Commit message (Collapse) | Author | Age | Files | Lines | |
---|---|---|---|---|---|
* | Add unit test for validation, from dnssecport:handle_call(). | Linus Nordberg | 2016-04-07 | 3 | -46/+153 |
| | | | | | | | | - The port now returns the RRset (DS, chain, trust root and all RRSIG's). This in preparatino for when this data will be normalised. - dnssecport decodes and encodes DNS data. - v1 stores the DS RR in the leaf and the rest, including the DS RRSIG, in the chain. | ||||
* | WIP | Linus Nordberg | 2016-04-07 | 3 | -26/+163 |
| | |||||
* | Allow larger HTTP requests.gaol6 | Linus Nordberg | 2016-02-21 | 1 | -1/+1 |
| | | | | 1MB -> 4MB. | ||||
* | Add config knob max_submit_size. | Linus Nordberg | 2016-02-01 | 1 | -1/+12 |
| | | | | | If a blob is larger than this, in octets, after Base64 decoding, the submission is rejected with 400. | ||||
* | Change application URL to open/gaol/v1. | Linus Nordberg | 2016-02-01 | 1 | -1/+1 |
| | |||||
* | Base64-decode submitted blobs and treat them as leaf certs. | Linus Nordberg | 2016-02-01 | 2 | -19/+20 |
| | |||||
* | Accept any kind of submitted data, not only X.509 certificate chains. | Linus Nordberg | 2016-02-01 | 2 | -39/+13 |
| | | | | | | | | Have add_chain() take a blob instead of a cert leaf and a chain. Rename ct/v1/add-chain -> add-blob. Remove ct/v1/add-pre-chain. Remove chain checking code. Generate allowed_client config matching new HTTP API. | ||||
* | No need to strip "/" from path really.parametrise_url | Linus Nordberg | 2015-11-13 | 1 | -5/+5 |
| | |||||
* | Parametrise "application part" of URL. | Linus Nordberg | 2015-11-13 | 2 | -15/+28 |
| | | | | | Breaking out "ct/v1" to a separate argument to request(). Good for other applications. | ||||
* | Whitespace. | Linus Nordberg | 2015-11-13 | 2 | -16/+26 |
| | |||||
* | Verify MTL against leaf hash before returning get-entries. | Linus Nordberg | 2015-09-15 | 1 | -3/+4 |
| | | | | Closes CATLFISH-50. | ||||
* | Wrap entries in plop wrapper | Magnus Ahltorp | 2015-08-19 | 1 | -12/+11 |
| | |||||
* | Don't cons an improper list when serialising extra data for a precert. | Linus Nordberg | 2015-08-19 | 1 | -1/+1 |
| | |||||
* | Rename extra_data/3 and move it some. | Linus Nordberg | 2015-08-07 | 1 | -14/+14 |
| | |||||
* | Return correct extra-data for precerts too (closes CATLFISH-56). | Linus Nordberg | 2015-08-06 | 1 | -57/+60 |
| | | | | Verify precerts in make tests too. | ||||
* | Always store and return root certificate (closes CATLFISH-55). | Linus Nordberg | 2015-08-03 | 1 | -8/+7 |
| | |||||
* | Implement rate limiting of add_chain | Magnus Ahltorp | 2015-06-12 | 3 | -27/+135 |
| | |||||
* | Don't answer public requests if STH is too old or nonexistent | Magnus Ahltorp | 2015-06-12 | 1 | -0/+28 |
| | |||||
* | Remove unused temporary variable. | Linus Nordberg | 2015-06-10 | 1 | -9/+7 |
| | |||||
* | Add verification of whole entry. Implement library call for plop verification. | Magnus Ahltorp | 2015-06-10 | 1 | -6/+44 |
| | |||||
* | Fix CATLFISH-45. | Linus Nordberg | 2015-05-11 | 1 | -6/+4 |
| | | | | https://project.nordu.net/browse/CATLFISH-45 | ||||
* | Rename html/2 to err400/2. | Linus Nordberg | 2015-05-06 | 1 | -17/+17 |
| | |||||
* | Dialyzer clean. | Linus Nordberg | 2015-05-06 | 3 | -20/+23 |
| | |||||
* | Remove an extra annoying debug log printout. | Linus Nordberg | 2015-04-10 | 1 | -3/+0 |
| | |||||
* | Fix copyright strings. | Linus Nordberg | 2015-04-09 | 6 | -6/+6 |
| | |||||
* | Verify that database entry actually contains the certificate | Magnus Ahltorp | 2015-04-07 | 1 | -3/+6 |
| | |||||
* | Cleanup tests and use urllib2.build_opener | Magnus Ahltorp | 2015-03-31 | 1 | -2/+14 |
| | | | | | | | | | Remove unused files Generate test config files directly in release directory Move test database files to "tests" directory Generate log key when preparing tests Report error when STH not found in v1.erl Make merge, fetchallcerts, submitcert, verifysct, and testcase1 take log key as argument | ||||
* | Allow non-TLS http | Magnus Ahltorp | 2015-03-31 | 2 | -17/+23 |
| | | | | Closes CATLFISH-31 | ||||
* | Provide function for calculating entryhash from entry | Magnus Ahltorp | 2015-03-27 | 1 | -0/+25 |
| | |||||
* | Store rejected certificates. | Linus Nordberg | 2015-03-25 | 1 | -52/+94 |
| | | | | | | | Not storing the full chain, which would be even more useful. No rate limiting, which would be good. Also, reorganise some in x509.erl and add tests. | ||||
* | Clarify that 0.test.pem is not a valid #'OTPCertificate'{}. | Linus Nordberg | 2015-03-24 | 1 | -14/+14 |
| | | | | Also some cosmetic changes. | ||||
* | Add spec's for most functions. | Linus Nordberg | 2015-03-23 | 2 | -11/+9 |
| | | | | NOTE: We're not dialyzer clean yet. | ||||
* | Formatting; remove debug printouts. | Linus Nordberg | 2015-03-23 | 2 | -49/+21 |
| | |||||
* | Add precert handling. | Linus Nordberg | 2015-03-23 | 3 | -160/+382 |
| | |||||
* | Cache SCT:s | Magnus Ahltorp | 2015-03-08 | 1 | -12/+31 |
| | |||||
* | Save STH instead of calculating a new one each time. | Magnus Ahltorp | 2015-03-04 | 1 | -10/+2 |
| | |||||
* | Added authentication between frontend and storage nodes | Magnus Ahltorp | 2015-02-27 | 1 | -4/+28 |
| | |||||
* | Fix a bug where verification of EC signatures made us crash. | Linus Nordberg | 2015-02-27 | 1 | -33/+40 |
| | | | | | Also, have valid_chain_p return boolean, add some debug logging and detect invalid signature types instead of crashing. | ||||
* | Verify that known roots are indeed signing themselves. | Linus Nordberg | 2015-02-27 | 2 | -22/+52 |
| | | | | | | | This filters out certificates with signing algorithms that we can't handle. Also, make unit tests better. | ||||
* | Even more debug logging. | Linus Nordberg | 2015-02-25 | 1 | -0/+3 |
| | |||||
* | Add debug logging. | Linus Nordberg | 2015-02-25 | 1 | -0/+5 |
| | | | | Trying to figure out why public_key:verify isn't found in docker images. | ||||
* | Log time spent serving a request | Magnus Ahltorp | 2015-02-20 | 1 | -0/+3 |
| | |||||
* | Make mochiweb pool size configurable | Magnus Ahltorp | 2015-02-20 | 1 | -0/+1 |
| | |||||
* | Stop validating that cert.issuer matches issuer.subject. | Linus Nordberg | 2015-02-20 | 1 | -46/+27 |
| | | | | | | | | | | Even canoncalized versions of this data mismatch in otherwise proper chains. Since we're not here to validate chains for any other reasons than attribution and spam control, let's stop validate cert.issuer==candidate.subject. We still verify the cryptographic chain with signatures of tbsCertificates of course. Resolves CATLFISH-19. | ||||
* | Make unit tests work again. | Linus Nordberg | 2015-02-19 | 4 | -28/+32 |
| | | | | Makefile target 'check' runs them. | ||||
* | Verify certificates by decoding them as 'plain' certs rather than 'otp. | Linus Nordberg | 2014-11-18 | 2 | -67/+201 |
| | | | | | | | OTP cert validation is too strict. Let's see if this is forgiving enough for our needs. Also, move all cert reading from disk to x509.erl. | ||||
* | Entry hash runs over leaf plus chain. | Linus Nordberg | 2014-11-18 | 1 | -2/+2 |
| | | | | Closes CATLFISH-5. | ||||
* | Log some info about certs that don't parse and why. | Linus Nordberg | 2014-11-05 | 2 | -11/+27 |
| | | | | Also move x509 specific code to the x509 module. | ||||
* | Rewrite root certificate cache handling | Magnus Ahltorp | 2014-10-26 | 3 | -18/+30 |
| | |||||
* | Stop using jiffy | Magnus Ahltorp | 2014-10-25 | 2 | -121/+107 |
| |