Fixes#4535
Extracts the relevant fields using a regex. We considered catching
specific exception types, and referencing their fields, but the types
raised by `requests` are not well documented and may not be long
term stable. If the regex fails to match, for instance due to a change
in the exception message, the new exception message will just be
passed through.
* Hide exceptions that occur during session.close()
This fixes#4840. Exceptions that are raised out of __del__ methods are caught
and printed to stderr. By catching any exceptions that occur, we now prevent
this from happening.
Alternative solutions to this would have been either not calling
session.close() at all or adding a close() method to acme.client.ClientNetwork,
acme.client.Client, and certbot.client.Client and using certbot.client.Client
in a context manager to ensure close() is called. The former means that users
of the ACME library never properly close their connections until their program
exits and the latter adds a lot of complexity and nesting of client code for
little benefit.
* Only catch Exceptions
* Pin oldest version of packaged python deps
* Install security extras in oldest tests
* Revert "bump requests requirement to >=2.10 (#4248)"
This reverts commit 402ad8b353.
* Use create=True when patching open on module
* add TLSSNI01DualNetworkedServers
* use DualNetworkedServers in certbot/plugins/standalone.py
also, make both servers run on the same port.
* make probe_sni connect on ipv6 and ipv4 using None
* mimic BSD-like conditions to get test coverage
* test ServerManager taking into account BSD systems
* pass tests even if python is compiled without ipv6 support
* Add an account deactivate utility script.
This is handy if you created an account with a tool other than Certbot, and want
to deactivate the account.
* Move deactivate.py to tools.
* Add test for ConflictError.
* Fix lint error.
* Document how to set server.
* Move 'jwk' and 'alg' fields to protected header.
Previously, these were in the unprotected JWS header, which Boulder currently
allows. However, the next version of the spec doesn't allow anything in the
unprotected header. Moving these fields now allows server implementers who are
implementing the Certbot/Boulder version of ACME
(https://github.com/letsencrypt/boulder/blob/master/docs/acme-divergences.md) to
use JOSE libraries that don't support unprotected headers.
Fixes#4417.
* Only protect existing headers.
* Mention python 3 support in setup.py
* Build universal (py2 and py3 compatible) wheels
* Mention Python 3.3+ support in docs
* we work on python 3.6 too
* Add url and kid to jws.
This will be required in order to implement the latest ACME spec, which uses
these protected header fields.
* Add comments and fix lint.
* Enforce mutual exclusivity of jwk and kid.
If the updated datetime collides, the comparator of heapq will move
onto the AuthorizationResource value and throws an "unorderable type"
error.
This adds an index value to the element tuple to ensure that they are
always strictly ordered.
It's relatively finicky to make a CSR appropriate to pass to poll_and_request_issuance. I think most users want to be able to give a list of domains and a private key, and get back a CSR. This branch adds that functionality to crypto_util.
Note that the two new functions take arguments, and return values, as PEM-encoded buffers. This is a departure from some existing ACME interfaces that take PyOpenSSL types. I've discussed with the Certbot team, and we agree that this is broadly the direction the ACME API should take, so that users of the module don't need to import PyOpenSSL themselves, or use its primitives.
* Add make_csr.
* accept privkey
* Tweak API.
* Remove make_csr from certbot package.
* Skip test in older Pythons.
* Move get_Extensions call under protection.
* Remove assertIn because not backwards-compatible.
* Fix encoding, and use PEM.
* Fix test
* Fix tests on py35.
* Fix error in test.
* Make import_csr_file always return PEM.
Also delete get_sans_from_csr (unused) and get_names_from_csr (newly unused).
* Fix function doc.
* Fix indent
* Fix call of obtain_certificate_from_Csr
* lint
* Handle review feedback.
* Fix test.
* Initial configuration of mypy in box, correction of base mypy errors.
* Move mypy install to toe
* Add pylint comments for typing imports.
* Remove typing module for Python 2.6 compatibility.
