the rrdp directory. This is used before a snapshot download to ensure
that the snapshot is applied to a clean repo.
Similar cleanup happens if the transfer fails. In that case remove the
temp directory contents only.
This uses a new function remove_contents() to remove everything below
a base directory (a bit like rm -r X/*).
OK tb@
based on information from the repository, a local path and the filename.
This simplifies some code both in the main process and the parser.
For this to work repositories are passed to the parser before any other
entity of this repository is passed. Struct entity is extended to include
the repoid and the path along the file(name).
Input and OK tb@ & job@
Introduce an additional timeout for each publication point.
The limits are large enough to accomodate normal operating levels.
With and OK benno@ job@ tb@ beck@ deraadt@
Since they are stored in an array just blast the full array in and out
of the io buffers at once instead of iterating element by element.
It also allows to remove a lot of extra code.
OK benno@ job@
In most cases we already warn and continue if someone sends us malformed
x509 objects. This makes this consistent behaviour in all places
so that if someone passes in bogus X509, We end up failing their entry
and continuing rather than exiting.
We still exit on memory/system failures so that a future run of rpki
client can simply do better when the machine is perhaps less hammered
on
ok job@ claudio@
mish mash of poll, non-blocking writes and blocking reads. Using the
introduced ibuf size header in io_buf_new()/io_buf_close() the read
side can be changed to pull in a full ibuf and only start the un-marshal
once all data has been read.
OK benno@
io_buf_close(). These function will inject a size of the the buffer
at the beginning of the buffer and will allow the read size to be
switched to proper async IO.
OK benno@
Instead of converting the ASN1_OBJECT into a string and comparing the
strings, convert the string into an ASN1_OBJECT once and then compare
these objects with OBJ_cmp().
Makes the code a bit easier to read and removes some repetitive conversions.
With input and OK tb@
The 'expires' value contains a reasonable earliest moment a VRP would expire,
in light of the currently available set of CAs and CRLs. The 'expires' value
can be used to avoid route selection based on stale data when generating VRP
sets, when faced with loss of communication between consumer and valdiator,
or validator and CA repository.
OK claudio@
in rpki-client. For now it is off by default.
All XML processing is done in its own process with minimal pledge rights.
It uses the already present https process to fetch the xml files and uses
the master porcess to handle the file IO into the repositories.
RRDP data is stored in the cache under ./rrdp/ and the first directory
is the SHA256 hash of the notify URI.
Fetching snapshots and deltas works to bring the cache up to date.
If something goes wrong rpki-client will fall back to rsync.
RRDP was implemented by Nils Fisher and integrated into rpki-client by myself.
"Time to get it in" deraadt@
Since aia, aki and ski are all represented by char *, this is an
error-prone interface - as found by job. The function doesn't do
much anyway.
ok claudio
remove handling of 206 Partial Content (the client does not use range
headers). Report the Last-Modified timestamp back to the requestor and
switch OK to a enum value for (FAIL, OK and NOT MODIFIED).
OK tb@
