certbot/certbot-apache/certbot_apache/constants.py

"""Apache plugin constants."""
import pkg_resources


MOD_SSL_CONF_DEST = "options-ssl-apache.conf"
"""Name of the mod_ssl config file as saved in `IConfig.config_dir`."""


UPDATED_MOD_SSL_CONF_DIGEST = ".updated-options-ssl-apache-conf-digest.txt"
"""Name of the hash of the updated or informed mod_ssl_conf as saved in `IConfig.config_dir`."""

ALL_SSL_OPTIONS_HASHES = [
    '2086bca02db48daf93468332543c60ac6acdb6f0b58c7bfdf578a5d47092f82a',
    '4844d36c9a0f587172d9fa10f4f1c9518e3bcfa1947379f155e16a70a728c21a',
    '5a922826719981c0a234b1fbcd495f3213e49d2519e845ea0748ba513044b65b',
    '4066b90268c03c9ba0201068eaa39abbc02acf9558bb45a788b630eb85dadf27',
    'f175e2e7c673bd88d0aff8220735f385f916142c44aa83b09f1df88dd4767a88',
    'cfdd7c18d2025836ea3307399f509cfb1ebf2612c87dd600a65da2a8e2f2797b',
    '80720bd171ccdc2e6b917ded340defae66919e4624962396b992b7218a561791',
    'c0c022ea6b8a51ecc8f1003d0a04af6c3f2bc1c3ce506b3c2dfc1f11ef931082',
]
"""SHA256 hashes of the contents of previous versions of all versions of MOD_SSL_CONF_SRC"""

AUGEAS_LENS_DIR = pkg_resources.resource_filename(
    "certbot_apache", "augeas_lens")
"""Path to the Augeas lens directory"""

REWRITE_HTTPS_ARGS = [
    "^", "https://%{SERVER_NAME}%{REQUEST_URI}", "[L,NE,R=permanent]"]
"""Apache version<2.3.9 rewrite rule arguments used for redirections to
https vhost"""

REWRITE_HTTPS_ARGS_WITH_END = [
    "^", "https://%{SERVER_NAME}%{REQUEST_URI}", "[END,NE,R=permanent]"]
"""Apache version >= 2.3.9 rewrite rule arguments used for redirections to
    https vhost"""

OLD_REWRITE_HTTPS_ARGS = [
    ["^", "https://%{SERVER_NAME}%{REQUEST_URI}", "[L,QSA,R=permanent]"],
    ["^", "https://%{SERVER_NAME}%{REQUEST_URI}", "[END,QSA,R=permanent]"]]

HSTS_ARGS = ["always", "set", "Strict-Transport-Security",
             "\"max-age=31536000\""]
"""Apache header arguments for HSTS"""

UIR_ARGS = ["always", "set", "Content-Security-Policy",
            "upgrade-insecure-requests"]

HEADER_ARGS = {"Strict-Transport-Security": HSTS_ARGS,
               "Upgrade-Insecure-Requests": UIR_ARGS}
Move apache constants/args/IConfig to its subdirectory 2015-04-22 04:32:34 -04:00			`"""Apache plugin constants."""`
			`import pkg_resources`


Don't allow user supplied mod_ssl conf destination (fixes #451). 2015-06-01 20:14:10 -04:00			`MOD_SSL_CONF_DEST = "options-ssl-apache.conf"`
			"""Name of the mod_ssl config file as saved in `IConfig.config_dir`."""
Move apache constants/args/IConfig to its subdirectory 2015-04-22 04:32:34 -04:00
Mechanism for automatically updating options-ssl-apache.conf file * add file update mechanism + tests to apache * update with actual hashes, and update apache test to match since there aren't previous versions 2017-05-23 19:25:39 -04:00
			`UPDATED_MOD_SSL_CONF_DIGEST = ".updated-options-ssl-apache-conf-digest.txt"`
			"""Name of the hash of the updated or informed mod_ssl_conf as saved in `IConfig.config_dir`."""

			`ALL_SSL_OPTIONS_HASHES = [`
			`'2086bca02db48daf93468332543c60ac6acdb6f0b58c7bfdf578a5d47092f82a',`
			`'4844d36c9a0f587172d9fa10f4f1c9518e3bcfa1947379f155e16a70a728c21a',`
Finish work on #4718. * Update in response to changes in #4720. * Update ALL_SSL_OPTIONS_HASHES. * Add warning to Apache's SSL options files. 2017-06-01 12:12:50 -04:00			`'5a922826719981c0a234b1fbcd495f3213e49d2519e845ea0748ba513044b65b',`
			`'4066b90268c03c9ba0201068eaa39abbc02acf9558bb45a788b630eb85dadf27',`
			`'f175e2e7c673bd88d0aff8220735f385f916142c44aa83b09f1df88dd4767a88',`
			`'cfdd7c18d2025836ea3307399f509cfb1ebf2612c87dd600a65da2a8e2f2797b',`
Update test-everything (#5397) * Use josepy instead of acme.jose. (#5203) * Parse variables without whitespace separator correctly in CentOS family of distributions (#5318) * Pin josepy in letsencrypt-auto (#5321) * pin josepy in le-auto * Put pinned versions in sorted order * Pin dependencies in oldest tests (#5316) * Add tools/merge_requirements.py * Revert "Fix oldest tests by pinning Google DNS deps (#5000)" This reverts commit f68fba2be2fc342dd72deaaf048ab79e5a8fc2be. * Add tools/oldest_constraints.txt * Remove oldest constraints from tox.ini * Rename dev constraints file * Update tools/pip_install.sh * Update install_and_test.sh * Fix pip_install.sh * Don't cat when you can cp * Add ng-httpsclient to dev constraints for oldest tests * Bump tested setuptools version * Update dev_constraints comment * Better document oldest dependencies * test against oldest versions we say we require * Update dev constraints * Properly handle empty lines * Update constraints gen in pip_install * Remove duplicated zope.component * Reduce pyasn1-modules dependency * Remove blank line * pin back google-api-python-client * pin back uritemplate * pin josepy for oldest tests * Undo changes to install_and_test.sh * Update install_and_test.sh description * use split instead of partition * More pip dependency resolution workarounds (#5339) * remove pyopenssl and six deps * remove outdated tox.ini dep requirement * Fix auto_tests on systems with new bootstrappers (#5348) * Fix pytest on macOS in Travis (#5360) * Add tools/pytest.sh * pass TRAVIS through in tox.ini * Use tools/pytest.sh to run pytest * Add quiet to pytest.ini * ignore pytest cache * print as a string (#5359) * Use apache2ctl modules for Gentoo systems. (#5349) * Do not call Apache binary for module reset in cleanup() * Use apache2ctl modules for Gentoo * Broader git ignore for pytest cache files (#5361) Make gitignore take pytest cache directories in to account, even if they reside in subdirectories. If pytest is run for a certain module, ie. `pytest certbot-apache` the cache directory is created under `certbot-apache` directory. * Fix letsencrypt-auto name and long forms of -n (#5375) * Deprecate Python2.6 by using Python3 on CentOS/RHEL 6 (#5329) * If there's no python or there's only python2.6 on red hat systems, install python3 * Always check for python2.6 * address style, documentation, nits * factor out all initialization code * fix up python version return value when no python installed * add no python error and exit * document DeterminePythonVersion parameters * build letsencrypt-auto * close brace * build leauto * fix syntax errors * set USE_PYTHON_3 for all cases * rip out NOCRASH * replace NOCRASH, update LE_PYTHON set logic * use built-in venv for py3 * switch to LE_PYTHON not affecting bootstrap selection and not overwriting LE_PYTHON * python3ify fetch.py * get fetch.py working with python2 and 3 * don't verify server certificates in fetch.py HttpsGetter * Use SSLContext and an environment variable so that our tests continue to never verify server certificates. * typo * build * remove commented out code * address review comments * add documentation for YES_FLAG and QUIET_FLAG * Add tests to centos6 Dockerfile to make sure we install python3 if and only if appropriate to do so. * Allow non-interactive revocation without deleting certificates (#5386) * Add --delete-after-revoke flags * Use delete_after_revoke value * Add delete_after_revoke unit tests * Add integration tests for delete-after-revoke. * Have letsencrypt-auto do a real upgrade in leauto-upgrades option 2 (#5390) * Make leauto_upgrades do a real upgrade * Cleanup vars and output * Sleep until the server is ready * add simple_http_server.py * Use a randomly assigned port * s/realpath/readlink * wait for server before getting port * s/localhost/all interfaces * update Apache ciphersuites (#5383) * Fix macOS builds for Python2.7 in Travis (#5378) * Add OSX Python2 tests * Make sure python2 is originating from homebrew on macOS * Upgrade the already installed python2 instead of trying to reinstall 2018-01-09 20:24:14 -05:00			`'80720bd171ccdc2e6b917ded340defae66919e4624962396b992b7218a561791',`
			`'c0c022ea6b8a51ecc8f1003d0a04af6c3f2bc1c3ce506b3c2dfc1f11ef931082',`
Mechanism for automatically updating options-ssl-apache.conf file * add file update mechanism + tests to apache * update with actual hashes, and update apache test to match since there aren't previous versions 2017-05-23 19:25:39 -04:00			`]`
			`"""SHA256 hashes of the contents of previous versions of all versions of MOD_SSL_CONF_SRC"""`

constants.AUGEAS_LENS_DIR 2015-11-04 15:12:39 -05:00			`AUGEAS_LENS_DIR = pkg_resources.resource_filename(`
s/letsencrypt/certbot letsencrypt-apache 2016-04-13 19:30:57 -04:00			`"certbot_apache", "augeas_lens")`
constants.AUGEAS_LENS_DIR 2015-11-04 15:12:39 -05:00			`"""Path to the Augeas lens directory"""`
load augeas httpd lens from inside of lets encrypt 2015-11-02 19:22:58 -05:00
Move apache constants/args/IConfig to its subdirectory 2015-04-22 04:32:34 -04:00			`REWRITE_HTTPS_ARGS = [`
Change QSA to NE in HTTPS redirection (#4204) * Change QSA to NE in HTTPS redirection * Seamless transition to new HTTPS redirection RewriteRule 2017-03-02 19:49:34 -05:00			`"^", "https://%{SERVER_NAME}%{REQUEST_URI}", "[L,NE,R=permanent]"]`
Pep8 love 2016-01-14 06:25:15 -05:00			`"""Apache version<2.3.9 rewrite rule arguments used for redirections to`
			`https vhost"""`
Add HSTS header enhancement to Apache 2015-11-06 17:31:30 -05:00
alter redirect_verification to raise only when an exact Letsencrypt redirction rewrite rule is encountered 2015-12-01 19:05:15 -05:00			`REWRITE_HTTPS_ARGS_WITH_END = [`
Change QSA to NE in HTTPS redirection (#4204) * Change QSA to NE in HTTPS redirection * Seamless transition to new HTTPS redirection RewriteRule 2017-03-02 19:49:34 -05:00			`"^", "https://%{SERVER_NAME}%{REQUEST_URI}", "[END,NE,R=permanent]"]`
delete unneeded tests 2015-12-01 19:16:13 -05:00			`"""Apache version >= 2.3.9 rewrite rule arguments used for redirections to`
alter redirect_verification to raise only when an exact Letsencrypt redirction rewrite rule is encountered 2015-12-01 19:05:15 -05:00			`https vhost"""`
Generalized http-header enhancement 2015-11-07 23:37:57 -05:00
Change QSA to NE in HTTPS redirection (#4204) * Change QSA to NE in HTTPS redirection * Seamless transition to new HTTPS redirection RewriteRule 2017-03-02 19:49:34 -05:00			`OLD_REWRITE_HTTPS_ARGS = [`
			`["^", "https://%{SERVER_NAME}%{REQUEST_URI}", "[L,QSA,R=permanent]"],`
			`["^", "https://%{SERVER_NAME}%{REQUEST_URI}", "[END,QSA,R=permanent]"]]`

Generalized http-header enhancement 2015-11-07 23:37:57 -05:00			`HSTS_ARGS = ["always", "set", "Strict-Transport-Security",`
Pep8 love 2016-01-14 06:25:15 -05:00			`"\"max-age=31536000\""]`
Add HSTS header enhancement to Apache 2015-11-06 17:31:30 -05:00			`"""Apache header arguments for HSTS"""`

Generalized http-header enhancement 2015-11-07 23:37:57 -05:00			`UIR_ARGS = ["always", "set", "Content-Security-Policy",`
Pep8 love 2016-01-14 06:25:15 -05:00			`"upgrade-insecure-requests"]`
Generalized http-header enhancement 2015-11-07 23:37:57 -05:00
Add tests and comments 2015-11-08 10:21:36 -05:00			`HEADER_ARGS = {"Strict-Transport-Security": HSTS_ARGS,`
Pep8 love 2016-01-14 06:25:15 -05:00			`"Upgrade-Insecure-Requests": UIR_ARGS}`