Kishi85
460b0119ac
configuration: Simplify too complex IDNA conversion
2021-09-13 09:00:59 +02:00
David Klaftenegger
e2f7b09b18
certs already contain idna domain names
...
The idna_convert call here does nothing: when reading a certificate, it
already contains idna domain names. Converting them to idna is
equivalent to the identity function, and can thus be removed.
2021-05-30 16:21:54 +02:00
93e28437ff
version: bump to 1.0.4
2021-05-21 22:52:34 +02:00
Kishi85
2e1f5cd894
acertmgr/v2: Handle CA certificate chains properly
2021-05-21 22:50:44 +02:00
Kishi85
ce157a5c8a
CI: Build on Ubuntu 18.04 while we are Python 2 compatbile and OS version is not EOL
2021-03-23 18:43:07 +01:00
Kishi85
9953cb4527
standalone: Fix multiple challange handlers on same port
...
If you define challenge handlers on a per-domain basis multiple will be
created. This would cause the standalone handler to potientially try
to bind the same port (when configured) multiple times, which would only
work on the first try. Subsequent tries would fail with "Address already
in use". To fix this only bind the server between start and stop of the
challenge and cleanup afterwards.
2021-03-23 18:43:07 +01:00
7a5d35f29b
GitHub Actions: use current setuptools and wheel
2020-10-12 19:22:02 +02:00
62f01aeff9
GitHub Actions: twine upload via pypa/gh-action-pypi-publish
2020-10-12 19:01:09 +02:00
b48f4532b9
reformat setup.py
2020-10-12 17:48:55 +02:00
bc2a7229ec
GitHub Actions: unify whitespace style
2020-10-12 17:22:52 +02:00
fd4fed9432
version: bump to 1.0.3
2020-03-12 18:41:15 +01:00
56743dcbb9
GitHub Actions: fix fetching tags
2020-03-04 17:29:11 +01:00
Kishi85
0648cb7b38
tools: Fix IDNA handler (again)
2020-03-04 14:50:05 +01:00
Kishi85
b37d0cad94
acertmgr: Add a OCSP validation to certificate verification
2020-03-04 14:50:05 +01:00
Kishi85
c33a39a433
tools: make pem file writable by owner before tryting to write
...
A PEM file might not be writable by the owner when it should be written
(e.g. on Windows), so we have to ensure the file has write permissions
before doing so
2020-03-04 14:40:49 +01:00
Kishi85
882ddfd0b8
Generate proper dependencies on deb Packages
2020-02-20 18:40:22 +01:00
Kishi
e5edc4e5aa
Use Github Actions for automated building and release
2020-02-20 18:35:41 +01:00
e48724b726
version: bump to 1.0.2
2019-11-23 15:37:07 +01:00
6314f468c1
setup.py: fix package name for yaml
2019-11-08 19:40:05 +01:00
Kishi85
97e9be80cf
acertmgr: Fix module/function issues on windows
2019-10-28 10:50:09 +01:00
Kishi85
f5f038d47b
configuration: global config is now relative to config_dir
2019-10-26 19:11:33 +02:00
a0a4b0bf07
version: bump to 1.0.1
2019-10-01 13:08:45 +02:00
a63eabd0ee
.drone.yml: upload releases to PyPI
2019-10-01 13:08:10 +02:00
2911e05165
setup.py: use proper PyPI supported classifiers
2019-10-01 13:06:37 +02:00
8dad549d68
version: bump to 1.0.0
2019-09-23 14:57:29 +02:00
11d43d4817
build packages via drone.io
2019-09-23 14:57:12 +02:00
Kishi85
ba4dda154b
acertmgr: Remove legacy configuration directives ( #30 )
2019-09-06 16:07:16 +02:00
31c43321d4
version: bump to 0.9.8
2019-07-04 09:34:31 +02:00
Kishi85
9b10f10efd
dns.*: Use a static query timeout for any DNS queries using dnspython
2019-07-02 12:55:09 +02:00
Kishi85
1a4272f11a
authority.v2: invalidate nonces after 2 minutes and re-request
...
Boulder seems to invalidate older nonces after some time. Therefore we
allow nonces from the cache to be used for up to 2 minutes and after
those they will be considered invalid (and re-requested with an extra
request to the nonce endpoint when necessary)
2019-06-21 11:39:10 +02:00
514ff7cbad
version: bump to 0.9.7
2019-06-12 10:40:06 +02:00
Kishi85
0b8e49d6ee
tools: Display warning about IDNA only if unicode names are in use
2019-06-11 10:05:37 +02:00
Kishi85
af0bb45d73
authority.v2: Properly clear the nonce cache on using it's content
2019-06-11 09:52:55 +02:00
Kishi85
7475d5e73f
authority.v2: Check challenge return code on validation as well
2019-06-11 09:52:55 +02:00
bc991f12d1
version: bump to 0.9.6
2019-05-20 18:43:49 +02:00
Kishi85
abc0c4a9c2
authority: use correct account_key_length
2019-05-13 21:47:31 +02:00
Kishi85
258855c5b4
legacy: fix ToS agreement value
2019-05-13 20:48:44 +02:00
Kishi85
6e52dd41b0
docs: Update README
2019-05-06 21:24:35 +02:00
Kishi85
7a019d1ac9
idna: unify usage as tools function
2019-05-06 21:24:24 +02:00
Kishi85
6a07ab1188
tools/configuration: Add support for EC/Ed25519/Ed448 generation
2019-04-19 15:29:44 +02:00
Kishi85
4f0fe2c74a
tools: Add support for Ed25519 and Ed448 account keys
...
Add support for Ed25519 and Ed448 account keys in addition
to already supported algorithms
2019-04-16 19:12:25 +02:00
Kishi85
88d4a52ab9
tools: use cryptography conversion instead of custom function
...
Use cryptography's int_to_bytes consistently instead of our own number
to byte conversion function
2019-04-16 19:12:15 +02:00
Kishi85
4df74d67d5
tools: add support for EC account keys
...
Allows usage of pre-generated EC account keys (P-256, P-384, P-521)
in addition to already supported RSA keys.
2019-04-16 19:12:05 +02:00
Kishi85
1f5ef9322b
tools: remove six dependency
...
Always decode string if the functions is available, assume normal string
otherwise
2019-04-07 15:31:07 +02:00
Kishi85
b5bac4870a
authority.v1: add deprecation warning
...
ACMEv1 will be deprecated by letsencrypt.org in 2021* therefore add a
deprecation warning on object creation
* https://community.letsencrypt.org/t/end-of-life-plan-for-acmev1/88430
2019-04-07 15:31:07 +02:00
Kishi85
89be66dc87
acertmgr: implement deployment error handling
...
Remove the long-standing todo from cert_put and implement useful
error handling and defaults for certificate deployment. Also do
a separate try/expect for each deployed file on every single
certificate.
2019-04-07 15:31:07 +02:00
Kishi85
7c9e7f7d0c
authority.v2: use POST-as-GET to remove unauthenticated GET requests
...
As unauthenticated GET requests are soon to be deprecated,
remove all unacceptable usages and replace with POST-as-GET.
See also https://tools.ietf.org/html/rfc8555#section-6.3
2019-04-07 15:31:07 +02:00
Kishi85
b86d8b6e0a
setup: update dependencies and requirements
2019-04-07 15:31:07 +02:00
Kishi85
4510aaf393
acertmgr: properly format action output
2019-04-07 15:31:07 +02:00
Kishi85
79b625619a
acertmgr: try using a fallback configuration for revoke
...
If no configuration matching the domains in the given certificate exist
use the globalconfig/default settings for an authority to revoke the
certificate (which might still fail if things do not match up, but the
authority will decide on that)
Configuration parsing for the authority settings is therefore split into
a seperate function which will be called for the 'fallback_authority'
element in runtimeconfig.
2019-04-07 15:31:07 +02:00