sraustein
commented
9 years ago It's an EE certificate, so it has no SIA caRepository URI.
Trac comment by sra on 2015-11-03T06:01:14Z
Closed sraustein closed 8 years ago
sraustein
commented
9 years ago It's an EE certificate, so it has no SIA caRepository URI.
Trac comment by sra on 2015-11-03T06:01:14Z
sraustein
commented
9 years ago sra sez {{{It's an EE certificate, so it has no SIA caDirectory.}}}
Trac comment by randy on 2015-11-03T06:01:41Z
sraustein
commented
9 years ago There are a few of those (URIs below), APNIC testbed specials. I no longer recall why EE certificates with no SIA extension at all are whine-and-permit rather than reject, probably allowing something stupid somebody was doing years ago. We might want to reject them.
But router certificates won't have SIA caRepository either, so code has to cope with that.
{{{ rsync://rpki-testbed.apnic.net/repository/A30015AEABE011E290E79B6AA8B6C50A/9N3KGvrzgk2bbnTso--n9nypjWk.cer rsync://rpki-testbed.apnic.net/repository/A30015AEABE011E290E79B6AA8B6C50A/kqYAhV1eAYgl-dBU_OYoeX-5LVA.cer rsync://rpki-testbed.apnic.net/repository/A30015AEABE011E290E79B6AA8B6C50A/rgxbeeiDGsrp6adxDmH5NTb5jI0.cer rsync://rpki-testbed.apnic.net/repository/A30015AEABE011E290E79B6AA8B6C50A/HdjmgYONJ-X7HmvTL6BISEB6hgU.cer rsync://rpki-testbed.apnic.net/repository/A30015AEABE011E290E79B6AA8B6C50A/7Pj3yBKbZrvhgsKvQ5U2eDSmAA8.cer rsync://rpki-testbed.apnic.net/repository/A30015AEABE011E290E79B6AA8B6C50A/kdlXwPfGIYZgVNUel9OZnsGNH0g.cer rsync://rpki-testbed.apnic.net/repository/A30015AEABE011E290E79B6AA8B6C50A/_uli2R1gc_ZyyU4SRRNID_r9-IU.cer rsync://rpki-testbed.apnic.net/repository/A30015AEABE011E290E79B6AA8B6C50A/2UBh1-XAvR-TRdxVvavTJt51-RA.cer rsync://rpki-testbed.apnic.net/repository/A30015AEABE011E290E79B6AA8B6C50A/yFyfoajrQom1Ut2VlI2ASTL7Qb0.cer rsync://rpki-testbed.apnic.net/repository/A30015AEABE011E290E79B6AA8B6C50A/F1mHhl42MFEhXJoY1yUtHwcp17Q.cer rsync://rpki-testbed.apnic.net/repository/A30015AEABE011E290E79B6AA8B6C50A/Mo5xeGmcWGO6w0WpCDKo8jGY1ow.cer rsync://rpki-testbed.apnic.net/repository/A30015AEABE011E290E79B6AA8B6C50A/VKejzbUVeBjTCfBJw4iuSKbuw7c.cer rsync://rpki-testbed.apnic.net/repository/A30015AEABE011E290E79B6AA8B6C50A/GDBtrds-xjFAltGawkhBMeSA7nw.cer rsync://rpki-testbed.apnic.net/repository/A30015AEABE011E290E79B6AA8B6C50A/Dwy5OwqfW0iINFIetXXwxCEajUg.cer rsync://rpki-testbed.apnic.net/repository/A30015AEABE011E290E79B6AA8B6C50A/oGRld_h3Mgd-tRvuRb1tglu5vpo.cer rsync://rpki-testbed.apnic.net/repository/A30015AEABE011E290E79B6AA8B6C50A/cxKlz6cAPZbcQ95BdqzM_vx4Bbw.cer rsync://rpki-testbed.apnic.net/repository/A30015AEABE011E290E79B6AA8B6C50A/jQWKwwQYNOqZc63T0FO2OkvYgSs.cer rsync://rpki-testbed.apnic.net/repository/A30015AEABE011E290E79B6AA8B6C50A/0IQCfN1Du7dqzF9fh5e7tAiTKq8.cer rsync://rpki-testbed.apnic.net/repository/A30015AEABE011E290E79B6AA8B6C50A/TH_QE3FEZO5pU8xSQWb_qykBsWs.cer rsync://rpki-testbed.apnic.net/repository/A30015AEABE011E290E79B6AA8B6C50A/ZCGzqp0QgrnJbg9N-8GzPOn7fcc.cer rsync://rpki-testbed.apnic.net/repository/A30015AEABE011E290E79B6AA8B6C50A/XqJeThfdatEtYBhvwbjqoNLuvYU.cer rsync://rpki-testbed.apnic.net/repository/A30015AEABE011E290E79B6AA8B6C50A/PDatNpjrP2fsfofiC7I9BekLYd8.cer rsync://rpki-testbed.apnic.net/repository/A30015AEABE011E290E79B6AA8B6C50A/eisl9hUUrjqxVxmdqZL8C0FUnXY.cer rsync://rpki-testbed.apnic.net/repository/A30015AEABE011E290E79B6AA8B6C50A/eaYORdLzbCkmahJ8FGl3ku8UAnM.cer rsync://rpki-testbed.apnic.net/repository/A30015AEABE011E290E79B6AA8B6C50A/pkb1ifkTHMfUXg19KoWU6eWQPHY.cer rsync://rpki-testbed.apnic.net/repository/A30015AEABE011E290E79B6AA8B6C50A/Rjy-IYEhFYCPJEkZzjBW16Q_TJY.cer }}}
Trac comment by sra on 2015-11-03T06:33:56Z
sraustein
commented
9 years ago < paranoid tought >
this would be an amusing time for geof to do creative things. i know he plans to TA 0/0. but he could do other things.
Trac comment by randy on 2015-11-03T06:36:49Z
sraustein
commented
9 years ago < paranoid tought >
this would be an amusing time for geof to do creative things. i know he plans to TA 0/0. but he could do other things.
All of these were issued 2 November and don't expire until 2030.
But this is the APNIC testbed, so, whatever.
Trac comment by sra on 2015-11-03T06:56:03Z
sraustein
commented
8 years ago rpkigui-rcynic was fixed in [6365] to ignore non-CA certificates in the repository, so this no long happens.
Trac comment by melkins on 2016-04-22T16:02:11Z
sraustein
commented
8 years ago Closed with resolution fixed
every hour or so
{{{ ERROR:rpki.gui.cacheview.util:caught exception while processing rcynic_object: vs=<validation_status_element id=34569595920 status=object_accepted file_class=<class 'rpki.rcynic.rcynic_certificate'> generation=current timestamp=2015-11-03T05:08:57Z uri=rsync://rpki-testbed.apnic.net/repository/A30015AEABE011E290E79B6AA8B6C50A/eaYORdLzbCkmahJ8FGl3ku8UAnM.cer filename=/var/rcynic/data/authenticated/rpki-testbed.apnic.net/repository/A30015AEABE011E290E79B6AA8B6C50A/eaYORdLzbCkmahJ8FGl3ku8UAnM.cer> obj=<rcynic_certificate rsync://rpki-testbed.apnic.net/repository/A30015AEABE011E290E79B6AA8B6C50A/eaYORdLzbCkmahJ8FGl3ku8UAnM.cer V4: 103.109.120.0/24 at 0x80c814450> Filename: /var/rcynic/data/authenticated/rpki-testbed.apnic.net/repository/A30015AEABE011E290E79B6AA8B6C50A/eaYORdLzbCkmahJ8FGl3ku8UAnM.cer Uri: rsync://rpki-testbed.apnic.net/repository/A30015AEABE011E290E79B6AA8B6C50A/eaYORdLzbCkmahJ8FGl3ku8UAnM.cer Notbefore: 2015-11-02T22:05:24Z Notafter: 2030-01-01T00:00:00Z Aia_uri: rsync://rpki-testbed.apnic.net/repository/333B6962A8E311E28B99CBD893E9F209/aQoXJB2bnmAcZXI68xsp0MEW_bM.cer Sia_directory_uri: None Resources: V4: 103.109.120.0/24 Traceback (most recent call last): File "/usr/local/libexec/rpkigui-rcynic", line 52, in
import_rcynic_xml(options.root, options.logfile)
File "/usr/local/lib/python2.7/site-packages/rpki/gui/cacheview/util.py", line 424, in import_rcynic_xml
process_cache(root, logfile)
File "/usr/local/lib/python2.7/site-packages/django/db/transaction.py", line 224, in inner
return func(_args, *_kwargs)
File "/usr/local/lib/python2.7/site-packages/rpki/gui/cacheview/util.py", line 263, in process_cache
save_status(repo, vs)
File "/usr/local/lib/python2.7/site-packages/rpki/gui/cacheview/util.py", line 236, in save_status
dispatch[vs.file_class.name](obj, inst)
File "/usr/local/lib/python2.7/site-packages/rpki/gui/cacheview/util.py", line 49, in rcynic_cert
obj.save()
File "/usr/local/lib/python2.7/site-packages/django/db/models/base.py", line 463, in save
self.save_base(using=using, force_insert=force_insert, force_update=force_update)
File "/usr/local/lib/python2.7/site-packages/django/db/models/base.py", line 551, in save_base
result = manager._insert([self], fields=fields, return_id=update_pk, using=using, raw=raw)
File "/usr/local/lib/python2.7/site-packages/django/db/models/manager.py", line 203, in _insert
return insert_query(self.model, objs, fields, **kwargs)
File "/usr/local/lib/python2.7/site-packages/django/db/models/query.py", line 1593, in insert_query
return query.get_compiler(using=using).execute_sql(return_id)
File "/usr/local/lib/python2.7/site-packages/django/db/models/sql/compiler.py", line 912, in execute_sql
cursor.execute(sql, params)
File "/usr/local/lib/python2.7/site-packages/django/db/backends/mysql/base.py", line 114, in execute
return self.cursor.execute(query, args)
File "/usr/local/lib/python2.7/site-packages/MySQLdb/cursors.py", line 205, in execute
self.errorhandler(self, exc, value)
File "/usr/local/lib/python2.7/site-packages/MySQLdb/connections.py", line 36, in defaulterrorhandler
raise errorclass, errorvalue
django.db.utils.IntegrityError: (1048, "Column 'sia' cannot be null")
Program /usr/local/libexec/rpkigui-rcynic exited with status 1
}}}
Trac ticket #778 component gui priority major, owner None, created by randy on 2015-11-03T05:56:53Z, last modified 2016-04-22T16:02:11Z