Commit message (Collapse) | Author | Age | Files | Lines | ||
---|---|---|---|---|---|---|
... | ||||||
* | Stop validating that cert.issuer matches issuer.subject. | Linus Nordberg | 2015-02-20 | 1 | -46/+27 | |
| | | | | | | | | | | Even canoncalized versions of this data mismatch in otherwise proper chains. Since we're not here to validate chains for any other reasons than attribution and spam control, let's stop validate cert.issuer==candidate.subject. We still verify the cryptographic chain with signatures of tbsCertificates of course. Resolves CATLFISH-19. | |||||
* | Make unit tests work again. | Linus Nordberg | 2015-02-19 | 8 | -29/+52 | |
| | | | | Makefile target 'check' runs them. | |||||
* | Have README reflect the current state of logging a bit better. | Linus Nordberg | 2014-11-21 | 1 | -7/+5 | |
| | ||||||
* | We don't use jiffy any more. | Linus Nordberg | 2014-11-20 | 1 | -2/+1 | |
| | ||||||
* | Catch ctrl-c more correctly. Catch SystemExit from add_chain and exit in ↵ | Magnus Ahltorp | 2014-11-18 | 1 | -8/+22 | |
| | | | | main process instead | |||||
* | Verify certificates by decoding them as 'plain' certs rather than 'otp. | Linus Nordberg | 2014-11-18 | 2 | -67/+201 | |
| | | | | | | | OTP cert validation is too strict. Let's see if this is forgiving enough for our needs. Also, move all cert reading from disk to x509.erl. | |||||
* | Entry hash runs over leaf plus chain. | Linus Nordberg | 2014-11-18 | 1 | -2/+2 | |
| | | | | Closes CATLFISH-5. | |||||
* | Log some info about certs that don't parse and why. | Linus Nordberg | 2014-11-05 | 2 | -11/+27 | |
| | | | | Also move x509 specific code to the x509 module. | |||||
* | Make 'release' depend on 'all'. | Linus Nordberg | 2014-11-03 | 1 | -1/+1 | |
| | ||||||
* | Protect rel/db when making 'release'. | Linus Nordberg | 2014-11-03 | 1 | -0/+3 | |
| | ||||||
* | Merge remote-tracking branch 'refs/remotes/map/external-merge3' into ↵ | Linus Nordberg | 2014-10-29 | 22 | -201/+688 | |
|\ | | | | | | | | | | | | | | | | | merging-external-merge Conflicts: src/v1.erl tools/merge.py tools/testcase1.py | |||||
| * | httpd.conf removed, reflect this in Makefile. Touch test db files. | Magnus Ahltorp | 2014-10-28 | 1 | -2/+2 | |
| | | ||||||
| * | Check return value from merge.py | Magnus Ahltorp | 2014-10-28 | 1 | -6/+15 | |
| | | ||||||
| * | certtools.py: fix bug in build_merkle_tree | Magnus Ahltorp | 2014-10-28 | 1 | -0/+3 | |
| | | ||||||
| * | merge.py: send whole sth in sendsth call | Magnus Ahltorp | 2014-10-27 | 2 | -1/+46 | |
| | | ||||||
| * | fetchallcerts.py: calculate root hash | Magnus Ahltorp | 2014-10-27 | 2 | -15/+61 | |
| | | ||||||
| * | Added fetchallcerts.py | Magnus Ahltorp | 2014-10-27 | 2 | -0/+61 | |
| | | ||||||
| * | submitcert.py: submit multiple cert chains | Magnus Ahltorp | 2014-10-27 | 2 | -40/+78 | |
| | | ||||||
| * | Handle missing entries in merge | Magnus Ahltorp | 2014-10-27 | 1 | -2/+26 | |
| | | ||||||
| * | Rewrite root certificate cache handling | Magnus Ahltorp | 2014-10-26 | 3 | -18/+30 | |
| | | ||||||
| * | Stop using jiffy | Magnus Ahltorp | 2014-10-25 | 3 | -122/+108 | |
| | | ||||||
| * | Move internal HTTP APIs to mochiweb. | Magnus Ahltorp | 2014-10-25 | 7 | -58/+19 | |
| | | ||||||
| * | System tests for external merge | Magnus Ahltorp | 2014-10-24 | 9 | -1/+202 | |
| | | ||||||
| * | Repair tests to work with x509 validation code. Add intermediate ↵ | Magnus Ahltorp | 2014-10-24 | 4 | -1/+102 | |
| | | | | | | | | certificates to test chains. | |||||
| * | Added external merging supportmap-external-merge2 | Magnus Ahltorp | 2014-10-24 | 7 | -2/+196 | |
| | | ||||||
* | | Copyright NORDUnet. | Linus Nordberg | 2014-10-29 | 1 | -2/+2 | |
| | | ||||||
* | | Added external merging support | Magnus Ahltorp | 2014-10-29 | 7 | -2/+196 | |
| | | ||||||
* | | Don't use update_known_roots/0 in get-roots. | Linus Nordberg | 2014-10-24 | 1 | -1/+1 | |
|/ | | | | It's crashing and needs to be rewritten. | |||||
* | Whitespace. | Linus Nordberg | 2014-10-24 | 1 | -16/+19 | |
| | | | | No long lines. | |||||
* | Use 'cacertfile' configuration. | Linus Nordberg | 2014-10-24 | 1 | -1/+2 | |
| | ||||||
* | Catch badly ASN.1-encoded certificates. | Linus Nordberg | 2014-10-24 | 2 | -18/+31 | |
| | | | | | | Now not crashing badly encoded certs in the list of known roots, which is good. They're simply ignored. Next step is to figure out if we should accept some anomalies, due to reality. | |||||
* | Use mochiweb for v1 API | Magnus Ahltorp | 2014-10-24 | 8 | -61/+134 | |
| | | | | | | Conflicts: catlfish.config src/v1.erl | |||||
* | Merge branch 'disable-sslv3' into staging1 | Linus Nordberg | 2014-10-24 | 1 | -1/+2 | |
|\ | ||||||
| * | Disable SSLv3. | Linus Nordberg | 2014-10-20 | 1 | -1/+2 | |
| | | ||||||
* | | Merge branch 'validate-certchain' into staging1 | Linus Nordberg | 2014-10-24 | 13 | -2/+593 | |
|\ \ | | | | | | | | | | | | | Conflicts: src/catlfish.erl | |||||
| * | | Log (info) when adding and rejecting a certificate chain.validate-certchain | Linus Nordberg | 2014-10-23 | 2 | -1/+9 | |
| | | | | | | | | | | | | Writing to stdout for now, until we've decided on logging framework. | |||||
| * | | Split CertChain properly. | Linus Nordberg | 2014-10-23 | 1 | -1/+1 | |
| | | | | | | | | | | | | This way, Chain is always a list. | |||||
| * | | Don't use der_encoded(). | Linus Nordberg | 2014-10-23 | 1 | -6/+5 | |
| | | | | | | | | | | | | | | | The type definition seem to have disappeared from public_key.hrl in R17 and I don't know how to conditionally define a type. | |||||
| * | | Implement cert chain validation. | Linus Nordberg | 2014-10-22 | 13 | -2/+586 | |
| | | | | | | | | | | | | NOTE: Presence of and constraints on names are not being validated. | |||||
* | | | Compile with parse_transform from lager | Magnus Ahltorp | 2014-10-24 | 2 | -2/+3 | |
| | | | ||||||
* | | | Added lager for logging | Magnus Ahltorp | 2014-10-24 | 3 | -1/+4 | |
| | | | ||||||
* | | | Break include dependency on plop.hrl | Magnus Ahltorp | 2014-10-24 | 3 | -9/+5 | |
| |/ |/| | ||||||
* | | Add copyright and licensing information.copyright | Linus Nordberg | 2014-10-15 | 5 | -0/+18 | |
|/ | | | | After offline discussions with Magnus Ahltorp. | |||||
* | Fix bug in get-entries limitation of entries. | Linus Nordberg | 2014-10-10 | 1 | -2/+1 | |
| | ||||||
* | Use proper return value format for plop:inclusion_and_entry(). | Linus Nordberg | 2014-10-10 | 1 | -1/+1 | |
| | ||||||
* | Limit get-entries to 1000 entries at the time. | Linus Nordberg | 2014-10-09 | 1 | -3/+2 | |
| | ||||||
* | Merge remote-tracking branch 'refs/remotes/map/fsync4' into origin-master | Linus Nordberg | 2014-10-08 | 4 | -5/+10 | |
|\ | | | | | | | | | Conflicts: src/catlfish.erl | |||||
| * | Remove reference to creating database | Magnus Ahltorp | 2014-09-28 | 1 | -2/+0 | |
| | | ||||||
| * | Use raw file storage | Magnus Ahltorp | 2014-09-28 | 3 | -3/+10 | |
| | | ||||||
| * | Fix api problems | Magnus Ahltorp | 2014-09-27 | 2 | -14/+26 | |
| | |