upstream/certbot
1
0
Fork 0
mirror of https://github.com/certbot/certbot.git synced 2026-06-05 23:04:39 -04:00
Code Issues Projects Releases Packages Wiki Activity Actions 2
9985 commits 876 branches 156 tags 129 MiB
Commit graph

9985 commits

This branch
This branch
All branches
Author SHA1 Message Date
Seth Schoen
88c5b270ef implement locking for issuing certs with openssl ca 2012-07-14 23:01:39 -07:00
Seth Schoen
97caf0f61a implementation of Redis-mediated lock in Python 2012-07-14 22:54:19 -07:00
Seth Schoen
f2d755d3d5 check recipient string before hashcash to produce more useful error message 
This is more work for the server but if we don't do it in this
order we always get a hashcash error instead of a recipient error
if the client is confused about what server it meant to query.
Giving the wrong error in this sense is OK from a protocol point
of view but quite frustrating for a human being on the client end
trying to figure out why the server is rejecting its apparently
perfectly valid hashcash...
 2012-07-14 17:35:22 -07:00
Seth Schoen
1756a29a6a forgot an underscore 2012-07-14 17:32:26 -07:00
Seth Schoen
19bcb8486c make some things more general; allow command line arguments 2012-07-14 17:31:43 -07:00
Seth Schoen
1fd5ae1c9d er, the parameter is only known as h inside the called function 2012-07-14 17:18:22 -07:00
Seth Schoen
088c97bbf5 use database to prevent double-spending of hashcash 2012-07-14 17:16:51 -07:00
Seth Schoen
0b1b8e42d5 switch to hashlib 2012-07-14 15:08:15 -07:00
Seth Schoen
c1927aed26 switch to hashlib 2012-07-14 15:02:26 -07:00
Seth Schoen
f9eb363311 we're using git pull rather than scp/rsync to deploy now 2012-07-14 14:56:30 -07:00
Seth Schoen
be58b8759a notes on locking and concurrency 2012-07-14 14:56:19 -07:00
Seth Schoen
ecfc275a1e continue with request after displaying it :-) 2012-07-14 14:42:07 -07:00
Seth Schoen
064148df29 use hashcash in protocol 2012-07-14 14:34:24 -07:00
Seth Schoen
bb272f16ca currently we can't suppress display of choc_cert_extensions.cnf 
Maybe this file could be generated from scratch each time and not
be in version control; then we could .gitignore it successfully.
 2012-07-14 13:51:44 -07:00
Seth Schoen
d18c7f6eee some .gitignore files to suppress display of generated files in git 2012-07-14 13:49:58 -07:00
Seth Schoen
f82c259b1a actually check request recipient 2012-07-14 13:35:52 -07:00
Seth Schoen
8036fcbb01 update comments 2012-07-13 23:09:59 -07:00
Seth Schoen
3b624c40a7 remove debug print 2012-07-13 22:58:00 -07:00
Seth Schoen
2f21a92e82 more appropriate verbosity 2012-07-13 22:55:38 -07:00
Seth Schoen
32c2ba8e71 correctly emit subject alternative names and remove most user-supplied data from cert 2012-07-13 22:50:58 -07:00
Seth Schoen
34e3663399 passing type unicode instead of str to M2Crypto causes failures (!) 2012-07-13 19:30:58 -07:00
Seth Schoen
5b43540452 crazy M2Crypto bug: you have to get_pubkey().get_rsa() not just get_pubkey() 2012-07-13 19:29:36 -07:00
Seth Schoen
0da690afb2 make sure we use our own modified M2Crypto everywhere 2012-07-13 19:28:52 -07:00
Seth Schoen
17aa133774 Merge branch 'master' of ssh://github.com/research/chocolate 2012-07-13 18:57:51 -07:00
Seth Schoen
7b615c295e don't SHA256 twice! 2012-07-13 18:57:10 -07:00
Peter Eckersley
7f6f3e785e Merge branch 'master' of github.com:research/chocolate 2012-07-13 18:55:27 -07:00
Seth Schoen
9930ae8875 make sure to use "M3Crypto" 2012-07-13 18:55:09 -07:00
Peter Eckersley
95347b3d17 Make client.py executable 2012-07-13 18:55:08 -07:00
Peter Eckersley
8c94570319 Embed CSR from the other side 2012-07-13 18:43:20 -07:00
Seth Schoen
722aaab568 update description of dependencies and deployment 2012-07-13 16:03:21 -07:00
Seth Schoen
2901fa1c81 note about expected symlink to CSR.py 2012-07-13 14:51:59 -07:00
Seth Schoen
764b2783a7 explicitly require m3crypto inside ../m3/lib/python 2012-07-13 14:49:34 -07:00
Seth Schoen
e2b798fe26 implement session timeouts inside daemon 2012-07-12 18:19:14 -07:00
Eric Wustrow
70023c5b08 Merge branch 'master' of github.com:research/chocolate 2012-07-12 20:30:52 -04:00
Eric Wustrow
956ea28b95 use M2Crypto in CSR verify/sign/encrypt 2012-07-12 20:30:46 -04:00
Seth Schoen
5407be4df6 exit when failures are reported 2012-07-12 16:49:28 -07:00
Seth Schoen
e12d7f8fea report failures 2012-07-12 16:49:19 -07:00
Seth Schoen
dd2dc32a96 report failure after attempted issuance 2012-07-12 16:48:20 -07:00
Seth Schoen
34b61f68fa save certificate after it gets issued 2012-07-12 16:47:40 -07:00
Seth Schoen
30622a436a fix indentation 2012-07-12 16:45:41 -07:00
Seth Schoen
f40f372b88 I really like this looking from /etc better because it's faster 
(I realize that on some systems httpd.conf is somewhere other than /etc!)
 2012-07-12 16:44:44 -07:00
Seth Schoen
7699bf8583 key is also in CHOC_DIR 2012-07-12 16:43:07 -07:00
Seth Schoen
b63a255496 Merge branch 'master' of ssh://github.com/research/chocolate 2012-07-12 16:39:06 -07:00
Eric Wustrow
0a85d8154f Merge branch 'master' of github.com:research/chocolate 2012-07-12 19:38:44 -04:00
Eric Wustrow
9ccd7d2e1e use M2Crypto (patched to support X509.Request.get_extensions) to read the SANs from the CSR; remove pkcs10.py 2012-07-12 19:38:37 -04:00
Seth Schoen
7bef1f50b9 actually do the challenge and wait for the results 2012-07-12 16:38:33 -07:00
Seth Schoen
344602edb6 actually the challenge code decrypts y for us to get r 2012-07-12 16:37:53 -07:00
Seth Schoen
d58e2901fa script for clearing out Redis databae 2012-07-12 16:29:54 -07:00
Eric Wustrow
94b6e593fb A bit less annoying - you can init a BIO with a string 2012-07-12 19:16:48 -04:00
Eric Wustrow
1c129ea1d7 use M2Crypto for parse function 2012-07-12 19:10:54 -04:00