upstream/certbot
1
0
Fork 0
mirror of https://github.com/certbot/certbot.git synced 2026-03-27 12:53:05 -04:00
Code Issues Projects Releases Packages Wiki Activity Actions 1
certbot/server-ca
History
Seth Schoen 8b082f9fde evidently, current best practice is to include ALL DNS names, including the primary name, as SANs
2012-08-10 16:26:25 -07:00
..
blacklisting notes on future blacklist import speedups 2012-07-18 17:08:35 -07:00
demoCA some .gitignore files to suppress display of generated files in git 2012-07-14 13:49:58 -07:00
sni_challenge Added check to see if certificate exists 2012-08-08 17:01:54 -04:00
.gitignore some .gitignore files to suppress display of generated files in git 2012-07-14 13:49:58 -07:00
blacklists.py updated modulus blacklisting stuff 2012-07-17 00:33:45 -07:00
CA.sh correctly emit subject alternative names and remove most user-supplied data from cert 2012-07-13 22:50:58 -07:00
chocolate.py upstream changed API :-) 2012-08-09 17:41:38 -07:00
chocolate_protocol.proto support for distributing certificate chain file 2012-07-20 18:37:47 -07:00
clear-db.py script for clearing out Redis databae 2012-07-12 16:29:54 -07:00
CONFIG.py add cert_chain_file config option 2012-07-20 16:43:18 -07:00
CSR.py evidently, current best practice is to include ALL DNS names, including the primary name, as SANs 2012-08-10 16:26:25 -07:00
daemon.py output the name that we're doing the test for 2012-08-10 10:41:29 -07:00
hashcash.py sorry, this one adds the previous commit about hashcash being dangerous...previous adds a symlink so clients can use it...grrr git is a mess within a mess 2012-07-17 21:11:38 -04:00
Makefile we're using git pull rather than scp/rsync to deploy now 2012-07-14 14:56:30 -07:00
README Slight update to README 2012-08-01 14:23:25 -04:00
REDIS moving everything server-side to server-ca directory 2012-07-06 14:45:26 -07:00
redis_lock.py implementation of Redis-mediated lock in Python 2012-07-14 22:54:19 -07:00

README 

In this directory is a reference CA implementation of the Chocolate protocol,
DV and signing mechanism.

Instead of using "make deploy", we're currently using git pull to deploy this.
This requires restarting lighttpd on the server and ensuring that Redis and
a copy of daemon.py are running there.  If the .proto definition has
changed, it also needs to be recompiled on both the server and the client.



chocolate.py - server-side, requires web.py (python-webpy),
        PyCrypto (python-crypto) 2.3 (not 2.1!!), redis, python-redis,
        python-protobuf, "M3Crypto" (from our own tree) (hence also
	build-essential, python-dev, and swig)
	probably wants to run under a web server like lighttpd with fastcgi


chocolate_protocol.proto - protocol definition; needs protobuf-compiler

sni_challenge -
	Assumes Apache server with name based virtual hosts is running 
	(for intended address).
	Call perform_sni_cert_challenge(address, r, nonce) to verify the 
	server.
	Example code is given in main method
	Right now requires full path specification of CSR/KEY in the Global 
	Variables (how should this be specified?)
        requires python-socksipy, tor