+79
|
* WIPLinus Nordberg2016-04-0718-38/+2902
|
* Allow larger HTTP requests.gaol6Linus Nordberg2016-02-211-1/+1
| | | | 1MB -> 4MB.
* Don't require config if not needed.Linus Nordberg2016-02-161-7/+13
| | | | | Local configuration is only used for finding CA cert. Not needed for http://. Global configuration isn't used at all.
* Add fetchallblobs.py.Linus Nordberg2016-02-161-0/+177
| | | | Very minor changes to fetchallcerts.py.
* Add support for option 'max_submit_size' to compileconfig.py.Linus Nordberg2016-02-012-0/+5
|
* Add config knob max_submit_size.Linus Nordberg2016-02-011-1/+12
| | | | | If a blob is larger than this, in octets, after Base64 decoding, the submission is rejected with 400.
* Change application URL to open/gaol/v1.Linus Nordberg2016-02-013-14/+14
|
* make tests work(s)Linus Nordberg2016-02-015-92/+41
|
* Base64-decode submitted blobs and treat them as leaf certs.Linus Nordberg2016-02-012-19/+20
|
* Accept any kind of submitted data, not only X.509 certificate chains.Linus Nordberg2016-02-013-41/+14
| | | | | | | | Have add_chain() take a blob instead of a cert leaf and a chain. Rename ct/v1/add-chain -> add-blob. Remove ct/v1/add-pre-chain. Remove chain checking code. Generate allowed_client config matching new HTTP API.
* Make merge_sth work again after last commit.Linus Nordberg2015-11-201-2/+1
|
* Remove debug printouts from merge programs.Linus Nordberg2015-11-203-4/+4
|
* No need to strip "/" from path really.parametrise_urlLinus Nordberg2015-11-131-5/+5
|
* Parametrise "application part" of URL.Linus Nordberg2015-11-132-15/+28
| | | | | Breaking out "ct/v1" to a separate argument to request(). Good for other applications.
* Whitespace.Linus Nordberg2015-11-132-16/+26
|
* Update NEWS some more.Linus Nordberg2015-11-121-0/+1
|
* Update NEWS.Linus Nordberg2015-11-121-0/+4
|
* Copyright year.Linus Nordberg2015-11-121-1/+1
|
* Spurious whitespace.Linus Nordberg2015-11-121-1/+1
|
* Handle multiple files in parsebenchMagnus Ahltorp2015-11-121-6/+11
|
* Parse benchmark outputMagnus Ahltorp2015-11-121-0/+59
|
* Handle multiple node types for a nodeMagnus Ahltorp2015-11-121-56/+63
|
* Send many entries at a time in merge_backupMagnus Ahltorp2015-11-122-9/+12
|
* Update NEWS.Linus Nordberg2015-11-111-0/+1
|
* Selectable db backend only available for merge nodes for nowMagnus Ahltorp2015-11-111-0/+1
|
* Make it possible to select backend perm storageMagnus Ahltorp2015-11-111-4/+9
|
* Use plop-0.9.0-dev.Linus Nordberg2015-11-112-1/+6
|
* Fix _args -> args since we now use it.Linus Nordberg2015-11-101-1/+1
|
* Print the string "timing" and the name of the program in merge timing info.Linus Nordberg2015-11-104-4/+4
|
* Print timing information in merge_fetch too.Linus Nordberg2015-11-101-0/+4
|
* Fix harmless cut'n'paste bugs in merge.Linus Nordberg2015-11-101-5/+5
|
* Add documentation.pmerge-rebasedLinus Nordberg2015-11-101-0/+31
|
* Quote '$@' in shell script.Linus Nordberg2015-11-101-4/+4
|
* Add missing testcert and root.Linus Nordberg2015-11-102-0/+104
|
* Add a test for when merge backup fails.Linus Nordberg2015-11-104-4/+106
| | | | Also, avoid tracebacks on ECONNREFUSED by catching urrllib2.URLError.