upstream/certbot
1
0
Fork 0
mirror of https://github.com/certbot/certbot.git synced 2026-06-07 15:52:08 -04:00
Code Issues Projects Releases Packages Wiki Activity Actions 2
9702 commits 876 branches 156 tags 129 MiB
Commit graph

405 commits

Author SHA1 Message Date
Erica Portnoy
13cc101e1e test last warning case for coverage 2020-03-20 16:49:27 -07:00
Erica Portnoy
92ea6cb049 Make sure we're not throwing away any unwritten changes to the config 2020-03-20 16:20:31 -07:00
Erica Portnoy
3f6f267b2f Reduce warnings while testing by setting mock _openssl_version. 2020-03-20 16:18:55 -07:00
Erica Portnoy
04a64ed451 Add boolean so we don't warn on debian/ubuntu before trying to enable mod_ssl 2020-03-20 16:06:42 -07:00
Erica Portnoy
bc060c997e Call augeas load before reparsing modules to pick up the changes 2020-03-19 17:37:24 -07:00
Erica Portnoy
9fceeec18d Revert test file to status in master. 2020-03-19 15:35:41 -07:00
Erica Portnoy
27af2de356 put </IfModule> on its own line in test case 2020-03-18 16:34:03 -07:00
Erica Portnoy
a03ebb35cf add debug, remove space 2020-03-17 15:19:29 -07:00
Erica Portnoy
34691fe558 patch builtins open 2020-03-12 15:25:08 -07:00
Erica Portnoy
c46ec17a0f string does need to be a literal 2020-03-12 14:16:40 -07:00
Erica Portnoy
7b1f6d483c Use byte literals in a python 2 and 3 compatible way 2020-03-12 12:47:58 -07:00
Erica Portnoy
ff26c3e623 add coverage and lint 2020-03-11 17:36:52 -07:00
Erica Portnoy
01177bf315 use byte regex instead of decoding entire binary 2020-03-11 17:36:35 -07:00
Erica Portnoy
05aa136d47 normalize ssl_module_location path to account for being relative to server root 2020-03-11 17:15:46 -07:00
Erica Portnoy
ed66b891fa read file as bytes, and factor out the open for testing 2020-03-11 16:45:29 -07:00
Erica Portnoy
f8bce99d44 Improve tests with recommended changes 2020-03-11 15:48:42 -07:00
Erica Portnoy
01c851be1c update tests for new warnings 2020-03-11 13:16:49 -07:00
Erica Portnoy
9ab344b31e warn thoroughly and consistently in openssl_version function 2020-03-11 13:09:31 -07:00
Erica Portnoy
b1822aff6c remove now-unnecessary include and pylint disable 2020-03-11 13:02:48 -07:00
Erica Portnoy
5fc288d29c Merge branch 'master' into apache-session-tix 2020-03-11 12:59:07 -07:00
Brad Warren
144d4f2b44 Bump version to 1.4.0 2020-03-03 12:43:04 -08:00
Brad Warren
6edb4e1a39
Release 1.3.0 2020-03-03 12:43:02 -08:00
m0namon
f169c37153
Merge pull request #7742 from osirisinferi/force-non-restrictive-umask 
Force non restrictive umask when creating challenge directory in Apache plugin
 2020-02-26 17:09:20 -08:00
osirisinferi
9819443440
Add test 2020-02-22 15:22:27 +01:00
Brad Warren
42dda355c5
Correct AutoHSTS docs (#7767) 
domains is a list of strings, not a single string.

* Correct AutoHSTS docs.

* Fix Apache enable_autohsts docs.
 2020-02-18 14:54:07 -08:00
Erica Portnoy
d46b561930 Sometimes the dict location will be None in which case we should in fact return None 2020-02-14 14:48:59 -08:00
Erica Portnoy
2864de6185 Switch from property to method for openssl and add tests for coverage. 2020-02-14 14:28:48 -08:00
Erica Portnoy
707511006c Remove subprocess import and reference in test 2020-02-14 13:58:34 -08:00
Erica Portnoy
8858c67ef3 Remove one more implementation assumption from our tests 2020-02-14 13:03:15 -08:00
Erica Portnoy
36fbd2e449 Add mocks to tests 2020-02-14 12:57:56 -08:00
Erica Portnoy
84e067dac9 Clean up more apache tests 2020-02-13 18:42:57 -08:00
Erica Portnoy
f10059d2c6 Merge branch 'master' into apache-session-tix 2020-02-13 18:23:59 -08:00
Erica Portnoy
19396380a1 Reformat remaining apache tests with modules dict syntax 2020-02-13 18:19:08 -08:00
Erica Portnoy
1949953289 Remove extraneous imports 2020-02-13 18:15:43 -08:00
Erica Portnoy
524dc16075 Remove extraneous ability to pass in openssl version, and install ssl options conf again after enabling ssl module 2020-02-13 18:13:32 -08:00
Erica Portnoy
fb0bd9300c don't use strings 2020-02-13 17:28:32 -08:00
Erica Portnoy
6c75064318 debian override still needs os 2020-02-13 17:05:29 -08:00
Erica Portnoy
01b4918b5b Remove os imports 2020-02-13 17:01:05 -08:00
Erica Portnoy
6b9837f69a Check OpenSSL version 2020-02-13 16:51:32 -08:00
Adrien Ferrand
fc7e5e8e60
Remove useless pylint error suppression directives (#7657) 
As pylint is evolving, it improves its accuracy, and several pylint error suppression (`# pylint: disable=ERROR) added in certbot codebase months or years ago are not needed anymore to make it happy.

There is a (disabled by default) pylint error to detect the useless suppressions (pylint-ception: `useless-suppression`). It is not working perfectly (it has also false-positives ...) but it is a good start to clean the codebase.

This PR removes several of these useless suppressions as detected by the current pylint version we use.

* Remove useless suppress

* Remove useless lines
 2020-02-13 13:56:16 -08:00
Erica Portnoy
d0e64328df Add mechanism for selecting apache config file, based on work done in #7191. 2020-02-11 18:31:38 -08:00
ohemorange
c5a2ba03da
Merge pull request #7735 from certbot/apache-parser-v2 
[Apache v2] Merge apache-parser-v2 feature branch back to master
 2020-02-06 15:29:28 -08:00
OsirisInferi
d3a4b8fd8c
Missing import 2020-02-05 22:27:12 +01:00
OsirisInferi
f3ed133744
Wrap makedirs() within exception handelrs 2020-02-05 22:17:29 +01:00
Erica Portnoy
6a4b610269 Bump version to 1.3.0 2020-02-04 14:01:04 -08:00
Erica Portnoy
3907b53b4b
Release 1.2.0 2020-02-04 14:01:02 -08:00
OsirisInferi
86926dff92
Use unrestrictive umask for challenge directory 2020-02-04 19:27:27 +01:00
Joona Hoikkala
882335c7ec
Merge remote-tracking branch 'origin/master' into ap2_to_master 2020-01-30 17:08:16 +02:00
ohemorange
11e402893f
Remove SSLCompression off line from all config options (#7726) 
Based on discussion at https://github.com/certbot/certbot/pull/7712#discussion_r371451761.

* Remove SSLCompression off line from all config options

* Update changelog
 2020-01-29 15:21:17 -08:00
ohemorange
b1a8e7175b Disable old SSL versions and ciphersuites to follow Mozilla recommendations in Apache (#7712) 
Part of #7204.

Makes the smaller changes described at https://github.com/certbot/certbot/issues/7204#issuecomment-571838185 to disable many old ciphersuites and TLS versions < 1.2. Does not add checks for OpenSSL version or modify session tickets.

Since Apache uses TLS protocol blacklisting instead of whitelisting (as in NGINX), we additionally may not need to determine if the server supports TLS1.3 and turn it on or off based on Apache version.

* Update SSL versions and ciphersuites based on Mozilla intermediate recommendations for apache

* Update constants with hashes of new config files

* Update changelog
 2020-01-24 13:37:42 -08:00