summaryrefslogtreecommitdiff
path: root/src/v1.erl
Commit message (Collapse)AuthorAgeFilesLines
* WIPLinus Nordberg2016-07-161-3/+14
| | | | NOTE: tests don't work -- SCT's don't validate
* DNSSEC validation improvements.Linus Nordberg2016-04-131-10/+16
| | | | | | Use DS signature inception time as the DNSSEC validation time. Validate input data a bit more. Set TTL in DS to "Original TTL" of RRSIG (this time for real).
* Get submitting and storing working.Linus Nordberg2016-04-081-31/+21
| | | | | | | | | | | | | Add README.dnssec. Do start the dnssecport server. Add config option 'trust_anchors_file'. Pass correct data to validation server. Change URL for submitting to match draft (add-rr-chain). Make add-rr-chain take a base64-encoded string of RR's instead of JSON list with one RR per entry. TODO: Make the python tools know enough DNS to be able to verify SCT's and such (i.e. 'make tests').
* Canonicalise DS RR and refactor dns a bit.Linus Nordberg2016-04-071-1/+1
| | | | | | Rename split_rrset/1 -> decode_rrset/1. Add type rr() and use it. Canonicalise DS RR.
* Add unit test for validation, from dnssecport:handle_call().Linus Nordberg2016-04-071-8/+9
| | | | | | | | - The port now returns the RRset (DS, chain, trust root and all RRSIG's). This in preparatino for when this data will be normalised. - dnssecport decodes and encodes DNS data. - v1 stores the DS RR in the leaf and the rest, including the DS RRSIG, in the chain.
* WIPLinus Nordberg2016-04-071-24/+31
|
* Add config knob max_submit_size.Linus Nordberg2016-02-011-1/+12
| | | | | If a blob is larger than this, in octets, after Base64 decoding, the submission is rejected with 400.
* Change application URL to open/gaol/v1.Linus Nordberg2016-02-011-1/+1
|
* Base64-decode submitted blobs and treat them as leaf certs.Linus Nordberg2016-02-011-2/+8
|
* Accept any kind of submitted data, not only X.509 certificate chains.Linus Nordberg2016-02-011-34/+8
| | | | | | | | Have add_chain() take a blob instead of a cert leaf and a chain. Rename ct/v1/add-chain -> add-blob. Remove ct/v1/add-pre-chain. Remove chain checking code. Generate allowed_client config matching new HTTP API.
* Parametrise "application part" of URL.Linus Nordberg2015-11-131-10/+12
| | | | | Breaking out "ct/v1" to a separate argument to request(). Good for other applications.
* Don't answer public requests if STH is too old or nonexistentMagnus Ahltorp2015-06-121-0/+28
|
* Rename html/2 to err400/2.Linus Nordberg2015-05-061-17/+17
|
* Dialyzer clean.Linus Nordberg2015-05-061-7/+11
|
* Fix copyright strings.Linus Nordberg2015-04-091-1/+1
|
* Cleanup tests and use urllib2.build_openerMagnus Ahltorp2015-03-311-2/+14
| | | | | | | | | Remove unused files Generate test config files directly in release directory Move test database files to "tests" directory Generate log key when preparing tests Report error when STH not found in v1.erl Make merge, fetchallcerts, submitcert, verifysct, and testcase1 take log key as argument
* Add precert handling.Linus Nordberg2015-03-231-30/+31
|
* Save STH instead of calculating a new one each time.Magnus Ahltorp2015-03-041-10/+2
|
* Stop using jiffyMagnus Ahltorp2014-10-251-99/+90
|
* Catch badly ASN.1-encoded certificates.Linus Nordberg2014-10-241-5/+5
| | | | | | Now not crashing badly encoded certs in the list of known roots, which is good. They're simply ignored. Next step is to figure out if we should accept some anomalies, due to reality.
* Use mochiweb for v1 APIMagnus Ahltorp2014-10-241-43/+43
| | | | | | Conflicts: catlfish.config src/v1.erl
* Merge branch 'validate-certchain' into staging1Linus Nordberg2014-10-241-2/+14
|\ | | | | | | | | Conflicts: src/catlfish.erl
| * Log (info) when adding and rejecting a certificate chain.validate-certchainLinus Nordberg2014-10-231-0/+4
| | | | | | | | Writing to stdout for now, until we've decided on logging framework.
| * Implement cert chain validation.Linus Nordberg2014-10-221-2/+10
| | | | | | | | NOTE: Presence of and constraints on names are not being validated.
* | Break include dependency on plop.hrlMagnus Ahltorp2014-10-241-7/+4
|/
* Fix bug in get-entries limitation of entries.Linus Nordberg2014-10-101-2/+1
|
* Limit get-entries to 1000 entries at the time.Linus Nordberg2014-10-091-3/+2
|
* Make cert chains and CtExtensions variable length (TLS) vectors.Linus Nordberg2014-09-251-56/+5
| | | | Also move some CT-specific code to new file catlfish.erl.
* Decode chain in 'add-chain' properly.Linus Nordberg2014-09-201-28/+43
| | | | | Also, present extra_data in response from get-entries and get-entry-and-proof.
* Add get-entry-and-proof and adopt to new plop:inclusion/2 signature.Linus Nordberg2014-09-191-6/+38
|
* Encode get-sth-consistency and get-proof-by-hash properly.Linus Nordberg2014-09-151-4/+6
|
* Implement get-proof-by-hash.Linus Nordberg2014-09-151-7/+28
|
* Remove spurious parentheses.Linus Nordberg2014-09-151-1/+1
|
* Don't try to JSON-encode error messages.Linus Nordberg2014-09-151-5/+8
|
* It's plop:consistency/2.Linus Nordberg2014-09-151-1/+1
|
* Implement get-sth-consistency.Linus Nordberg2014-09-141-2/+16
|
* Add licensing information.Linus Nordberg2014-06-101-0/+3
|
* Base64-encode that empty string in extra_data.Linus Nordberg2014-06-041-1/+1
|
* Add get-entries and s/_/-/g in function names.Linus Nordberg2014-06-041-20/+44
| | | | | URL's now has hyphens rather than underscores. Rewriting URL's is no longer necessary.
* Don't crash when reporting bad input to add-chain.Linus Nordberg2014-05-201-4/+5
|
* Set protocol version to 0, i.e. v1.Linus Nordberg2014-05-201-1/+1
|
* Make 'extensions' field the empty string.Linus Nordberg2014-05-201-1/+1
| | | | Not the empty list.
* Merge branch 'master' of /home/linus/repo/ctlsLinus Nordberg2014-05-121-2/+5
|\ | | | | | | | | Conflicts: src/v1.erl
| * Signatures must now be serialised and base64 encoded.Linus Nordberg2014-05-121-2/+5
| |
* | Merge branch 'master' of /home/linus/repo/ctlsLinus Nordberg2014-05-101-2/+2
|\ \ | |/ | | | | | | Conflicts: src/v1.erl
| * The tree head signature from get-sth is not base64 encoded.Linus Nordberg2014-05-101-2/+2
| |
| * It's `tree_size'.Linus Nordberg2014-05-071-1/+1
| | | | | | | | Not `treesize'.
* | Correct treesize -> tree_size in get-sth response.Linus Nordberg2014-05-101-5/+8
|/ | | | | Move call to mod_esi:deliver into own function, for easier changing of HTTP headers and such.
* Add (empty) get-roots.Linus Nordberg2014-05-051-2/+4
|
* Add support for get-sth.Linus Nordberg2014-05-051-1/+11
|