moepman
/
acertmgr
mirror of https://github.com/moepman/acertmgr.git
1
0
Fork 0
Code Releases Activity
225 Commits 2 Branches 20 Tags 316 KiB
Commit Graph

59 Commits

Author SHA1 Message Date
Kishi85 5e63fd89c0 setup: Update packaging and runtime options 2019-03-25 15:09:24 +01:00
Kishi85 5d8b0134ea fix broken references from move and add legacy run script 2019-02-20 11:49:30 +01:00
Kishi85 f1f2d5c7cd move everything to package 'acertmgr' 2019-02-20 11:43:44 +01:00
Kishi85 8808dadbaf Optimize imports 2019-02-18 20:45:28 +01:00
Kishi85 da3dc4261f acertmgr: Fix wrong variable (works due to global var at this point) 2019-02-18 20:43:13 +01:00
Kishi85 1ce94491fd Fix python3 compatibility 2019-01-22 16:03:08 +01:00
Kishi85 1c939363c0 Automatically download CA from AIA-data in certificate (fixes github.com/moepman/acertmgr/issues/12) 2019-01-22 16:02:39 +01:00
Kishi85 90b25e2f3b configuration: Split into separate module 2019-01-22 15:50:44 +01:00
Kishi85 39855323aa authority: Refactor into classes to allow implementation of other api 2019-01-22 10:03:43 +01:00
Kishi85 cc3bfb55dd modes: Use classes to easily allow different types of challenge handling 2019-01-22 10:03:39 +01:00
Kishi85 622c4866da Automatically create RSA keys if they are missing 2019-01-22 09:27:05 +01:00
Kishi85 93377fd3a9 Refactor and cleanup codebase 2019-01-08 08:12:20 +01:00
David Klaftenegger 2446b1d3d2 Change certificate cache filename to unique hash 
md5 is used because cryptographic strength is irrelevant.
This simply allows storing multiple certificates that have
the same domain name as the first domain in the certificate.
 2019-01-07 20:01:20 +01:00
Markus 60172b7e6e Ingore whitespace in output format definitions. 2016-07-04 20:15:01 +02:00
Ralf Ramsauer 35d9d39b26 Make key location dynamic 
Besides the fact that this removes redundant code, hard coded location
of file is generally no good idea

Also adapt README.md and provide a default location for key files.

Signed-off-by: Ralf Ramsauer <ralf@ramses-pyramidenbau.de>
 2016-04-15 12:49:33 +02:00
David Klaftenegger c4e1152ed4 Use pyopenssl key format consistently 
Replaces a case where keys were handled manually instead of using
pyopenssl wrappers.
 2016-04-14 08:18:28 +02:00
David Klaftenegger af17847cac refactoring ACME protocol code 
This patch breaks up the ACME protocol code into functions for account
registration, key/certificate file handling, and helpers for ACME
protocol communication.
 2016-04-14 08:17:50 +02:00
Markus 77d3d1caf2 Fix error message wording 2016-04-12 11:55:22 +02:00
Ralf Ramsauer 62a6084905 Adjust permissions of certificates 
For the internal store of certificates in the configuration directory, a
permission of user read only is absolutely sufficient

Signed-off-by: Ralf Ramsauer <ralf@ramses-pyramidenbau.de>
 2016-04-12 11:55:17 +02:00
Ralf Ramsauer 6b7f1ebfe0 acertmgr.py: use os.path.join() instead of string concatenations 
Signed-off-by: Ralf Ramsauer <ralf@ramses-pyramidenbau.de>
 2016-04-12 11:55:12 +02:00
David Klaftenegger 2ad472b6b5 remove obsolete import 2016-04-12 11:54:57 +02:00
David Klaftenegger 9624f8c704 Only execute actions once 
instead of once per domain
 2016-04-12 11:54:52 +02:00
David Klaftenegger dc83df8d97 Prevent failure when target file is missing 2016-04-12 11:54:47 +02:00
David Klaftenegger 6599c49476 Avoid race condition which is triggered when debugging misconfigurations 2016-04-12 11:54:42 +02:00
David Klaftenegger 2dbae6673a Make it a configuration option which ACME authority is used 2016-04-12 11:54:37 +02:00
David Klaftenegger 025e238213 handle correctly when no action is defined 2016-04-12 11:54:09 +02:00
David Klaftenegger c2383d1d2c correctly handle multiple domain names 2016-04-12 11:53:43 +02:00
David Klaftenegger a4c0bd6357 Change copyright information 2016-04-12 11:53:37 +02:00
David Klaftenegger 661115a508 replace acme-tiny 
using a pyopenssl implementation of the same functionality instead
 2016-04-12 11:53:32 +02:00
David Klaftenegger 9dc7941658 Refactor ssl functionality 
use pyopenssl for certificate validty and requests
 2016-04-12 11:53:27 +02:00
David Klaftenegger e39c3cf298 Refactor webserver into separate file 2016-04-12 11:53:22 +02:00
David Klaftenegger ffb4fde1c6 Adds support for SubjectAltName in CSR generation 
To use this feature, add multiple domain names in the configuration,
separated by spaces
 2016-04-12 11:53:15 +02:00
Markus 53d2ad4bf6 Actually add actions to the set. 2016-04-12 11:53:08 +02:00
David Klaftenegger f16868bb6c replace target files based on timestamp 
instead of relying on the cached certificate file being updated.
This allows multiple configuration files for the same domain.
To avoid replacing existing entries, the format is changed from
a dictionary to a list, and setting domains in acme.conf is no
longer supported.
 2016-04-12 11:52:57 +02:00
Markus 2202fe867b Fix error if default values are empty. 2016-04-12 11:52:29 +02:00
Markus 23b70c798c New format: ca to be able to create cert-chains. 2016-04-12 11:52:23 +02:00
Markus 0346a6b492 Fix accidentally removed TODO. 2016-04-12 11:52:18 +02:00
Markus 2500b044f1 Rename notify to action and execute them only once. 2016-04-12 11:52:12 +02:00
David Klaftenegger 55f340bebd indentation error 
fixes one instance of space-indentation instead of tab-indentation
 2016-04-12 11:52:06 +02:00
David Klaftenegger b396f0bb07 Check result of file metadata changes 
Changing ownership and permissions is not supported on all filesystems.
This patch prints a warning whenever it fails to set these properties,
but continues without a fatal error.
 2016-04-12 11:52:00 +02:00
David Klaftenegger e8c82197a9 Use whichever python is available 
The code is not specific to python2, so any python should do
 2016-04-12 11:51:54 +02:00
David Klaftenegger abba505c9f standalone webserver mode 
This patch adds the ability to start a simple
webserver that is sufficient to solve the ACME
challenge.
 2016-04-12 11:51:42 +02:00
Markus 60ae8f2452 Implement cert_put and use live API 2016-04-12 11:51:23 +02:00
Markus 29fba6e161 More fine grained TODOs for cert_put 2016-04-12 11:51:09 +02:00
Markus 0cc6556df0 Implement check&copy in cert_get 2016-04-12 11:51:03 +02:00
Markus 4089faa997 Improve error handling and tempfile creation 2016-04-12 11:50:56 +02:00
Markus bd8b672e75 Use challenge dir from configuration 2016-04-12 11:50:50 +02:00
David Klaftenegger a614df5d3a Add checks for errors during certificate creation 2016-04-12 11:49:47 +02:00
David Klaftenegger d2a47fbd6a Fixes exception types 2016-04-12 11:49:36 +02:00
David Klaftenegger 39720d7fee Improve checks for required files 2016-04-12 11:49:07 +02:00