upstream/certbot
1
0
Fork 0
mirror of https://github.com/certbot/certbot.git synced 2026-06-06 23:32:06 -04:00
Code Issues Projects Releases Packages Wiki Activity Actions 2
9401 commits 876 branches 156 tags 129 MiB
Commit graph

9401 commits

This branch
This branch
All branches
Author SHA1 Message Date
James Kasten
6de8e31bfe Added documentation for functions 2012-07-17 13:41:28 -04:00
Seth Schoen
e857154682 updated modulus blacklisting stuff 2012-07-17 00:33:45 -07:00
Seth Schoen
7fbb146ba6 weak Debian keys, via http://certlogik.com/debian-weak-key-check/ 2012-07-17 00:19:08 -07:00
Seth Schoen
93f7afbf82 no longer use Python hashcash library 2012-07-16 19:26:42 -07:00
Seth Schoen
4352ff0e13 need to import subprocess 2012-07-16 19:25:41 -07:00
Seth Schoen
1b88b67544 use C language hashcash program to generate cash from client 2012-07-16 19:25:27 -07:00
Seth Schoen
bc7b55d0d6 client supports servername as command-line argument 2012-07-16 15:13:50 -07:00
Seth Schoen
62c2f5fa49 function name collision 2012-07-16 15:13:06 -07:00
Seth Schoen
ac0defac00 remove client-side dependency on CSR.py 2012-07-16 15:11:10 -07:00
Seth Schoen
e70424dd4a database-backed blacklisting of moduli and names 2012-07-16 15:02:07 -07:00
Seth Schoen
acd5a77fc3 make the process faster by reducing delay times 2012-07-15 16:37:39 -07:00
Seth Schoen
f07275a99d another comment on locking 2012-07-15 16:33:23 -07:00
Seth Schoen
ad71e39d31 simplify by removing hashes of random numbers 
There may be circumstances where hashing random numbers might be
useful, but in order to justify it we would need to know something
about the generator that provides them.  However, checking with
strace shows that the CSPRNG in Crypto.Random may not reseed its
entropy enough, so we might ultimately want to use a different one.
It only reseeds 8 bytes per call even if you read megabytes of
random numbers from it!
 2012-07-15 16:16:28 -07:00
Seth Schoen
a5c70283e8 wait after performing challenge, in the hope the server notices the first time 2012-07-14 23:34:39 -07:00
Seth Schoen
f2a3f830e6 right now challenges get issued pretty fast; polldelay = 10 seems high 2012-07-14 23:30:01 -07:00
Seth Schoen
1019a47b31 oops, confused module name and class name 2012-07-14 23:02:55 -07:00
Seth Schoen
88c5b270ef implement locking for issuing certs with openssl ca 2012-07-14 23:01:39 -07:00
Seth Schoen
97caf0f61a implementation of Redis-mediated lock in Python 2012-07-14 22:54:19 -07:00
Seth Schoen
f2d755d3d5 check recipient string before hashcash to produce more useful error message 
This is more work for the server but if we don't do it in this
order we always get a hashcash error instead of a recipient error
if the client is confused about what server it meant to query.
Giving the wrong error in this sense is OK from a protocol point
of view but quite frustrating for a human being on the client end
trying to figure out why the server is rejecting its apparently
perfectly valid hashcash...
 2012-07-14 17:35:22 -07:00
Seth Schoen
1756a29a6a forgot an underscore 2012-07-14 17:32:26 -07:00
Seth Schoen
19bcb8486c make some things more general; allow command line arguments 2012-07-14 17:31:43 -07:00
Seth Schoen
1fd5ae1c9d er, the parameter is only known as h inside the called function 2012-07-14 17:18:22 -07:00
Seth Schoen
088c97bbf5 use database to prevent double-spending of hashcash 2012-07-14 17:16:51 -07:00
Seth Schoen
0b1b8e42d5 switch to hashlib 2012-07-14 15:08:15 -07:00
Seth Schoen
c1927aed26 switch to hashlib 2012-07-14 15:02:26 -07:00
Seth Schoen
f9eb363311 we're using git pull rather than scp/rsync to deploy now 2012-07-14 14:56:30 -07:00
Seth Schoen
be58b8759a notes on locking and concurrency 2012-07-14 14:56:19 -07:00
Seth Schoen
ecfc275a1e continue with request after displaying it :-) 2012-07-14 14:42:07 -07:00
Seth Schoen
064148df29 use hashcash in protocol 2012-07-14 14:34:24 -07:00
Seth Schoen
bb272f16ca currently we can't suppress display of choc_cert_extensions.cnf 
Maybe this file could be generated from scratch each time and not
be in version control; then we could .gitignore it successfully.
 2012-07-14 13:51:44 -07:00
Seth Schoen
d18c7f6eee some .gitignore files to suppress display of generated files in git 2012-07-14 13:49:58 -07:00
Seth Schoen
f82c259b1a actually check request recipient 2012-07-14 13:35:52 -07:00
Seth Schoen
8036fcbb01 update comments 2012-07-13 23:09:59 -07:00
Seth Schoen
3b624c40a7 remove debug print 2012-07-13 22:58:00 -07:00
Seth Schoen
2f21a92e82 more appropriate verbosity 2012-07-13 22:55:38 -07:00
Seth Schoen
32c2ba8e71 correctly emit subject alternative names and remove most user-supplied data from cert 2012-07-13 22:50:58 -07:00
Seth Schoen
34e3663399 passing type unicode instead of str to M2Crypto causes failures (!) 2012-07-13 19:30:58 -07:00
Seth Schoen
5b43540452 crazy M2Crypto bug: you have to get_pubkey().get_rsa() not just get_pubkey() 2012-07-13 19:29:36 -07:00
Seth Schoen
0da690afb2 make sure we use our own modified M2Crypto everywhere 2012-07-13 19:28:52 -07:00
Seth Schoen
17aa133774 Merge branch 'master' of ssh://github.com/research/chocolate 2012-07-13 18:57:51 -07:00
Seth Schoen
7b615c295e don't SHA256 twice! 2012-07-13 18:57:10 -07:00
Peter Eckersley
7f6f3e785e Merge branch 'master' of github.com:research/chocolate 2012-07-13 18:55:27 -07:00
Seth Schoen
9930ae8875 make sure to use "M3Crypto" 2012-07-13 18:55:09 -07:00
Peter Eckersley
95347b3d17 Make client.py executable 2012-07-13 18:55:08 -07:00
Peter Eckersley
8c94570319 Embed CSR from the other side 2012-07-13 18:43:20 -07:00
Seth Schoen
722aaab568 update description of dependencies and deployment 2012-07-13 16:03:21 -07:00
Seth Schoen
2901fa1c81 note about expected symlink to CSR.py 2012-07-13 14:51:59 -07:00
Seth Schoen
764b2783a7 explicitly require m3crypto inside ../m3/lib/python 2012-07-13 14:49:34 -07:00
Seth Schoen
e2b798fe26 implement session timeouts inside daemon 2012-07-12 18:19:14 -07:00
Eric Wustrow
70023c5b08 Merge branch 'master' of github.com:research/chocolate 2012-07-12 20:30:52 -04:00