summaryrefslogtreecommitdiff
Commit message (Collapse)AuthorAgeFilesLines
...
* Stop validating that cert.issuer matches issuer.subject.Linus Nordberg2015-02-201-46/+27
| | | | | | | | | | Even canoncalized versions of this data mismatch in otherwise proper chains. Since we're not here to validate chains for any other reasons than attribution and spam control, let's stop validate cert.issuer==candidate.subject. We still verify the cryptographic chain with signatures of tbsCertificates of course. Resolves CATLFISH-19.
* Make unit tests work again.Linus Nordberg2015-02-198-29/+52
| | | | Makefile target 'check' runs them.
* Have README reflect the current state of logging a bit better.Linus Nordberg2014-11-211-7/+5
|
* We don't use jiffy any more.Linus Nordberg2014-11-201-2/+1
|
* Catch ctrl-c more correctly. Catch SystemExit from add_chain and exit in ↵Magnus Ahltorp2014-11-181-8/+22
| | | | main process instead
* Verify certificates by decoding them as 'plain' certs rather than 'otp.Linus Nordberg2014-11-182-67/+201
| | | | | | | OTP cert validation is too strict. Let's see if this is forgiving enough for our needs. Also, move all cert reading from disk to x509.erl.
* Entry hash runs over leaf plus chain.Linus Nordberg2014-11-181-2/+2
| | | | Closes CATLFISH-5.
* Log some info about certs that don't parse and why.Linus Nordberg2014-11-052-11/+27
| | | | Also move x509 specific code to the x509 module.
* Make 'release' depend on 'all'.Linus Nordberg2014-11-031-1/+1
|
* Protect rel/db when making 'release'.Linus Nordberg2014-11-031-0/+3
|
* Merge remote-tracking branch 'refs/remotes/map/external-merge3' into ↵Linus Nordberg2014-10-2922-201/+688
|\ | | | | | | | | | | | | | | | | merging-external-merge Conflicts: src/v1.erl tools/merge.py tools/testcase1.py
| * httpd.conf removed, reflect this in Makefile. Touch test db files.Magnus Ahltorp2014-10-281-2/+2
| |
| * Check return value from merge.pyMagnus Ahltorp2014-10-281-6/+15
| |
| * certtools.py: fix bug in build_merkle_treeMagnus Ahltorp2014-10-281-0/+3
| |
| * merge.py: send whole sth in sendsth callMagnus Ahltorp2014-10-272-1/+46
| |
| * fetchallcerts.py: calculate root hashMagnus Ahltorp2014-10-272-15/+61
| |
| * Added fetchallcerts.pyMagnus Ahltorp2014-10-272-0/+61
| |
| * submitcert.py: submit multiple cert chainsMagnus Ahltorp2014-10-272-40/+78
| |
| * Handle missing entries in mergeMagnus Ahltorp2014-10-271-2/+26
| |
| * Rewrite root certificate cache handlingMagnus Ahltorp2014-10-263-18/+30
| |
| * Stop using jiffyMagnus Ahltorp2014-10-253-122/+108
| |
| * Move internal HTTP APIs to mochiweb.Magnus Ahltorp2014-10-257-58/+19
| |
| * System tests for external mergeMagnus Ahltorp2014-10-249-1/+202
| |
| * Repair tests to work with x509 validation code. Add intermediate ↵Magnus Ahltorp2014-10-244-1/+102
| | | | | | | | certificates to test chains.
| * Added external merging supportmap-external-merge2Magnus Ahltorp2014-10-247-2/+196
| |
* | Copyright NORDUnet.Linus Nordberg2014-10-291-2/+2
| |
* | Added external merging supportMagnus Ahltorp2014-10-297-2/+196
| |
* | Don't use update_known_roots/0 in get-roots.Linus Nordberg2014-10-241-1/+1
|/ | | | It's crashing and needs to be rewritten.
* Whitespace.Linus Nordberg2014-10-241-16/+19
| | | | No long lines.
* Use 'cacertfile' configuration.Linus Nordberg2014-10-241-1/+2
|
* Catch badly ASN.1-encoded certificates.Linus Nordberg2014-10-242-18/+31
| | | | | | Now not crashing badly encoded certs in the list of known roots, which is good. They're simply ignored. Next step is to figure out if we should accept some anomalies, due to reality.
* Use mochiweb for v1 APIMagnus Ahltorp2014-10-248-61/+134
| | | | | | Conflicts: catlfish.config src/v1.erl
* Merge branch 'disable-sslv3' into staging1Linus Nordberg2014-10-241-1/+2
|\
| * Disable SSLv3.Linus Nordberg2014-10-201-1/+2
| |
* | Merge branch 'validate-certchain' into staging1Linus Nordberg2014-10-2413-2/+593
|\ \ | | | | | | | | | | | | Conflicts: src/catlfish.erl
| * | Log (info) when adding and rejecting a certificate chain.validate-certchainLinus Nordberg2014-10-232-1/+9
| | | | | | | | | | | | Writing to stdout for now, until we've decided on logging framework.
| * | Split CertChain properly.Linus Nordberg2014-10-231-1/+1
| | | | | | | | | | | | This way, Chain is always a list.
| * | Don't use der_encoded().Linus Nordberg2014-10-231-6/+5
| | | | | | | | | | | | | | | The type definition seem to have disappeared from public_key.hrl in R17 and I don't know how to conditionally define a type.
| * | Implement cert chain validation.Linus Nordberg2014-10-2213-2/+586
| | | | | | | | | | | | NOTE: Presence of and constraints on names are not being validated.
* | | Compile with parse_transform from lagerMagnus Ahltorp2014-10-242-2/+3
| | |
* | | Added lager for loggingMagnus Ahltorp2014-10-243-1/+4
| | |
* | | Break include dependency on plop.hrlMagnus Ahltorp2014-10-243-9/+5
| |/ |/|
* | Add copyright and licensing information.copyrightLinus Nordberg2014-10-155-0/+18
|/ | | | After offline discussions with Magnus Ahltorp.
* Fix bug in get-entries limitation of entries.Linus Nordberg2014-10-101-2/+1
|
* Use proper return value format for plop:inclusion_and_entry().Linus Nordberg2014-10-101-1/+1
|
* Limit get-entries to 1000 entries at the time.Linus Nordberg2014-10-091-3/+2
|
* Merge remote-tracking branch 'refs/remotes/map/fsync4' into origin-masterLinus Nordberg2014-10-084-5/+10
|\ | | | | | | | | Conflicts: src/catlfish.erl
| * Remove reference to creating databaseMagnus Ahltorp2014-09-281-2/+0
| |
| * Use raw file storageMagnus Ahltorp2014-09-283-3/+10
| |
| * Fix api problemsMagnus Ahltorp2014-09-272-14/+26
| |