moepman
/
acertmgr
mirror of https://github.com/moepman/acertmgr.git
1
0
Fork 0
Code Releases Activity
208 Commits 2 Branches 20 Tags 316 KiB
Commit Graph

208 Commits

Author SHA1 Message Date
Markus 7a5d35f29b GitHub Actions: use current setuptools and wheel 2020-10-12 19:22:02 +02:00
Markus 62f01aeff9 GitHub Actions: twine upload via pypa/gh-action-pypi-publish 2020-10-12 19:01:09 +02:00
Markus b48f4532b9 reformat setup.py 2020-10-12 17:48:55 +02:00
Markus bc2a7229ec GitHub Actions: unify whitespace style 2020-10-12 17:22:52 +02:00
Markus fd4fed9432 version: bump to 1.0.3 2020-03-12 18:41:15 +01:00
Markus 56743dcbb9 GitHub Actions: fix fetching tags 2020-03-04 17:29:11 +01:00
Kishi85 0648cb7b38 tools: Fix IDNA handler (again) 2020-03-04 14:50:05 +01:00
Kishi85 b37d0cad94 acertmgr: Add a OCSP validation to certificate verification 2020-03-04 14:50:05 +01:00
Kishi85 c33a39a433 tools: make pem file writable by owner before tryting to write 
A PEM file might not be writable by the owner when it should be written
(e.g. on Windows), so we have to ensure the file has write permissions
before doing so
 2020-03-04 14:40:49 +01:00
Kishi85 882ddfd0b8 Generate proper dependencies on deb Packages 2020-02-20 18:40:22 +01:00
Kishi e5edc4e5aa Use Github Actions for automated building and release 2020-02-20 18:35:41 +01:00
Markus e48724b726 version: bump to 1.0.2 2019-11-23 15:37:07 +01:00
Markus 6314f468c1 setup.py: fix package name for yaml 2019-11-08 19:40:05 +01:00
Kishi85 97e9be80cf acertmgr: Fix module/function issues on windows 2019-10-28 10:50:09 +01:00
Kishi85 f5f038d47b configuration: global config is now relative to config_dir 2019-10-26 19:11:33 +02:00
Markus a0a4b0bf07 version: bump to 1.0.1 2019-10-01 13:08:45 +02:00
Markus a63eabd0ee .drone.yml: upload releases to PyPI 2019-10-01 13:08:10 +02:00
Markus 2911e05165 setup.py: use proper PyPI supported classifiers 2019-10-01 13:06:37 +02:00
Markus 8dad549d68 version: bump to 1.0.0 2019-09-23 14:57:29 +02:00
Markus 11d43d4817 build packages via drone.io 2019-09-23 14:57:12 +02:00
Kishi85 ba4dda154b acertmgr: Remove legacy configuration directives (#30) 2019-09-06 16:07:16 +02:00
Markus 31c43321d4 version: bump to 0.9.8 2019-07-04 09:34:31 +02:00
Kishi85 9b10f10efd dns.*: Use a static query timeout for any DNS queries using dnspython 2019-07-02 12:55:09 +02:00
Kishi85 1a4272f11a authority.v2: invalidate nonces after 2 minutes and re-request 
Boulder seems to invalidate older nonces after some time. Therefore we
allow nonces from the cache to be used for up to 2 minutes and after
those they will be considered invalid (and re-requested with an extra
request to the nonce endpoint when necessary)
 2019-06-21 11:39:10 +02:00
Markus 514ff7cbad version: bump to 0.9.7 2019-06-12 10:40:06 +02:00
Kishi85 0b8e49d6ee tools: Display warning about IDNA only if unicode names are in use 2019-06-11 10:05:37 +02:00
Kishi85 af0bb45d73 authority.v2: Properly clear the nonce cache on using it's content 2019-06-11 09:52:55 +02:00
Kishi85 7475d5e73f authority.v2: Check challenge return code on validation as well 2019-06-11 09:52:55 +02:00
Markus bc991f12d1 version: bump to 0.9.6 2019-05-20 18:43:49 +02:00
Kishi85 abc0c4a9c2 authority: use correct account_key_length 2019-05-13 21:47:31 +02:00
Kishi85 258855c5b4 legacy: fix ToS agreement value 2019-05-13 20:48:44 +02:00
Kishi85 6e52dd41b0 docs: Update README 2019-05-06 21:24:35 +02:00
Kishi85 7a019d1ac9 idna: unify usage as tools function 2019-05-06 21:24:24 +02:00
Kishi85 6a07ab1188 tools/configuration: Add support for EC/Ed25519/Ed448 generation 2019-04-19 15:29:44 +02:00
Kishi85 4f0fe2c74a tools: Add support for Ed25519 and Ed448 account keys 
Add support for Ed25519 and Ed448 account keys in addition
to already supported algorithms
 2019-04-16 19:12:25 +02:00
Kishi85 88d4a52ab9 tools: use cryptography conversion instead of custom function 
Use cryptography's int_to_bytes consistently instead of our own number
to byte conversion function
 2019-04-16 19:12:15 +02:00
Kishi85 4df74d67d5 tools: add support for EC account keys 
Allows usage of pre-generated EC account keys (P-256, P-384, P-521)
in addition to already supported RSA keys.
 2019-04-16 19:12:05 +02:00
Kishi85 1f5ef9322b tools: remove six dependency 
Always decode string if the functions is available, assume normal string
otherwise
 2019-04-07 15:31:07 +02:00
Kishi85 b5bac4870a authority.v1: add deprecation warning 
ACMEv1 will be deprecated by letsencrypt.org in 2021* therefore add a
deprecation warning on object creation

* https://community.letsencrypt.org/t/end-of-life-plan-for-acmev1/88430
 2019-04-07 15:31:07 +02:00
Kishi85 89be66dc87 acertmgr: implement deployment error handling 
Remove the long-standing todo from cert_put and implement useful
error handling and defaults for certificate deployment. Also do
a separate try/expect for each deployed file on every single
certificate.
 2019-04-07 15:31:07 +02:00
Kishi85 7c9e7f7d0c authority.v2: use POST-as-GET to remove unauthenticated GET requests 
As unauthenticated GET requests are soon to be deprecated,
remove all unacceptable usages and replace with POST-as-GET.
See also https://tools.ietf.org/html/rfc8555#section-6.3
 2019-04-07 15:31:07 +02:00
Kishi85 b86d8b6e0a setup: update dependencies and requirements 2019-04-07 15:31:07 +02:00
Kishi85 4510aaf393 acertmgr: properly format action output 2019-04-07 15:31:07 +02:00
Kishi85 79b625619a acertmgr: try using a fallback configuration for revoke 
If no configuration matching the domains in the given certificate exist
use the globalconfig/default settings for an authority to revoke the
certificate (which might still fail if things do not match up, but the
authority will decide on that)

Configuration parsing for the authority settings is therefore split into
a seperate function which will be called for the 'fallback_authority'
element in runtimeconfig.
 2019-04-07 15:31:07 +02:00
Kishi85 762037c42d standalone: cleanup start/stop challenge 
stop_challenge should only stop the server if the thread is still alive
 2019-04-07 15:31:07 +02:00
Kishi85 e12abbc3cb authority.v1/2: call stop_challenge even if start_challenge fails 
start_challenge may raise an exception at any point. to not just destroy
the challenge but also try to stop it in order to clean up anything done
by start_challenge already properly
 2019-04-07 15:31:07 +02:00
Kishi85 989d3b585a authority.v1/2: do not re-authorize already valid domains 
Skipping re-authorization when not necessary speeds up cert renewal.
 2019-04-07 15:31:07 +02:00
Kishi85 fd8c4ec443 authority.v2: cleanup error- and encoding-handling 2019-04-07 15:31:07 +02:00
Kishi85 df6e3a743e authority.v1: Add missing resource to revoke_crt 
Add missing resource: revoke-cert to the request payload
 2019-04-07 15:31:07 +02:00
Kishi85 79791c53bc tools: update the get_cert_domain function 
Add all domains for SAN certificates and convert IDNA values to the
correct representation
 2019-04-07 15:31:07 +02:00