upstream/certbot
1
0
Fork 0
mirror of https://github.com/certbot/certbot.git synced 2026-03-23 19:03:33 -04:00
Code Issues Projects Releases Packages Wiki Activity Actions 2
certbot/server-ca
History
Seth Schoen 85d7437178 per discussion, remove clock skew checks; also, two TODOs moved to filed issues
2012-11-19 11:59:21 -08:00
..
blacklisting script to hash factorable moduli and store them in the blacklist 2012-08-20 15:40:54 -07:00
data Issue payment challenges for top 10,000 domains 2012-11-18 20:06:43 -08:00
demoCA some .gitignore files to suppress display of generated files in git 2012-07-14 13:49:58 -07:00
sni_challenge the peername is actually unknown, not unspecified, in this case 2012-11-19 11:09:09 -08:00
.gitignore some .gitignore files to suppress display of generated files in git 2012-07-14 13:49:58 -07:00
blacklists.py updated modulus blacklisting stuff 2012-07-17 00:33:45 -07:00
CA.sh correctly emit subject alternative names and remove most user-supplied data from cert 2012-07-13 22:50:58 -07:00
chocolate.py per discussion, remove clock skew checks; also, two TODOs moved to filed issues 2012-11-19 11:59:21 -08:00
clear-db.py script for clearing out Redis databae 2012-07-12 16:29:54 -07:00
CONFIG.py error_uri to allow displaying useful error messages from server 2012-11-18 22:12:28 -08:00
CSR.py move docstring to the right place 2012-10-18 17:20:59 -07:00
daemon_common.py further shorten short session ID 2012-11-18 22:28:16 -08:00
index.html adding name field to payment form 2012-11-18 22:12:00 -08:00
issue-daemon.py issue daemon doesn't verify challenges 2012-11-18 21:02:59 -08:00
logging-daemon.py a more concise time format 2012-11-18 22:25:25 -08:00
makechallenge-daemon.py make logging output shorter 2012-11-18 22:32:58 -08:00
Makefile Move protocol and client into Python modules 2012-08-12 07:49:45 +03:00
payment-daemon.py log successful and unsuccessful payment attempts 2012-11-18 22:19:18 -08:00
payment.py more sanity checking, though it's already done by the regular expression 2012-11-18 22:51:53 -08:00
policy.py make hostname lowercase before checking 2012-11-18 20:22:42 -08:00
README reorganize daemons! 2012-10-17 18:36:24 -07:00
REDIS moving everything server-side to server-ca directory 2012-07-06 14:45:26 -07:00
redis_lock.py more detailed comment 2012-10-08 18:05:02 -07:00
start_daemons add $@ to pass command line arguments through to daemons 2012-11-16 14:45:31 -08:00
stop_daemons reorganize daemons! 2012-10-17 18:36:24 -07:00
testchallenge-daemon.py further minor logging improvements 2012-11-18 22:37:20 -08:00
thanks.html say what names this request applied to 2012-11-18 19:49:12 -08:00
TODO reorganize daemons! 2012-10-17 18:36:24 -07:00

README 

In this directory is a reference CA implementation of the Chocolate protocol,
DV and signing mechanism.

Instead of using "make deploy", we're currently using git pull to deploy this.
This requires restarting lighttpd on the server and ensuring that Redis and
a copy of daemon.py are running there.  If the .proto definition has
changed, it also needs to be recompiled on both the server and the client.



chocolate.py - server-side, requires web.py (python-webpy),
        PyCrypto (python-crypto) 2.3 (not 2.1!!), redis, python-redis,
        python-protobuf, "M3Crypto" (from our own tree) (hence also
	build-essential, python-dev, and swig)
	probably wants to run under a web server like lighttpd with fastcgi

daemons/{makechallenge,testchallenge,issue,logging}-daemon.py -
        daemons to handle back-end implementation of protocol state transitions

chocolate_protocol.proto - protocol definition; needs protobuf-compiler

sni_challenge -
	Assumes Apache server with name based virtual hosts is running 
	(for intended address).
	Call perform_sni_cert_challenge(address, r, nonce) to verify the 
	server.
	Example code is given in main method
	Right now requires full path specification of CSR/KEY in the Global 
	Variables (how should this be specified?)
        requires python-socksipy, tor