search

NICMx / FORT-validator

RPKI cache validator
MIT License
49 stars 24 forks source link

Wrong "serial number X is not unique" error is displayed when an MFT expired error happens #13

Closed TheRedTrainer closed 5 years ago

TheRedTrainer commented 5 years ago

When RPKI is validating a repository and a MFT file is expired, the corresponding error is displayed. However, RPKI tries to validate again that MFT and then, a not corresponding "serial number X is not unique" error is displayed

ERR: rsync://localhost/repository/axtel-mft.mft: Manifest is expired. (nextUpdate: 2019/08/01 16:45:40)
INF: rsync://localhost/repository/axtel-ca.cer: Retrying repository download to discard 'transient inconsistency' manifest issue (see RFC 6481 section 5) 'rsync://localhost/repository/'
WRN: rsync://localhost/repository/axtel-mft.mft: Serial number '3' is not unique. (Also found in 'rsync://localhost/repository/axtel-mft.mft'.)
WRN: rsync://localhost/repository/axtel-mft.mft: Subject name '1564695948934085260' is not unique. (Also found in 'rsync://localhost/repository/axtel-mft.mft'.)
ERR: rsync://localhost/repository/axtel-mft.mft: Manifest is expired. (nextUpdate: 2019/08/01 16:45:40)

The real problem is that MFT is expired, not that its serial number is not unique.

TheRedTrainer commented 5 years ago

Fixed. RPKI now displays only the corresponding error message:

ERR: rsync://localhost/repository/testnic-mft.mft: Manifest is not valid yet. (thisUpdate: 9999/08/09 13:35:12)
INF: rsync://localhost/repository/testnic-ca.cer: Retrying repository download to discard 'transient inconsistency' manifest issue (see RFC 6481 section 5) 'rsync://localhost/repository/'
ERR: rsync://localhost/repository/testnic-mft.mft: Manifest is not valid yet. (thisUpdate: 9999/08/09 13:35:12)
^CINF: Client connection attempt not accepted: Interrupted system call. Quitting...