summaryrefslogtreecommitdiff
path: root/src
Commit message (Collapse)AuthorAgeFilesLines
...
* Verify that known roots are indeed signing themselves.Linus Nordberg2015-02-272-22/+52
| | | | | | | This filters out certificates with signing algorithms that we can't handle. Also, make unit tests better.
* Even more debug logging.Linus Nordberg2015-02-251-0/+3
|
* Add debug logging.Linus Nordberg2015-02-251-0/+5
| | | | Trying to figure out why public_key:verify isn't found in docker images.
* Log time spent serving a requestMagnus Ahltorp2015-02-201-0/+3
|
* Make mochiweb pool size configurableMagnus Ahltorp2015-02-201-0/+1
|
* Stop validating that cert.issuer matches issuer.subject.Linus Nordberg2015-02-201-46/+27
| | | | | | | | | | Even canoncalized versions of this data mismatch in otherwise proper chains. Since we're not here to validate chains for any other reasons than attribution and spam control, let's stop validate cert.issuer==candidate.subject. We still verify the cryptographic chain with signatures of tbsCertificates of course. Resolves CATLFISH-19.
* Make unit tests work again.Linus Nordberg2015-02-194-28/+32
| | | | Makefile target 'check' runs them.
* Verify certificates by decoding them as 'plain' certs rather than 'otp.Linus Nordberg2014-11-182-67/+201
| | | | | | | OTP cert validation is too strict. Let's see if this is forgiving enough for our needs. Also, move all cert reading from disk to x509.erl.
* Entry hash runs over leaf plus chain.Linus Nordberg2014-11-181-2/+2
| | | | Closes CATLFISH-5.
* Log some info about certs that don't parse and why.Linus Nordberg2014-11-052-11/+27
| | | | Also move x509 specific code to the x509 module.
* Rewrite root certificate cache handlingMagnus Ahltorp2014-10-263-18/+30
|
* Stop using jiffyMagnus Ahltorp2014-10-252-121/+107
|
* Move internal HTTP APIs to mochiweb.Magnus Ahltorp2014-10-252-8/+8
|
* Whitespace.Linus Nordberg2014-10-241-16/+19
| | | | No long lines.
* Use 'cacertfile' configuration.Linus Nordberg2014-10-241-1/+2
|
* Catch badly ASN.1-encoded certificates.Linus Nordberg2014-10-242-18/+31
| | | | | | Now not crashing badly encoded certs in the list of known roots, which is good. They're simply ignored. Next step is to figure out if we should accept some anomalies, due to reality.
* Use mochiweb for v1 APIMagnus Ahltorp2014-10-244-56/+123
| | | | | | Conflicts: catlfish.config src/v1.erl
* Merge branch 'validate-certchain' into staging1Linus Nordberg2014-10-244-2/+371
|\ | | | | | | | | Conflicts: src/catlfish.erl
| * Log (info) when adding and rejecting a certificate chain.Linus Nordberg2014-10-232-1/+9
| | | | | | | | Writing to stdout for now, until we've decided on logging framework.
| * Split CertChain properly.Linus Nordberg2014-10-231-1/+1
| | | | | | | | This way, Chain is always a list.
| * Don't use der_encoded().Linus Nordberg2014-10-231-6/+5
| | | | | | | | | | The type definition seem to have disappeared from public_key.hrl in R17 and I don't know how to conditionally define a type.
| * Implement cert chain validation.Linus Nordberg2014-10-224-2/+364
| | | | | | | | NOTE: Presence of and constraints on names are not being validated.
* | Break include dependency on plop.hrlMagnus Ahltorp2014-10-242-8/+4
| |
* | Add copyright and licensing information.Linus Nordberg2014-10-151-0/+3
|/ | | | After offline discussions with Magnus Ahltorp.
* Fix bug in get-entries limitation of entries.Linus Nordberg2014-10-101-2/+1
|
* Use proper return value format for plop:inclusion_and_entry().Linus Nordberg2014-10-101-1/+1
|
* Limit get-entries to 1000 entries at the time.Linus Nordberg2014-10-091-3/+2
|
* Use raw file storageMagnus Ahltorp2014-09-281-1/+1
|
* Fix api problemsplop-if-cleanupMagnus Ahltorp2014-09-272-14/+26
|
* Fix api problemsMagnus Ahltorp2014-09-271-3/+3
|
* wipLinus Nordberg2014-09-272-30/+123
|
* Make cert chains and CtExtensions variable length (TLS) vectors.Linus Nordberg2014-09-252-56/+64
| | | | Also move some CT-specific code to new file catlfish.erl.
* Start inets service automatically and update README.md with new build ↵releasemanagement3Magnus Ahltorp2014-09-241-2/+0
| | | | instructions
* Merge branch 'map/releasemanagement' into master-originLinus Nordberg2014-09-221-0/+29
|\ | | | | | | | | Conflicts: ebin/catlfish.app
| * Release managementMagnus Ahltorp2014-09-191-0/+29
| |
* | Decode chain in 'add-chain' properly.Linus Nordberg2014-09-201-28/+43
| | | | | | | | | | Also, present extra_data in response from get-entries and get-entry-and-proof.
* | Add get-entry-and-proof and adopt to new plop:inclusion/2 signature.Linus Nordberg2014-09-191-6/+38
|/
* Encode get-sth-consistency and get-proof-by-hash properly.Linus Nordberg2014-09-151-4/+6
|
* Implement get-proof-by-hash.Linus Nordberg2014-09-151-7/+28
|
* Remove spurious parentheses.Linus Nordberg2014-09-151-1/+1
|
* Don't try to JSON-encode error messages.Linus Nordberg2014-09-151-5/+8
|
* It's plop:consistency/2.Linus Nordberg2014-09-151-1/+1
|
* Implement get-sth-consistency.Linus Nordberg2014-09-141-2/+16
|
* Remove unused stuff.Linus Nordberg2014-06-117-217/+0
|
* Add licensing information.Linus Nordberg2014-06-103-0/+9
|
* Change ctls -> catlfish.Linus Nordberg2014-06-102-3/+3
|
* Base64-encode that empty string in extra_data.Linus Nordberg2014-06-041-1/+1
|
* Add get-entries and s/_/-/g in function names.Linus Nordberg2014-06-041-20/+44
| | | | | URL's now has hyphens rather than underscores. Rewriting URL's is no longer necessary.
* Don't crash when reporting bad input to add-chain.Linus Nordberg2014-05-201-4/+5
|
* Set protocol version to 0, i.e. v1.Linus Nordberg2014-05-201-1/+1
|