Commit message (Collapse) | Author | Age | Files | Lines | |
---|---|---|---|---|---|
* | fetchallcerts.py: handle precerts | Magnus Ahltorp | 2015-02-20 | 3 | -37/+249 |
| | | | | | | | submitcert.py: handle .zip files fetchallcerts.py: Always calculate full tree fetchallcerts.py: Cache level 16 hashes fetchallcerts.py: Save STH | ||||
* | fetchallcerts.py: Store certificates. | Magnus Ahltorp | 2015-02-20 | 1 | -25/+30 |
| | |||||
* | Wait after first submission. Continue on http error 400. Print submission ↵ | Magnus Ahltorp | 2015-02-20 | 2 | -7/+36 |
| | | | | rate and number of submissions every 1000 submissions. | ||||
* | merge.py: Only ask node that actually has the entry. | Magnus Ahltorp | 2015-02-20 | 1 | -21/+70 |
| | | | | | Fetch multiple entries from storage node. Chunk sendlog. | ||||
* | Log time spent serving a request | Magnus Ahltorp | 2015-02-20 | 1 | -0/+3 |
| | |||||
* | Make mochiweb pool size configurable | Magnus Ahltorp | 2015-02-20 | 1 | -0/+1 |
| | |||||
* | Added hackney application | Magnus Ahltorp | 2015-02-20 | 2 | -1/+3 |
| | |||||
* | Move hardcoded merge parameters to command line | Magnus Ahltorp | 2015-02-20 | 3 | -33/+49 |
| | |||||
* | merge.py: add call to storage/getentry since fetchnewentries no longer gives ↵ | Magnus Ahltorp | 2015-02-20 | 1 | -2/+18 |
| | | | | us the actual entry | ||||
* | Remove references to jiffy | Magnus Ahltorp | 2015-02-20 | 1 | -1/+0 |
| | |||||
* | Use log level 'warning' for tests. | Linus Nordberg | 2015-02-20 | 1 | -1/+1 |
| | | | | Debug is so messy. | ||||
* | Stop validating that cert.issuer matches issuer.subject. | Linus Nordberg | 2015-02-20 | 1 | -46/+27 |
| | | | | | | | | | | Even canoncalized versions of this data mismatch in otherwise proper chains. Since we're not here to validate chains for any other reasons than attribution and spam control, let's stop validate cert.issuer==candidate.subject. We still verify the cryptographic chain with signatures of tbsCertificates of course. Resolves CATLFISH-19. | ||||
* | Make unit tests work again. | Linus Nordberg | 2015-02-19 | 8 | -29/+52 |
| | | | | Makefile target 'check' runs them. | ||||
* | Have README reflect the current state of logging a bit better. | Linus Nordberg | 2014-11-21 | 1 | -7/+5 |
| | |||||
* | We don't use jiffy any more. | Linus Nordberg | 2014-11-20 | 1 | -2/+1 |
| | |||||
* | Catch ctrl-c more correctly. Catch SystemExit from add_chain and exit in ↵ | Magnus Ahltorp | 2014-11-18 | 1 | -8/+22 |
| | | | | main process instead | ||||
* | Verify certificates by decoding them as 'plain' certs rather than 'otp. | Linus Nordberg | 2014-11-18 | 2 | -67/+201 |
| | | | | | | | OTP cert validation is too strict. Let's see if this is forgiving enough for our needs. Also, move all cert reading from disk to x509.erl. | ||||
* | Entry hash runs over leaf plus chain. | Linus Nordberg | 2014-11-18 | 1 | -2/+2 |
| | | | | Closes CATLFISH-5. | ||||
* | Log some info about certs that don't parse and why. | Linus Nordberg | 2014-11-05 | 2 | -11/+27 |
| | | | | Also move x509 specific code to the x509 module. | ||||
* | Make 'release' depend on 'all'. | Linus Nordberg | 2014-11-03 | 1 | -1/+1 |
| | |||||
* | Protect rel/db when making 'release'. | Linus Nordberg | 2014-11-03 | 1 | -0/+3 |
| | |||||
* | Merge remote-tracking branch 'refs/remotes/map/external-merge3' into ↵ | Linus Nordberg | 2014-10-29 | 22 | -201/+688 |
|\ | | | | | | | | | | | | | | | | | merging-external-merge Conflicts: src/v1.erl tools/merge.py tools/testcase1.py | ||||
| * | httpd.conf removed, reflect this in Makefile. Touch test db files.external-merge3 | Magnus Ahltorp | 2014-10-28 | 1 | -2/+2 |
| | | |||||
| * | Check return value from merge.py | Magnus Ahltorp | 2014-10-28 | 1 | -6/+15 |
| | | |||||
| * | certtools.py: fix bug in build_merkle_tree | Magnus Ahltorp | 2014-10-28 | 1 | -0/+3 |
| | | |||||
| * | merge.py: send whole sth in sendsth call | Magnus Ahltorp | 2014-10-27 | 2 | -1/+46 |
| | | |||||
| * | fetchallcerts.py: calculate root hash | Magnus Ahltorp | 2014-10-27 | 2 | -15/+61 |
| | | |||||
| * | Added fetchallcerts.py | Magnus Ahltorp | 2014-10-27 | 2 | -0/+61 |
| | | |||||
| * | submitcert.py: submit multiple cert chains | Magnus Ahltorp | 2014-10-27 | 2 | -40/+78 |
| | | |||||
| * | Handle missing entries in merge | Magnus Ahltorp | 2014-10-27 | 1 | -2/+26 |
| | | |||||
| * | Rewrite root certificate cache handling | Magnus Ahltorp | 2014-10-26 | 3 | -18/+30 |
| | | |||||
| * | Stop using jiffy | Magnus Ahltorp | 2014-10-25 | 3 | -122/+108 |
| | | |||||
| * | Move internal HTTP APIs to mochiweb. | Magnus Ahltorp | 2014-10-25 | 7 | -58/+19 |
| | | |||||
| * | System tests for external merge | Magnus Ahltorp | 2014-10-24 | 9 | -1/+202 |
| | | |||||
| * | Repair tests to work with x509 validation code. Add intermediate ↵ | Magnus Ahltorp | 2014-10-24 | 4 | -1/+102 |
| | | | | | | | | certificates to test chains. | ||||
| * | Added external merging support | Magnus Ahltorp | 2014-10-24 | 7 | -2/+196 |
| | | |||||
* | | Copyright NORDUnet. | Linus Nordberg | 2014-10-29 | 1 | -2/+2 |
| | | |||||
* | | Added external merging support | Magnus Ahltorp | 2014-10-29 | 7 | -2/+196 |
| | | |||||
* | | Don't use update_known_roots/0 in get-roots. | Linus Nordberg | 2014-10-24 | 1 | -1/+1 |
|/ | | | | It's crashing and needs to be rewritten. | ||||
* | Whitespace. | Linus Nordberg | 2014-10-24 | 1 | -16/+19 |
| | | | | No long lines. | ||||
* | Use 'cacertfile' configuration. | Linus Nordberg | 2014-10-24 | 1 | -1/+2 |
| | |||||
* | Catch badly ASN.1-encoded certificates. | Linus Nordberg | 2014-10-24 | 2 | -18/+31 |
| | | | | | | Now not crashing badly encoded certs in the list of known roots, which is good. They're simply ignored. Next step is to figure out if we should accept some anomalies, due to reality. | ||||
* | Use mochiweb for v1 API | Magnus Ahltorp | 2014-10-24 | 8 | -61/+134 |
| | | | | | | Conflicts: catlfish.config src/v1.erl | ||||
* | Merge branch 'disable-sslv3' into staging1 | Linus Nordberg | 2014-10-24 | 1 | -1/+2 |
|\ | |||||
| * | Disable SSLv3. | Linus Nordberg | 2014-10-20 | 1 | -1/+2 |
| | | |||||
* | | Merge branch 'validate-certchain' into staging1 | Linus Nordberg | 2014-10-24 | 13 | -2/+593 |
|\ \ | | | | | | | | | | | | | Conflicts: src/catlfish.erl | ||||
| * | | Log (info) when adding and rejecting a certificate chain. | Linus Nordberg | 2014-10-23 | 2 | -1/+9 |
| | | | | | | | | | | | | Writing to stdout for now, until we've decided on logging framework. | ||||
| * | | Split CertChain properly. | Linus Nordberg | 2014-10-23 | 1 | -1/+1 |
| | | | | | | | | | | | | This way, Chain is always a list. | ||||
| * | | Don't use der_encoded(). | Linus Nordberg | 2014-10-23 | 1 | -6/+5 |
| | | | | | | | | | | | | | | | The type definition seem to have disappeared from public_key.hrl in R17 and I don't know how to conditionally define a type. | ||||
| * | | Implement cert chain validation. | Linus Nordberg | 2014-10-22 | 13 | -2/+586 |
| | | | | | | | | | | | | NOTE: Presence of and constraints on names are not being validated. |