From 0004610e610b3491a190b074ddaa20e592ef3d93 Mon Sep 17 00:00:00 2001 From: Gene Wood Date: Thu, 3 Dec 2015 12:40:10 -0800 Subject: [PATCH 01/37] Fixing the grammar of the _suggest_donate message --- letsencrypt/cli.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/letsencrypt/cli.py b/letsencrypt/cli.py index 9835fa126..3652f828f 100644 --- a/letsencrypt/cli.py +++ b/letsencrypt/cli.py @@ -306,7 +306,7 @@ def _report_new_cert(cert_path, fullchain_path): def _suggest_donate(): "Suggest a donation to support Let's Encrypt" reporter_util = zope.component.getUtility(interfaces.IReporter) - msg = ("If like Let's Encrypt, please consider supporting our work by:\n\n" + msg = ("If you like Let's Encrypt, please consider supporting our work by:\n\n" "Donating to ISRG / Let's Encrypt: https://letsencrypt.org/donate\n" "Donating to EFF: https://eff.org/donate-le\n\n") reporter_util.add_message(msg, reporter_util.LOW_PRIORITY) From ad5352e8cced72fd6f208eea4e96575bb60bf4e2 Mon Sep 17 00:00:00 2001 From: Peter Eckersley Date: Thu, 3 Dec 2015 12:54:32 -0800 Subject: [PATCH 02/37] Upstream augeas fix for backslashes at the start of directive args From: https://github.com/hercules-team/augeas/pull/325 Fixes: #1531 --- letsencrypt-apache/letsencrypt_apache/augeas_lens/httpd.aug | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/letsencrypt-apache/letsencrypt_apache/augeas_lens/httpd.aug b/letsencrypt-apache/letsencrypt_apache/augeas_lens/httpd.aug index 30d8ca501..83d97f7a4 100644 --- a/letsencrypt-apache/letsencrypt_apache/augeas_lens/httpd.aug +++ b/letsencrypt-apache/letsencrypt_apache/augeas_lens/httpd.aug @@ -59,7 +59,7 @@ let empty = Util.empty_dos let indent = Util.indent (* borrowed from shellvars.aug *) -let char_arg_dir = /([^\\ '"\t\r\n]|[^\\ '"\t\r\n][^ '"\t\r\n]*[^\\ '"\t\r\n])|\\\\"|\\\\'/ +let char_arg_dir = /([^\\ '"\t\r\n]|[^ '"\t\r\n]+[^\\ '"\t\r\n])|\\\\"|\\\\'/ let char_arg_sec = /[^ '"\t\r\n>]|\\\\"|\\\\'/ let cdot = /\\\\./ let cl = /\\\\\n/ From 55d51530d916acc8b418c7b79c3bd8d03d56fa2a Mon Sep 17 00:00:00 2001 From: Peter Eckersley Date: Thu, 3 Dec 2015 12:56:29 -0800 Subject: [PATCH 03/37] This should fix parsing of drupal .htaccess files --- .../{failing => passing}/drupal-htaccess-1531.conf | 0 1 file changed, 0 insertions(+), 0 deletions(-) rename tests/apache-conf-files/{failing => passing}/drupal-htaccess-1531.conf (100%) diff --git a/tests/apache-conf-files/failing/drupal-htaccess-1531.conf b/tests/apache-conf-files/passing/drupal-htaccess-1531.conf similarity index 100% rename from tests/apache-conf-files/failing/drupal-htaccess-1531.conf rename to tests/apache-conf-files/passing/drupal-htaccess-1531.conf From 5a39e833c4982085ed88562dd08050966bf7590e Mon Sep 17 00:00:00 2001 From: Alex Conlin Date: Thu, 3 Dec 2015 22:14:43 +0000 Subject: [PATCH 04/37] Fix typo in README.rst --- README.rst | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.rst b/README.rst index 018b343fd..f25dc1956 100644 --- a/README.rst +++ b/README.rst @@ -128,7 +128,7 @@ launch. The client requires root access in order to write to bind to ports 80 and 443 (if you use the ``standalone`` plugin) and to read and modify webserver configurations (if you use the ``apache`` or ``nginx`` plugins). If none of these apply to you, it is theoretically possible to run -without root privilegess, but for most users who want to avoid running an ACME +without root privileges, but for most users who want to avoid running an ACME client as root, either `letsencrypt-nosudo `_ or `simp_le `_ are more appropriate choices. From 3add88c64173b6b551018c9939e89a9153c39955 Mon Sep 17 00:00:00 2001 From: Peter Eckersley Date: Thu, 3 Dec 2015 15:25:54 -0800 Subject: [PATCH 05/37] Add another apache conf test case --- .../failing/two-blocks-one-line-1693.conf | 28 +++++++++++++++++++ 1 file changed, 28 insertions(+) create mode 100644 tests/apache-conf-files/failing/two-blocks-one-line-1693.conf diff --git a/tests/apache-conf-files/failing/two-blocks-one-line-1693.conf b/tests/apache-conf-files/failing/two-blocks-one-line-1693.conf new file mode 100644 index 000000000..5d3cef423 --- /dev/null +++ b/tests/apache-conf-files/failing/two-blocks-one-line-1693.conf @@ -0,0 +1,28 @@ + + + ServerAdmin info@somethingnewentertainment.com + ServerName somethingnewentertainment.com + DocumentRoot /var/www/html + + ErrorLog /var/log/apache2/error.log + CustomLog /var/log/apache2/access.log combined + + SSLEngine on + SSLProtocol all -SSLv2 -SSLv3 + SSLHonorCipherOrder on + SSLCipherSuite "EECDH+ECDSA+AESGCM EECDH+aRSA+AESGCM EECDH+ECDSA+SHA384 EEC DH+ECDSA+SHA256 EECDH+aRSA+SHA384 EECDH+aRSA+SHA256 EECDH+aRSA+RC4 EECDH EDH+aRS A RC4 !aNULL !eNULL !LOW !3DES !MD5 !EXP !PSK !SRP !DSS !RC4" + + SSLCertificateFile /etc/ssl/certs/ssl-cert-snakeoil.pem + SSLCertificateKeyFile /etc/ssl/private/ssl-cert-snakeoil.key + + + SSLOptions +StdEnvVars + + + SSLOptions +StdEnvVars + + BrowserMatch "MSIE [2-6]" \ + nokeepalive ssl-unclean-shutdown \ + downgrade-1.0 force-response-1.0 + BrowserMatch "MSIE [17-9]" ssl-unclean-shutdown + From a4396b89a7ab89635845816d4d05cddccfb963df Mon Sep 17 00:00:00 2001 From: j Date: Thu, 3 Dec 2015 19:14:21 +0100 Subject: [PATCH 06/37] Remove ! at end of url (fixes open url in gnome-terminal) The ! at the end of the url is parsed as part of the url if one uses "Open Link" in gnome-terminal. --- letsencrypt/display/ops.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/letsencrypt/display/ops.py b/letsencrypt/display/ops.py index 038ad6fdc..5c8c543b0 100644 --- a/letsencrypt/display/ops.py +++ b/letsencrypt/display/ops.py @@ -245,7 +245,7 @@ def success_installation(domains): """ util(interfaces.IDisplay).notification( - "Congratulations! You have successfully enabled {0}!{1}{1}" + "Congratulations! You have successfully enabled {0}{1}{1}" "You should test your configuration at:{1}{2}".format( _gen_https_names(domains), os.linesep, From 3a4d36e062c1f1f086685479fc1e0809c196a5b5 Mon Sep 17 00:00:00 2001 From: lord63 Date: Fri, 4 Dec 2015 10:21:07 +0800 Subject: [PATCH 07/37] Fix typo in README.rst and docs/using.rst --- README.rst | 2 +- docs/using.rst | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/README.rst b/README.rst index f25dc1956..d1f5d3428 100644 --- a/README.rst +++ b/README.rst @@ -27,7 +27,7 @@ If ``letsencrypt`` is packaged for your OS, you can install it from there, and run it by typing ``letsencrypt``. Because not all operating systems have packages yet, we provide a temporary solution via the ``letsencrypt-auto`` wrapper script, which obtains some dependencies from your OS and puts others -in an python virtual environment:: +in a python virtual environment:: user@webserver:~$ git clone https://github.com/letsencrypt/letsencrypt user@webserver:~$ cd letsencrypt diff --git a/docs/using.rst b/docs/using.rst index b546e3005..211eb78c8 100644 --- a/docs/using.rst +++ b/docs/using.rst @@ -286,7 +286,7 @@ get support on our `forums `_. If you find a bug in the software, please do report it in our `issue tracker `_. Remember to -give us us as much information as possible: +give us as much information as possible: - copy and paste exact command line used and the output (though mind that the latter might include some personally identifiable From 869c3741c51126a98187eb6cce2d5ea751a35416 Mon Sep 17 00:00:00 2001 From: Marius Gedminas Date: Fri, 4 Dec 2015 12:03:33 +0200 Subject: [PATCH 08/37] Typo: Apacche -> Apache --- letsencrypt-apache/letsencrypt_apache/augeas_lens/README | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/letsencrypt-apache/letsencrypt_apache/augeas_lens/README b/letsencrypt-apache/letsencrypt_apache/augeas_lens/README index fc803a776..f801efd43 100644 --- a/letsencrypt-apache/letsencrypt_apache/augeas_lens/README +++ b/letsencrypt-apache/letsencrypt_apache/augeas_lens/README @@ -1,2 +1,2 @@ Let's Encrypt includes the very latest Augeas lenses in order to ship bug fixes -to Apacche configuration handling bugs as quickly as possible +to Apache configuration handling bugs as quickly as possible From b4e0dfe5a8b71f004138ca8fdb7587e325569341 Mon Sep 17 00:00:00 2001 From: Seppe Stas Date: Fri, 4 Dec 2015 11:20:50 +0100 Subject: [PATCH 09/37] Fixed small typo --- README.rst | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.rst b/README.rst index f25dc1956..d1f5d3428 100644 --- a/README.rst +++ b/README.rst @@ -27,7 +27,7 @@ If ``letsencrypt`` is packaged for your OS, you can install it from there, and run it by typing ``letsencrypt``. Because not all operating systems have packages yet, we provide a temporary solution via the ``letsencrypt-auto`` wrapper script, which obtains some dependencies from your OS and puts others -in an python virtual environment:: +in a python virtual environment:: user@webserver:~$ git clone https://github.com/letsencrypt/letsencrypt user@webserver:~$ cd letsencrypt From ffa4eebd900a3c5ed177933779a006d385a97151 Mon Sep 17 00:00:00 2001 From: Brandon Kraft Date: Fri, 4 Dec 2015 14:11:08 -0600 Subject: [PATCH 10/37] Correct typo in --register-unsafely-without-email --- letsencrypt/cli.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/letsencrypt/cli.py b/letsencrypt/cli.py index 3652f828f..348818368 100644 --- a/letsencrypt/cli.py +++ b/letsencrypt/cli.py @@ -855,7 +855,7 @@ def prepare_and_parse_args(plugins, args): "email address. This is strongly discouraged, because in the " "event of key loss or account compromise you will irrevocably " "lose access to your account. You will also be unable to receive " - "notice about impending expiration of revocation of your " + "notice about impending expiration or revocation of your " "certificates. Updates to the Subscriber Agreement will still " "affect you, and will be effective 14 days after posting an " "update to the web site.") From df49c661247ca1f8adb235e654332dc3fbf92616 Mon Sep 17 00:00:00 2001 From: Travis Raines Date: Fri, 4 Dec 2015 22:22:32 -0800 Subject: [PATCH 11/37] Added a descriptive error if domain list includes a Unicode-encoded IDN --- letsencrypt/configuration.py | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/letsencrypt/configuration.py b/letsencrypt/configuration.py index a2a54d2d0..f2221bfcb 100644 --- a/letsencrypt/configuration.py +++ b/letsencrypt/configuration.py @@ -144,6 +144,15 @@ def _check_config_domain_sanity(domains): if any("xn--" in d for d in domains): raise errors.ConfigurationError( "Punycode domains are not supported") + + # Unicode + try: + for domain in domains: + domain.encode('ascii',errors='strict') + except UnicodeDecodeError: + raise errors.ConfigurationError( + "Internationalized domain names are not supported") + # FQDN checks from # http://www.mkyong.com/regular-expressions/domain-name-regular-expression-example/ # Characters used, domain parts < 63 chars, tld > 1 < 64 chars From 2f71b2c0bee4c2abd76f76cacd1a3cf2ac56c1e9 Mon Sep 17 00:00:00 2001 From: Travis Raines Date: Fri, 4 Dec 2015 22:44:17 -0800 Subject: [PATCH 12/37] fixing whitespace lint and version incompatibility at once! --- letsencrypt/configuration.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/letsencrypt/configuration.py b/letsencrypt/configuration.py index f2221bfcb..69778f5f0 100644 --- a/letsencrypt/configuration.py +++ b/letsencrypt/configuration.py @@ -148,7 +148,7 @@ def _check_config_domain_sanity(domains): # Unicode try: for domain in domains: - domain.encode('ascii',errors='strict') + domain.encode('ascii') except UnicodeDecodeError: raise errors.ConfigurationError( "Internationalized domain names are not supported") From 753022d8e36f2794696a9fde17d3f535961fa3eb Mon Sep 17 00:00:00 2001 From: Gene Wood Date: Sat, 5 Dec 2015 11:02:14 -0800 Subject: [PATCH 13/37] Clarify error messages with acronym DV --- acme/acme/messages.py | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/acme/acme/messages.py b/acme/acme/messages.py index 0b9ea8105..0b73864ec 100644 --- a/acme/acme/messages.py +++ b/acme/acme/messages.py @@ -22,12 +22,14 @@ class Error(jose.JSONObjectWithFields, errors.Error): ('urn:acme:error:' + name, description) for name, description in ( ('badCSR', 'The CSR is unacceptable (e.g., due to a short key)'), ('badNonce', 'The client sent an unacceptable anti-replay nonce'), - ('connection', 'The server could not connect to the client for DV'), + ('connection', 'The server could not connect to the client to ' + 'verify the domain'), ('dnssec', 'The server could not validate a DNSSEC signed domain'), ('malformed', 'The request message was malformed'), ('rateLimited', 'There were too many requests of a given type'), ('serverInternal', 'The server experienced an internal error'), - ('tls', 'The server experienced a TLS error during DV'), + ('tls', 'The server experienced a TLS error during domain ' + 'verification'), ('unauthorized', 'The client lacks sufficient authorization'), ('unknownHost', 'The server could not resolve a domain name'), ) From 55097af38abe271521e791559bb24f3adbd56a80 Mon Sep 17 00:00:00 2001 From: Nelson Elhage Date: Sat, 5 Dec 2015 11:03:58 -0800 Subject: [PATCH 14/37] Document passing domains via config file. closes #1771 --- examples/cli.ini | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/examples/cli.ini b/examples/cli.ini index a20764ed8..c8678f89c 100644 --- a/examples/cli.ini +++ b/examples/cli.ini @@ -11,6 +11,10 @@ server = https://acme-staging.api.letsencrypt.org/directory # Uncomment and update to register with the specified e-mail address # email = foo@example.com +# Uncommon and update to generate certificates for the specified +# domains. +# domains = example.com, www.example.com + # Uncomment to use a text interface instead of ncurses # text = True From cb6ecea087e9a83a8bf5e4452c498f8cdb57f9e1 Mon Sep 17 00:00:00 2001 From: Nelson Elhage Date: Sat, 5 Dec 2015 11:35:54 -0800 Subject: [PATCH 15/37] Fix a typo in example config file. --- examples/cli.ini | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/examples/cli.ini b/examples/cli.ini index c8678f89c..6b6b05d7d 100644 --- a/examples/cli.ini +++ b/examples/cli.ini @@ -11,7 +11,7 @@ server = https://acme-staging.api.letsencrypt.org/directory # Uncomment and update to register with the specified e-mail address # email = foo@example.com -# Uncommon and update to generate certificates for the specified +# Uncomment and update to generate certificates for the specified # domains. # domains = example.com, www.example.com From f2a93e00ea023768592be25c62691cef74be8181 Mon Sep 17 00:00:00 2001 From: Devin Howard Date: Sun, 6 Dec 2015 18:20:11 +0800 Subject: [PATCH 16/37] Mention the --renew-by-default flag I was going crazy looking for this flag - I think it's worth a mention in the Renewal section --- docs/using.rst | 9 +++++---- 1 file changed, 5 insertions(+), 4 deletions(-) diff --git a/docs/using.rst b/docs/using.rst index b546e3005..6e15d2cf2 100644 --- a/docs/using.rst +++ b/docs/using.rst @@ -173,10 +173,11 @@ Renewal In order to renew certificates simply call the ``letsencrypt`` (or letsencrypt-auto_) again, and use the same values when prompted. You can automate it slightly by passing necessary flags on the CLI (see -`--help all`), or even further using the :ref:`config-file`. If you're -sure that UI doesn't prompt for any details you can add the command to -``crontab`` (make it less than every 90 days to avoid problems, say -every month). +`--help all`), or even further using the :ref:`config-file`. The +``--renew-by-default`` flag may be helpful for automating renewal. If +you're sure that UI doesn't prompt for any details you can add the +command to ``crontab`` (make it less than every 90 days to avoid +problems, say every month). Please note that the CA will send notification emails to the address you provide if you do not renew certificates that are about to expire. From f1a50b08fb86974e0f907453a498ab7526fce906 Mon Sep 17 00:00:00 2001 From: Sveder Date: Mon, 7 Dec 2015 02:02:47 +0200 Subject: [PATCH 17/37] Changed freenode to link straight to the web IRC page for the letsencrypt channel. --- README.rst | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.rst b/README.rst index d1f5d3428..57908e90f 100644 --- a/README.rst +++ b/README.rst @@ -163,5 +163,5 @@ Current Features * Free and Open Source Software, made with Python. -.. _Freenode: https://freenode.net +.. _Freenode: https://webchat.freenode.net?channels=%23letsencrypt .. _client-dev: https://groups.google.com/a/letsencrypt.org/forum/#!forum/client-dev From 312669c64d1fc05716cd892d3579b0cf6b51d15b Mon Sep 17 00:00:00 2001 From: Dominic Cleal Date: Mon, 7 Dec 2015 10:20:03 +0000 Subject: [PATCH 18/37] Merge Augeas lens fix for closing multiple sections on one line From https://github.com/hercules-team/augeas/commit/f44a7a55cc7162beced99659234eb078a8d20e1d Closes: #1693 --- letsencrypt-apache/letsencrypt_apache/augeas_lens/httpd.aug | 2 +- .../{failing => passing}/two-blocks-one-line-1693.conf | 0 2 files changed, 1 insertion(+), 1 deletion(-) rename tests/apache-conf-files/{failing => passing}/two-blocks-one-line-1693.conf (100%) diff --git a/letsencrypt-apache/letsencrypt_apache/augeas_lens/httpd.aug b/letsencrypt-apache/letsencrypt_apache/augeas_lens/httpd.aug index 30d8ca501..dc30464a8 100644 --- a/letsencrypt-apache/letsencrypt_apache/augeas_lens/httpd.aug +++ b/letsencrypt-apache/letsencrypt_apache/augeas_lens/httpd.aug @@ -91,7 +91,7 @@ let section (body:lens) = indent . dels "" ">" . eol ] + [ indent . dels "<" . square kword inner dword . del />[ \t\n\r]*/ ">\n" ] let rec content = section (content|directive) diff --git a/tests/apache-conf-files/failing/two-blocks-one-line-1693.conf b/tests/apache-conf-files/passing/two-blocks-one-line-1693.conf similarity index 100% rename from tests/apache-conf-files/failing/two-blocks-one-line-1693.conf rename to tests/apache-conf-files/passing/two-blocks-one-line-1693.conf From 2d5d4a65c45ea379f847bcd9effd9c05a4b50556 Mon Sep 17 00:00:00 2001 From: Joona Hoikkala Date: Mon, 7 Dec 2015 15:07:27 +0200 Subject: [PATCH 19/37] Moved domain check to le_util --- letsencrypt/configuration.py | 40 +++--------------------------------- letsencrypt/le_util.py | 34 ++++++++++++++++++++++++++++++ 2 files changed, 37 insertions(+), 37 deletions(-) diff --git a/letsencrypt/configuration.py b/letsencrypt/configuration.py index 69778f5f0..6de529981 100644 --- a/letsencrypt/configuration.py +++ b/letsencrypt/configuration.py @@ -8,6 +8,7 @@ import zope.interface from letsencrypt import constants from letsencrypt import errors from letsencrypt import interfaces +from letsencrypt import le_util class NamespaceConfig(object): @@ -123,40 +124,5 @@ def check_config_sanity(config): # Domain checks if config.namespace.domains is not None: - _check_config_domain_sanity(config.namespace.domains) - - -def _check_config_domain_sanity(domains): - """Helper method for check_config_sanity which validates - domain flag values and errors out if the requirements are not met. - - :param domains: List of domains - :type domains: `list` of `string` - :raises ConfigurationError: for invalid domains and cases where Let's - Encrypt currently will not issue certificates - - """ - # Check if there's a wildcard domain - if any(d.startswith("*.") for d in domains): - raise errors.ConfigurationError( - "Wildcard domains are not supported") - # Punycode - if any("xn--" in d for d in domains): - raise errors.ConfigurationError( - "Punycode domains are not supported") - - # Unicode - try: - for domain in domains: - domain.encode('ascii') - except UnicodeDecodeError: - raise errors.ConfigurationError( - "Internationalized domain names are not supported") - - # FQDN checks from - # http://www.mkyong.com/regular-expressions/domain-name-regular-expression-example/ - # Characters used, domain parts < 63 chars, tld > 1 < 64 chars - # first and last char is not "-" - fqdn = re.compile("^((?!-)[A-Za-z0-9-]{1,63}(? 1 < 64 chars + # first and last char is not "-" + fqdn = re.compile("^((?!-)[A-Za-z0-9-]{1,63}(? Date: Mon, 7 Dec 2015 15:37:09 +0200 Subject: [PATCH 20/37] Added domain checks for apache installer --- letsencrypt-apache/letsencrypt_apache/configurator.py | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/letsencrypt-apache/letsencrypt_apache/configurator.py b/letsencrypt-apache/letsencrypt_apache/configurator.py index 98b0b8820..50e5ed6be 100644 --- a/letsencrypt-apache/letsencrypt_apache/configurator.py +++ b/letsencrypt-apache/letsencrypt_apache/configurator.py @@ -369,7 +369,13 @@ class ApacheConfigurator(augeas_configurator.AugeasConfigurator): vhost_macro = [] for vhost in self.vhosts: - all_names.update(vhost.get_names()) + # Check domains for validity + for name in vhost.get_names(): + try: + le_util.check_domain_sanity(name) + all_names.add(name) + except errors.ConfigurationError: + pass if vhost.modmacro: vhost_macro.append(vhost.filep) From 82f71cba9ba0df6f639c996a64dcd4e5122a39a6 Mon Sep 17 00:00:00 2001 From: Joona Hoikkala Date: Mon, 7 Dec 2015 16:02:27 +0200 Subject: [PATCH 21/37] Linter fixes --- letsencrypt/configuration.py | 1 - letsencrypt/le_util.py | 2 +- 2 files changed, 1 insertion(+), 2 deletions(-) diff --git a/letsencrypt/configuration.py b/letsencrypt/configuration.py index 6de529981..afd5edbe4 100644 --- a/letsencrypt/configuration.py +++ b/letsencrypt/configuration.py @@ -1,7 +1,6 @@ """Let's Encrypt user-supplied configuration.""" import os import urlparse -import re import zope.interface diff --git a/letsencrypt/le_util.py b/letsencrypt/le_util.py index 97f983ea2..e5e252871 100644 --- a/letsencrypt/le_util.py +++ b/letsencrypt/le_util.py @@ -313,4 +313,4 @@ def check_domain_sanity(domain): # first and last char is not "-" fqdn = re.compile("^((?!-)[A-Za-z0-9-]{1,63}(? Date: Mon, 7 Dec 2015 16:05:53 +0200 Subject: [PATCH 22/37] Corrected tests to reflect the removal of wildcard domains etc. --- .../letsencrypt_apache/tests/configurator_test.py | 11 +++++++++-- 1 file changed, 9 insertions(+), 2 deletions(-) diff --git a/letsencrypt-apache/letsencrypt_apache/tests/configurator_test.py b/letsencrypt-apache/letsencrypt_apache/tests/configurator_test.py index fcccfaae2..986b060f5 100644 --- a/letsencrypt-apache/letsencrypt_apache/tests/configurator_test.py +++ b/letsencrypt-apache/letsencrypt_apache/tests/configurator_test.py @@ -64,7 +64,7 @@ class TwoVhost80Test(util.ApacheTest): mock_getutility.notification = mock.MagicMock(return_value=True) names = self.config.get_all_names() self.assertEqual(names, set( - ["letsencrypt.demo", "encryption-example.demo", "ip-172-30-0-17"])) + ["letsencrypt.demo", "encryption-example.demo"])) @mock.patch("zope.component.getUtility") @mock.patch("letsencrypt_apache.configurator.socket.gethostbyaddr") @@ -82,7 +82,7 @@ class TwoVhost80Test(util.ApacheTest): self.config.vhosts.append(vhost) names = self.config.get_all_names() - self.assertEqual(len(names), 5) + self.assertEqual(len(names), 4) self.assertTrue("zombo.com" in names) self.assertTrue("google.com" in names) self.assertTrue("letsencrypt.demo" in names) @@ -90,10 +90,17 @@ class TwoVhost80Test(util.ApacheTest): def test_add_servernames_alias(self): self.config.parser.add_dir( self.vh_truth[2].path, "ServerAlias", ["*.le.co"]) + self.config.parser.add_dir( + self.vh_truth[0].path, "ServerAlias", ["working.example.com"]) + self.config._add_servernames(self.vh_truth[2]) # pylint: disable=protected-access + self.config._add_servernames(self.vh_truth[0]) # pylint: disable=protected-access self.assertEqual( self.vh_truth[2].get_names(), set(["*.le.co", "ip-172-30-0-17"])) + self.assertEqual( + self.vh_truth[0].get_names(), set(["working.example.com", + "encryption-example.demo"])) def test_get_virtual_hosts(self): """Make sure all vhosts are being properly found. From d81620ccdd0e1eb3a07f3a2013bb8108e336d56b Mon Sep 17 00:00:00 2001 From: Viktor Szakats Date: Tue, 8 Dec 2015 02:49:59 +0100 Subject: [PATCH 23/37] _rpm_common.sh: minor typo --- bootstrap/_rpm_common.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/bootstrap/_rpm_common.sh b/bootstrap/_rpm_common.sh index b975da444..411d7bd92 100755 --- a/bootstrap/_rpm_common.sh +++ b/bootstrap/_rpm_common.sh @@ -2,7 +2,7 @@ # Tested with: # - Fedora 22, 23 (x64) -# - Centos 7 (x64: onD igitalOcean droplet) +# - Centos 7 (x64: on DigitalOcean droplet) if type dnf 2>/dev/null then From 51a5d7ceb085ac03593adafc63bfb6357d96eb34 Mon Sep 17 00:00:00 2001 From: Joona Hoikkala Date: Tue, 8 Dec 2015 09:05:11 +0200 Subject: [PATCH 24/37] Move validation code to main client --- letsencrypt/display/ops.py | 19 ++++++++++++++++++- 1 file changed, 18 insertions(+), 1 deletion(-) diff --git a/letsencrypt/display/ops.py b/letsencrypt/display/ops.py index 038ad6fdc..ca9c8c126 100644 --- a/letsencrypt/display/ops.py +++ b/letsencrypt/display/ops.py @@ -186,7 +186,8 @@ def choose_names(installer): logger.debug("No installer, picking names manually") return _choose_names_manually() - names = list(installer.get_all_names()) + domains = list(installer.get_all_names()) + names = get_valid_domains(domains) if not names: manual = util(interfaces.IDisplay).yesno( @@ -207,6 +208,22 @@ def choose_names(installer): else: return [] +def get_valid_domains(self, domains): + """Helper method for choose_names that implements basic checks + on domain names + + :param list domains: Domain names to validate + :return: List of valid domains + :rtype: list + """ + valid_domains = [] + for domain in domains: + try: + le_util.check_domain_sanity(domain) + valid_domains.append(domain) + except errors.ConfigurationError: + continue + return valid_domains def _filter_names(names): """Determine which names the user would like to select from a list. From d8b83bc478ac3ff875a604ce315c16c593e36170 Mon Sep 17 00:00:00 2001 From: Joona Hoikkala Date: Tue, 8 Dec 2015 09:05:33 +0200 Subject: [PATCH 25/37] Revert "Corrected tests to reflect the removal of wildcard domains etc." This reverts commit 53a4d0725dbf0c5f728094dc318f491c9478effd. --- .../letsencrypt_apache/tests/configurator_test.py | 11 ++--------- 1 file changed, 2 insertions(+), 9 deletions(-) diff --git a/letsencrypt-apache/letsencrypt_apache/tests/configurator_test.py b/letsencrypt-apache/letsencrypt_apache/tests/configurator_test.py index 986b060f5..fcccfaae2 100644 --- a/letsencrypt-apache/letsencrypt_apache/tests/configurator_test.py +++ b/letsencrypt-apache/letsencrypt_apache/tests/configurator_test.py @@ -64,7 +64,7 @@ class TwoVhost80Test(util.ApacheTest): mock_getutility.notification = mock.MagicMock(return_value=True) names = self.config.get_all_names() self.assertEqual(names, set( - ["letsencrypt.demo", "encryption-example.demo"])) + ["letsencrypt.demo", "encryption-example.demo", "ip-172-30-0-17"])) @mock.patch("zope.component.getUtility") @mock.patch("letsencrypt_apache.configurator.socket.gethostbyaddr") @@ -82,7 +82,7 @@ class TwoVhost80Test(util.ApacheTest): self.config.vhosts.append(vhost) names = self.config.get_all_names() - self.assertEqual(len(names), 4) + self.assertEqual(len(names), 5) self.assertTrue("zombo.com" in names) self.assertTrue("google.com" in names) self.assertTrue("letsencrypt.demo" in names) @@ -90,17 +90,10 @@ class TwoVhost80Test(util.ApacheTest): def test_add_servernames_alias(self): self.config.parser.add_dir( self.vh_truth[2].path, "ServerAlias", ["*.le.co"]) - self.config.parser.add_dir( - self.vh_truth[0].path, "ServerAlias", ["working.example.com"]) - self.config._add_servernames(self.vh_truth[2]) # pylint: disable=protected-access - self.config._add_servernames(self.vh_truth[0]) # pylint: disable=protected-access self.assertEqual( self.vh_truth[2].get_names(), set(["*.le.co", "ip-172-30-0-17"])) - self.assertEqual( - self.vh_truth[0].get_names(), set(["working.example.com", - "encryption-example.demo"])) def test_get_virtual_hosts(self): """Make sure all vhosts are being properly found. From e891624cb1159c498167fa76c8225c3176fcf4b4 Mon Sep 17 00:00:00 2001 From: Joona Hoikkala Date: Tue, 8 Dec 2015 09:07:17 +0200 Subject: [PATCH 26/37] Revert "Added domain checks for apache installer" This reverts commit 5dcd5088273dcf4dcb402bcd8a69a655d29fa383. --- letsencrypt-apache/letsencrypt_apache/configurator.py | 8 +------- 1 file changed, 1 insertion(+), 7 deletions(-) diff --git a/letsencrypt-apache/letsencrypt_apache/configurator.py b/letsencrypt-apache/letsencrypt_apache/configurator.py index 50e5ed6be..98b0b8820 100644 --- a/letsencrypt-apache/letsencrypt_apache/configurator.py +++ b/letsencrypt-apache/letsencrypt_apache/configurator.py @@ -369,13 +369,7 @@ class ApacheConfigurator(augeas_configurator.AugeasConfigurator): vhost_macro = [] for vhost in self.vhosts: - # Check domains for validity - for name in vhost.get_names(): - try: - le_util.check_domain_sanity(name) - all_names.add(name) - except errors.ConfigurationError: - pass + all_names.update(vhost.get_names()) if vhost.modmacro: vhost_macro.append(vhost.filep) From 3c1c3c3e8dbf6b0ae7e50032c76a25a4fba7f992 Mon Sep 17 00:00:00 2001 From: Joona Hoikkala Date: Tue, 8 Dec 2015 09:31:47 +0200 Subject: [PATCH 27/37] Import and non-classmethod fix --- letsencrypt/display/ops.py | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/letsencrypt/display/ops.py b/letsencrypt/display/ops.py index ca9c8c126..941a0a114 100644 --- a/letsencrypt/display/ops.py +++ b/letsencrypt/display/ops.py @@ -4,6 +4,7 @@ import os import zope.component +from letsencrypt import errors from letsencrypt import interfaces from letsencrypt import le_util from letsencrypt.display import util as display_util @@ -208,7 +209,7 @@ def choose_names(installer): else: return [] -def get_valid_domains(self, domains): +def get_valid_domains(domains): """Helper method for choose_names that implements basic checks on domain names From 0fb4f7dc8bde20afc6746b14438aa65c356eff07 Mon Sep 17 00:00:00 2001 From: Joona Hoikkala Date: Tue, 8 Dec 2015 09:32:02 +0200 Subject: [PATCH 28/37] Tests for domain validation --- letsencrypt/tests/display/ops_test.py | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/letsencrypt/tests/display/ops_test.py b/letsencrypt/tests/display/ops_test.py index b0b905c33..60874a007 100644 --- a/letsencrypt/tests/display/ops_test.py +++ b/letsencrypt/tests/display/ops_test.py @@ -385,7 +385,17 @@ class ChooseNamesTest(unittest.TestCase): self.assertEqual(self._call(self.mock_install), []) + def test_get_valid_domains(self): + from letsencrypt.display_ops import get_valid_domains + all_valid = ["example.com", "second.example.com", + "also.example.com"] + all_invalid = ["xn--ls8h.tld", "*.wildcard.com", "notFQDN"] + two_valid = ["example.com", "xn--ls8h.tld", "also.example.com"] + self.assertEqual(get_valid_domains(all_valid), all_valid) + self.assertEqual(get_valid_domains(all_invalid), []) + self.assertEqual(len(get_valid_domains(two_valid)), 2) + class SuccessInstallationTest(unittest.TestCase): # pylint: disable=too-few-public-methods """Test the success installation message.""" From 5c8b493eda2e5fa707ed6299d2ee932e7921a467 Mon Sep 17 00:00:00 2001 From: Joona Hoikkala Date: Tue, 8 Dec 2015 09:54:56 +0200 Subject: [PATCH 29/37] Whitespace and dot fix --- letsencrypt/tests/display/ops_test.py | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/letsencrypt/tests/display/ops_test.py b/letsencrypt/tests/display/ops_test.py index 60874a007..5958b37a1 100644 --- a/letsencrypt/tests/display/ops_test.py +++ b/letsencrypt/tests/display/ops_test.py @@ -386,7 +386,7 @@ class ChooseNamesTest(unittest.TestCase): self.assertEqual(self._call(self.mock_install), []) def test_get_valid_domains(self): - from letsencrypt.display_ops import get_valid_domains + from letsencrypt.display.ops import get_valid_domains all_valid = ["example.com", "second.example.com", "also.example.com"] all_invalid = ["xn--ls8h.tld", "*.wildcard.com", "notFQDN"] @@ -395,7 +395,7 @@ class ChooseNamesTest(unittest.TestCase): self.assertEqual(get_valid_domains(all_invalid), []) self.assertEqual(len(get_valid_domains(two_valid)), 2) - + class SuccessInstallationTest(unittest.TestCase): # pylint: disable=too-few-public-methods """Test the success installation message.""" From f479497d6c7ab44d3b34dc800bf583e46634dcf7 Mon Sep 17 00:00:00 2001 From: Dominic Cleal Date: Mon, 7 Dec 2015 10:53:15 +0000 Subject: [PATCH 30/37] Add failing test from ticket #1766 Augeas fails to parse the wordlist (args inside braces) in the SSLRequire directive. --- tests/apache-conf-files/failing/sslrequire-wordlist.conf | 1 + 1 file changed, 1 insertion(+) create mode 100644 tests/apache-conf-files/failing/sslrequire-wordlist.conf diff --git a/tests/apache-conf-files/failing/sslrequire-wordlist.conf b/tests/apache-conf-files/failing/sslrequire-wordlist.conf new file mode 100644 index 000000000..1c06d5497 --- /dev/null +++ b/tests/apache-conf-files/failing/sslrequire-wordlist.conf @@ -0,0 +1 @@ +SSLRequire %{SSL_CLIENT_S_DN_CN} in {"foo@bar.com", "bar@foo.com"} From d7616461676d145ed361588499f1b0c96739ed4a Mon Sep 17 00:00:00 2001 From: Dominic Cleal Date: Tue, 8 Dec 2015 08:04:10 +0000 Subject: [PATCH 31/37] Merge Augeas lens fix for SSLRequire wordlists From https://github.com/hercules-team/augeas/commit/f86a28d03a5c42a6c58293667a95d7794e30a42f Closes: #1766 --- .../letsencrypt_apache/augeas_lens/httpd.aug | 14 ++++++++++++-- .../{failing => passing}/sslrequire-wordlist.conf | 0 2 files changed, 12 insertions(+), 2 deletions(-) rename tests/apache-conf-files/{failing => passing}/sslrequire-wordlist.conf (100%) diff --git a/letsencrypt-apache/letsencrypt_apache/augeas_lens/httpd.aug b/letsencrypt-apache/letsencrypt_apache/augeas_lens/httpd.aug index 83d97f7a4..f54f9fbaa 100644 --- a/letsencrypt-apache/letsencrypt_apache/augeas_lens/httpd.aug +++ b/letsencrypt-apache/letsencrypt_apache/augeas_lens/httpd.aug @@ -59,8 +59,10 @@ let empty = Util.empty_dos let indent = Util.indent (* borrowed from shellvars.aug *) -let char_arg_dir = /([^\\ '"\t\r\n]|[^ '"\t\r\n]+[^\\ '"\t\r\n])|\\\\"|\\\\'/ +let char_arg_dir = /([^\\ '"{\t\r\n]|[^ '"{\t\r\n]+[^\\ '"\t\r\n])|\\\\"|\\\\'/ let char_arg_sec = /[^ '"\t\r\n>]|\\\\"|\\\\'/ +let char_arg_wl = /([^\\ '"},\t\r\n]|[^ '"},\t\r\n]+[^\\ '"},\t\r\n])/ + let cdot = /\\\\./ let cl = /\\\\\n/ let dquot = @@ -77,11 +79,19 @@ let comp = /[<>=]?=/ let arg_dir = [ label "arg" . store (char_arg_dir+|dquot|squot) ] let arg_sec = [ label "arg" . store (char_arg_sec+|comp|dquot|squot) ] +let arg_wl = [ label "arg" . store (char_arg_wl+|dquot|squot) ] + +(* comma-separated wordlist as permitted in the SSLRequire directive *) +let arg_wordlist = + let wl_start = Util.del_str "{" in + let wl_end = Util.del_str "}" in + let wl_sep = del /[ \t]*,[ \t]*/ ", " + in [ label "wordlist" . wl_start . arg_wl . (wl_sep . arg_wl)* . wl_end ] let argv (l:lens) = l . (sep_spc . l)* let directive = [ indent . label "directive" . store word . - (sep_spc . argv arg_dir)? . eol ] + (sep_spc . argv (arg_dir|arg_wordlist))? . eol ] let section (body:lens) = (* opt_eol includes empty lines *) diff --git a/tests/apache-conf-files/failing/sslrequire-wordlist.conf b/tests/apache-conf-files/passing/sslrequire-wordlist.conf similarity index 100% rename from tests/apache-conf-files/failing/sslrequire-wordlist.conf rename to tests/apache-conf-files/passing/sslrequire-wordlist.conf From 0cb80bf7534660d3df30bc12d4b8350e4468dd24 Mon Sep 17 00:00:00 2001 From: Joona Hoikkala Date: Tue, 8 Dec 2015 14:23:46 +0200 Subject: [PATCH 32/37] Better test coverage --- letsencrypt/tests/display/ops_test.py | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/letsencrypt/tests/display/ops_test.py b/letsencrypt/tests/display/ops_test.py index 5958b37a1..30183b955 100644 --- a/letsencrypt/tests/display/ops_test.py +++ b/letsencrypt/tests/display/ops_test.py @@ -1,3 +1,4 @@ +# coding=utf-8 """Test letsencrypt.display.ops.""" import os import sys @@ -389,7 +390,8 @@ class ChooseNamesTest(unittest.TestCase): from letsencrypt.display.ops import get_valid_domains all_valid = ["example.com", "second.example.com", "also.example.com"] - all_invalid = ["xn--ls8h.tld", "*.wildcard.com", "notFQDN"] + all_invalid = ["xn--ls8h.tld", "*.wildcard.com", "notFQDN", + "uniçodé.com"] two_valid = ["example.com", "xn--ls8h.tld", "also.example.com"] self.assertEqual(get_valid_domains(all_valid), all_valid) self.assertEqual(get_valid_domains(all_invalid), []) From 62ea74b9e4a66afedcf4625667e082497b719eea Mon Sep 17 00:00:00 2001 From: Ingolf Becker Date: Tue, 8 Dec 2015 13:22:52 +0000 Subject: [PATCH 33/37] Modify apache plugin to work on setups where apache listens to a specific ip --- .../letsencrypt_apache/configurator.py | 50 +++++++++++++------ .../tests/configurator_test.py | 33 ++++++++++++ 2 files changed, 69 insertions(+), 14 deletions(-) diff --git a/letsencrypt-apache/letsencrypt_apache/configurator.py b/letsencrypt-apache/letsencrypt_apache/configurator.py index 98b0b8820..76045bee1 100644 --- a/letsencrypt-apache/letsencrypt_apache/configurator.py +++ b/letsencrypt-apache/letsencrypt_apache/configurator.py @@ -545,21 +545,43 @@ class ApacheConfigurator(augeas_configurator.AugeasConfigurator): # Check for Listen # Note: This could be made to also look for ip:443 combo - if not self.parser.find_dir("Listen", port): - logger.debug("No Listen %s directive found. Setting the " - "Apache Server to Listen on port %s", port, port) - - if port == "443": - args = [port] + listens = [self.parser.get_arg(x).split()[0] for x in self.parser.find_dir("Listen")] + # In case no Listens are set (which really is a broken apache config) + if not listens: + listens = ["80"] + for listen in listens: + # For any listen statement, check if the machine also listens on Port 443. + # If not, add such a listen statement. + if len(listen.split(":")) == 1: + # Its listening to all interfaces + if port not in listens: + if port == "443": + args = [port] + else: + # Non-standard ports should specify https protocol + args = [port, "https"] + self.parser.add_dir_to_ifmodssl( + parser.get_aug_path( + self.parser.loc["listen"]), "Listen", args) + self.save_notes += "Added Listen %s directive to %s\n" % ( + port, self.parser.loc["listen"]) + listens.append(port) else: - # Non-standard ports should specify https protocol - args = [port, "https"] - - self.parser.add_dir_to_ifmodssl( - parser.get_aug_path( - self.parser.loc["listen"]), "Listen", args) - self.save_notes += "Added Listen %s directive to %s\n" % ( - port, self.parser.loc["listen"]) + # The Listen statement specifies an ip + _, ip = listen[::-1].split(":", 1) + ip = ip[::-1] + if "%s:%s" %(ip, port) not in listens: + if port == "443": + args = ["%s:%s" %(ip, port)] + else: + # Non-standard ports should specify https protocol + args = ["%s:%s" %(ip, port), "https"] + self.parser.add_dir_to_ifmodssl( + parser.get_aug_path( + self.parser.loc["listen"]), "Listen", args) + self.save_notes += "Added Listen %s:%s directive to %s\n" % ( + ip, port, self.parser.loc["listen"]) + listens.append("%s:%s" %(ip, port)) def make_addrs_sni_ready(self, addrs): """Checks to see if the server is ready for SNI challenges. diff --git a/letsencrypt-apache/letsencrypt_apache/tests/configurator_test.py b/letsencrypt-apache/letsencrypt_apache/tests/configurator_test.py index fcccfaae2..991704144 100644 --- a/letsencrypt-apache/letsencrypt_apache/tests/configurator_test.py +++ b/letsencrypt-apache/letsencrypt_apache/tests/configurator_test.py @@ -391,6 +391,39 @@ class TwoVhost80Test(util.ApacheTest): self.assertEqual(mock_add_dir.call_count, 2) + def test_prepare_server_https_named_listen(self): + mock_find = mock.Mock() + mock_find.return_value = ["test1", "test2", "test3"] + mock_get = mock.Mock() + mock_get.side_effect = ["1.2.3.4:80", "[::1]:80", "1.1.1.1:443"] + mock_add_dir = mock.Mock() + mock_enable = mock.Mock() + + self.config.parser.find_dir = mock_find + self.config.parser.get_arg = mock_get + self.config.parser.add_dir_to_ifmodssl = mock_add_dir + self.config.enable_mod = mock_enable + + # Test Listen statements with specific ip listeed + self.config.prepare_server_https("443") + # Should only be 2 here, as the third interface already listens to the correct port + self.assertEqual(mock_add_dir.call_count, 2) + + # Check argument to new Listen statements + self.assertEqual(mock_add_dir.call_args_list[0][0][2], ["1.2.3.4:443"]) + self.assertEqual(mock_add_dir.call_args_list[1][0][2], ["[::1]:443"]) + + # Reset return lists and inputs + mock_add_dir.reset_mock() + mock_get.side_effect = ["1.2.3.4:80", "[::1]:80", "1.1.1.1:443"] + + # Test + self.config.prepare_server_https("8080", temp=True) + self.assertEqual(mock_add_dir.call_count, 3) + self.assertEqual(mock_add_dir.call_args_list[0][0][2], ["1.2.3.4:8080", "https"]) + self.assertEqual(mock_add_dir.call_args_list[1][0][2], ["[::1]:8080", "https"]) + self.assertEqual(mock_add_dir.call_args_list[2][0][2], ["1.1.1.1:8080", "https"]) + def test_make_vhost_ssl(self): ssl_vhost = self.config.make_vhost_ssl(self.vh_truth[0]) From bbd6534744c7c8d91a1be0836c6e069a16eab71b Mon Sep 17 00:00:00 2001 From: Ingolf Becker Date: Tue, 8 Dec 2015 17:56:16 +0000 Subject: [PATCH 34/37] Fixed some pep8 formatting --- .../letsencrypt_apache/configurator.py | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/letsencrypt-apache/letsencrypt_apache/configurator.py b/letsencrypt-apache/letsencrypt_apache/configurator.py index 76045bee1..1d39e7fdf 100644 --- a/letsencrypt-apache/letsencrypt_apache/configurator.py +++ b/letsencrypt-apache/letsencrypt_apache/configurator.py @@ -120,7 +120,7 @@ class ApacheConfigurator(augeas_configurator.AugeasConfigurator): self.version = version self.vhosts = None self._enhance_func = {"redirect": self._enable_redirect, - "ensure-http-header": self._set_http_header} + "ensure-http-header": self._set_http_header} @property def mod_ssl_conf(self): @@ -570,18 +570,18 @@ class ApacheConfigurator(augeas_configurator.AugeasConfigurator): # The Listen statement specifies an ip _, ip = listen[::-1].split(":", 1) ip = ip[::-1] - if "%s:%s" %(ip, port) not in listens: + if "%s:%s" % (ip, port) not in listens: if port == "443": - args = ["%s:%s" %(ip, port)] + args = ["%s:%s" % (ip, port)] else: # Non-standard ports should specify https protocol - args = ["%s:%s" %(ip, port), "https"] + args = ["%s:%s" % (ip, port), "https"] self.parser.add_dir_to_ifmodssl( parser.get_aug_path( self.parser.loc["listen"]), "Listen", args) self.save_notes += "Added Listen %s:%s directive to %s\n" % ( - ip, port, self.parser.loc["listen"]) - listens.append("%s:%s" %(ip, port)) + ip, port, self.parser.loc["listen"]) + listens.append("%s:%s" % (ip, port)) def make_addrs_sni_ready(self, addrs): """Checks to see if the server is ready for SNI challenges. From 006edfdbd1953183d09d8624aeb13bba8e07babe Mon Sep 17 00:00:00 2001 From: Joona Hoikkala Date: Tue, 8 Dec 2015 21:08:30 +0200 Subject: [PATCH 35/37] Wording change to error messages --- letsencrypt/le_util.py | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/letsencrypt/le_util.py b/letsencrypt/le_util.py index e5e252871..7c7f0b7f7 100644 --- a/letsencrypt/le_util.py +++ b/letsencrypt/le_util.py @@ -294,18 +294,18 @@ def check_domain_sanity(domain): # Check if there's a wildcard domain if domain.startswith("*."): raise errors.ConfigurationError( - "Wildcard domains are not supported") + "Wildcard domains are not presently supported") # Punycode if "xn--" in domain: raise errors.ConfigurationError( - "Punycode domains are not supported") + "Punycode domains are not presently supported") # Unicode try: domain.encode('ascii') except UnicodeDecodeError: raise errors.ConfigurationError( - "Internationalized domain names are not supported") + "Internationalized domain names are not presently supported") # FQDN checks from # http://www.mkyong.com/regular-expressions/domain-name-regular-expression-example/ From 05723cbb4afb275ffd27e090b7801ea6d42ef5cf Mon Sep 17 00:00:00 2001 From: Joona Hoikkala Date: Tue, 8 Dec 2015 21:28:23 +0200 Subject: [PATCH 36/37] Fixed wording --- letsencrypt/le_util.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/letsencrypt/le_util.py b/letsencrypt/le_util.py index 7c7f0b7f7..fe63c70af 100644 --- a/letsencrypt/le_util.py +++ b/letsencrypt/le_util.py @@ -294,7 +294,7 @@ def check_domain_sanity(domain): # Check if there's a wildcard domain if domain.startswith("*."): raise errors.ConfigurationError( - "Wildcard domains are not presently supported") + "Wildcard domains are not supported") # Punycode if "xn--" in domain: raise errors.ConfigurationError( From 80901a52d8fe198467b0fb9ec9e65c7a8ae59e9c Mon Sep 17 00:00:00 2001 From: Remi Rampin Date: Wed, 9 Dec 2015 12:26:23 -0500 Subject: [PATCH 37/37] Fix help string for --apache-dismod --- letsencrypt-apache/letsencrypt_apache/configurator.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/letsencrypt-apache/letsencrypt_apache/configurator.py b/letsencrypt-apache/letsencrypt_apache/configurator.py index 1d39e7fdf..0b40a7e38 100644 --- a/letsencrypt-apache/letsencrypt_apache/configurator.py +++ b/letsencrypt-apache/letsencrypt_apache/configurator.py @@ -93,7 +93,7 @@ class ApacheConfigurator(augeas_configurator.AugeasConfigurator): add("enmod", default=constants.CLI_DEFAULTS["enmod"], help="Path to the Apache 'a2enmod' binary.") add("dismod", default=constants.CLI_DEFAULTS["dismod"], - help="Path to the Apache 'a2enmod' binary.") + help="Path to the Apache 'a2dismod' binary.") add("le-vhost-ext", default=constants.CLI_DEFAULTS["le_vhost_ext"], help="SSL vhost configuration extension.") add("server-root", default=constants.CLI_DEFAULTS["server_root"],