-
Notifications
You must be signed in to change notification settings - Fork 17
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Issuer certificate not found even tough it is in cache ta
folder
#101
Comments
And just in case there is no other way to get this done, let me ask this already as a follow-up: Is there a way to get the default TAL directory that is configured during install from |
The documentation could perhaps make this a bit more explicit: rpki-client assumes that it owns the entire cache dir and it will delete the TALs you downloaded into it. It will then fall back to the system-wide installed TALs and fail to find the If you make two subdirectories of your And no, as far as I know, there is currently no way to find the system-configured TAL directory from running the executable. |
@botovq Right, I just noticed that the TAL files are gone and wondered about that. Give me a day to see if this works and then I will close this ASAP. Thanks a lot! |
Also the |
Hi, I am using
rpki-client
to download ROAs to a cache dir using the-d
option. Lately, I ran into an issue due to the missing ARIN TAL. I can download the ARIN ROAs by providing the ARIN TAL with a-t
and I also see the certificate in theta
folder in the cache dir. So this works as expected:However, in the next step, I am validating the ROAs in the cache dir and it seems like the certificate in the
ta
folder is ignored. To make it explicit I run:I have also tried to pass the TAL as a
-t
to the validation command above but in both cases all the ARIN ROAs have the same error:I would have expected
rpki-client
to use the certificates in theta
folder if a cache dir is provided and it contains ata
folder with certificates. If there is another way or I misunderstood something it would be great to know the correct way to deal with this. I guess moving the ARIN to the/etc/rpki/
folder on the user's system would be a possible fix but I would prefer it if I could keep the data used self-contained (all in the cache dir) and make it explicit where the file is that is used, just like I do with-t
.FWIW, the project is Kartograf and the file that contains the
rpki-client
usage is here: https://github.com/fjahr/kartograf/blob/master/kartograf/rpki/fetch.pyThanks a lot!
The text was updated successfully, but these errors were encountered: