Skip to content
This repository has been archived by the owner on Jun 9, 2024. It is now read-only.

can octorpki connect to new custom TALs? #105

Open
cli0 opened this issue Dec 28, 2021 · 4 comments
Open

can octorpki connect to new custom TALs? #105

cli0 opened this issue Dec 28, 2021 · 4 comments

Comments

@cli0
Copy link

cli0 commented Dec 28, 2021

I would like to test octorpki using my own testbed tal created via krill but the software doesn't recognize my tal. It doesn't even throw any error messages. I compiled octorpki using https://github.com/cloudflare/cfrpki#compile . I adapted the source code to include my new custom TAL in RootTALs

	RootTAL       = flag.String("tal.root", "tals/afrinic.tal,tals/apnic.tal,tals/arin.tal,tals/lacnic.tal,tals/ripe.tal,tals/ta.tal", "List of TAL separated by comma")
	TALNames      = flag.String("tal.name", "AFRINIC,APNIC,ARIN,LACNIC,RIPE,TEST", "Name of the TALs")

I deleted the other TALs from the TAL folder so that I could observer what happens with my TAL but for every validation run I get the following logs.

time="2021-12-28T10:15:20+01:00" level=info msg="Validator started"
time="2021-12-28T10:15:20+01:00" level=info msg="Serving HTTP on :8081/output.json"
time="2021-12-28T10:15:20+01:00" level=info msg="Still exploring. Revalidating now"
time="2021-12-28T10:15:20+01:00" level=info msg="Stable state. Revalidating in 20m0s"

My TAL works and is accessible via Routinator but with Octorpki I cant make it work. Any suggestion would be very appreciated.
@ties
Copy link

ties commented Dec 28, 2021

I have an octorpki instance running against a test tal using command line arguments. Have you tried that approach?

@cli0
Copy link
Author

cli0 commented Dec 28, 2021

Hello ties, yes I think I have. After I made those small changes in the source code I compiled octorpki, got the new octorpki binary and ran it via

nohup octorpki -output.sign=false > out 2> err &

did I do something wrong or is there an alternative?

@cli0
Copy link
Author

cli0 commented Dec 29, 2021

Small update, curiously, changing the source code and compiling the changes with go build does not work but adding the new TAL and TAL name via command line directly octorpki -output.sign=false -tal.root="tals/ta.tal" --tal.name="TEST" > out 2> err works. TAL is recognized. I have encountered another issue though, and that is octorpki throws an error for self signed certificates (like the one im using for my locally hosted testbed TAL). Any change to the source code also doesn't seem to hold up after compiling the new binary. Granted I am not a Golang programmer so I can't maneuver a lot.

Is there a way for a self signed certificates to be accepted by octorpki for a testing environment?

@ties
Copy link

ties commented Dec 29, 2021

Odd that it did not work that other way around!

Is there a way for a self signed certificates to be accepted by octorpki for a testing environment?

For the URL of the repository? I would need to check the code. You may also be able to add the certificate to the certificate store that the go binary uses (standard unix tricks apply to figure out if it reads that, you may be able to strace that)

Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@ties @cli0