summaryrefslogtreecommitdiff
Commit message (Collapse)AuthorAgeFilesLines
* fetchallcerts.py: handle precertsMagnus Ahltorp2015-02-203-37/+249
| | | | | | | submitcert.py: handle .zip files fetchallcerts.py: Always calculate full tree fetchallcerts.py: Cache level 16 hashes fetchallcerts.py: Save STH
* fetchallcerts.py: Store certificates.Magnus Ahltorp2015-02-201-25/+30
|
* Wait after first submission. Continue on http error 400. Print submission ↵Magnus Ahltorp2015-02-202-7/+36
| | | | rate and number of submissions every 1000 submissions.
* merge.py: Only ask node that actually has the entry.Magnus Ahltorp2015-02-201-21/+70
| | | | | Fetch multiple entries from storage node. Chunk sendlog.
* Log time spent serving a requestMagnus Ahltorp2015-02-201-0/+3
|
* Make mochiweb pool size configurableMagnus Ahltorp2015-02-201-0/+1
|
* Added hackney applicationMagnus Ahltorp2015-02-202-1/+3
|
* Move hardcoded merge parameters to command lineMagnus Ahltorp2015-02-203-33/+49
|
* merge.py: add call to storage/getentry since fetchnewentries no longer gives ↵Magnus Ahltorp2015-02-201-2/+18
| | | | us the actual entry
* Remove references to jiffyMagnus Ahltorp2015-02-201-1/+0
|
* Use log level 'warning' for tests.Linus Nordberg2015-02-201-1/+1
| | | | Debug is so messy.
* Stop validating that cert.issuer matches issuer.subject.Linus Nordberg2015-02-201-46/+27
| | | | | | | | | | Even canoncalized versions of this data mismatch in otherwise proper chains. Since we're not here to validate chains for any other reasons than attribution and spam control, let's stop validate cert.issuer==candidate.subject. We still verify the cryptographic chain with signatures of tbsCertificates of course. Resolves CATLFISH-19.
* Make unit tests work again.Linus Nordberg2015-02-198-29/+52
| | | | Makefile target 'check' runs them.
* Have README reflect the current state of logging a bit better.Linus Nordberg2014-11-211-7/+5
|
* We don't use jiffy any more.Linus Nordberg2014-11-201-2/+1
|
* Catch ctrl-c more correctly. Catch SystemExit from add_chain and exit in ↵Magnus Ahltorp2014-11-181-8/+22
| | | | main process instead
* Verify certificates by decoding them as 'plain' certs rather than 'otp.Linus Nordberg2014-11-182-67/+201
| | | | | | | OTP cert validation is too strict. Let's see if this is forgiving enough for our needs. Also, move all cert reading from disk to x509.erl.
* Entry hash runs over leaf plus chain.Linus Nordberg2014-11-181-2/+2
| | | | Closes CATLFISH-5.
* Log some info about certs that don't parse and why.Linus Nordberg2014-11-052-11/+27
| | | | Also move x509 specific code to the x509 module.
* Make 'release' depend on 'all'.Linus Nordberg2014-11-031-1/+1
|
* Protect rel/db when making 'release'.Linus Nordberg2014-11-031-0/+3
|
* Merge remote-tracking branch 'refs/remotes/map/external-merge3' into ↵Linus Nordberg2014-10-2922-201/+688
|\ | | | | | | | | | | | | | | | | merging-external-merge Conflicts: src/v1.erl tools/merge.py tools/testcase1.py
| * httpd.conf removed, reflect this in Makefile. Touch test db files.Magnus Ahltorp2014-10-281-2/+2
| |
| * Check return value from merge.pyMagnus Ahltorp2014-10-281-6/+15
| |
| * certtools.py: fix bug in build_merkle_treeMagnus Ahltorp2014-10-281-0/+3
| |
| * merge.py: send whole sth in sendsth callMagnus Ahltorp2014-10-272-1/+46
| |
| * fetchallcerts.py: calculate root hashMagnus Ahltorp2014-10-272-15/+61
| |
| * Added fetchallcerts.pyMagnus Ahltorp2014-10-272-0/+61
| |
| * submitcert.py: submit multiple cert chainsMagnus Ahltorp2014-10-272-40/+78
| |
| * Handle missing entries in mergeMagnus Ahltorp2014-10-271-2/+26
| |
| * Rewrite root certificate cache handlingMagnus Ahltorp2014-10-263-18/+30
| |
| * Stop using jiffyMagnus Ahltorp2014-10-253-122/+108
| |
| * Move internal HTTP APIs to mochiweb.Magnus Ahltorp2014-10-257-58/+19
| |
| * System tests for external mergeMagnus Ahltorp2014-10-249-1/+202
| |
| * Repair tests to work with x509 validation code. Add intermediate ↵Magnus Ahltorp2014-10-244-1/+102
| | | | | | | | certificates to test chains.
| * Added external merging supportmap-external-merge2Magnus Ahltorp2014-10-247-2/+196
| |
* | Copyright NORDUnet.Linus Nordberg2014-10-291-2/+2
| |
* | Added external merging supportMagnus Ahltorp2014-10-297-2/+196
| |
* | Don't use update_known_roots/0 in get-roots.Linus Nordberg2014-10-241-1/+1
|/ | | | It's crashing and needs to be rewritten.
* Whitespace.Linus Nordberg2014-10-241-16/+19
| | | | No long lines.
* Use 'cacertfile' configuration.Linus Nordberg2014-10-241-1/+2
|
* Catch badly ASN.1-encoded certificates.Linus Nordberg2014-10-242-18/+31
| | | | | | Now not crashing badly encoded certs in the list of known roots, which is good. They're simply ignored. Next step is to figure out if we should accept some anomalies, due to reality.
* Use mochiweb for v1 APIMagnus Ahltorp2014-10-248-61/+134
| | | | | | Conflicts: catlfish.config src/v1.erl
* Merge branch 'disable-sslv3' into staging1Linus Nordberg2014-10-241-1/+2
|\
| * Disable SSLv3.Linus Nordberg2014-10-201-1/+2
| |
* | Merge branch 'validate-certchain' into staging1Linus Nordberg2014-10-2413-2/+593
|\ \ | | | | | | | | | | | | Conflicts: src/catlfish.erl
| * | Log (info) when adding and rejecting a certificate chain.validate-certchainLinus Nordberg2014-10-232-1/+9
| | | | | | | | | | | | Writing to stdout for now, until we've decided on logging framework.
| * | Split CertChain properly.Linus Nordberg2014-10-231-1/+1
| | | | | | | | | | | | This way, Chain is always a list.
| * | Don't use der_encoded().Linus Nordberg2014-10-231-6/+5
| | | | | | | | | | | | | | | The type definition seem to have disappeared from public_key.hrl in R17 and I don't know how to conditionally define a type.
| * | Implement cert chain validation.Linus Nordberg2014-10-2213-2/+586
| | | | | | | | | | | | NOTE: Presence of and constraints on names are not being validated.