1
0
mirror of https://github.com/moepman/acertmgr.git synced 2024-11-16 05:19:10 +01:00
Commit Graph

225 Commits

Author SHA1 Message Date
9ca6dae048 version: bump to 1.0.5 2023-07-13 15:36:44 +02:00
Kishi85
274351415d Update github action workflow to build debian packages with gzip format for older OS versions 2023-07-12 17:46:06 +02:00
Rudolf Mayerhofer
f78cb5c554 Github Action: Update to newer github action syntax/standards, change image to ubuntu-latest, change pypi-publish to supported version and check if we have credentials to publish at all 2023-07-12 16:10:21 +02:00
Rudolf Mayerhofer
c3736c0838 Allow multiple sets of the same domain to defined in a single config file (necessary for multiple certs using different key_algorithm) in a list style notation (lists of maps) 2023-07-12 16:10:21 +02:00
Rudolf Mayerhofer
1a98f86aad Fix idna conversion for force-renew (probably broken since the IDNA cleanup) 2023-07-12 16:10:21 +02:00
Rudolf Mayerhofer
ef81ea62d1 Unify key_algorithm handling for elipic curves (change naming to ECC but stay backwards compatible) 2023-07-12 16:10:21 +02:00
Rudolf Mayerhofer
d1caaf80ef Fix LOG_REPLACEMENTS determination when multiple domain sets exist and we are on a newer version of python 2023-07-12 16:10:21 +02:00
Rudolf Mayerhofer
ba644d44f1 Update config id if we have a key algorithm set to allow for multiple certs with different algorithms for the same set of domains
This is a breaking change!
Changes the id for configurations with a key algorithm set, which by default results in changes to serveral dependent configuration values as well,
such as cert_file/key_file/csr_file. This will require existing ECC setups to append the ecc suffix to files in the acertmgr configuration directory
2023-07-12 16:10:21 +02:00
c15b6ec441 Instantiate HashAlgorithm in OCSPRequestBuilder
Installations of more recent cryptography require parameter hash
algorithm to be an instance of hashes.HashAlgorithm, not the bare object
itself.

Fixes #63
2023-07-10 19:27:44 +02:00
Kishi85
2d230e30d9 Clarify expected authority format (at least for v2) and add an example 2021-10-31 09:57:31 +01:00
Kishi85
6f0ccfdc91 logging: Add real counterparts of IDNA-mapped domains in brackets 2021-09-20 09:26:47 +02:00
Kishi85
460b0119ac configuration: Simplify too complex IDNA conversion 2021-09-13 09:00:59 +02:00
David Klaftenegger
e2f7b09b18 certs already contain idna domain names
The idna_convert call here does nothing: when reading a certificate, it
already contains idna domain names. Converting them to idna is
equivalent to the identity function, and can thus be removed.
2021-05-30 16:21:54 +02:00
93e28437ff version: bump to 1.0.4 2021-05-21 22:52:34 +02:00
Kishi85
2e1f5cd894 acertmgr/v2: Handle CA certificate chains properly 2021-05-21 22:50:44 +02:00
Kishi85
ce157a5c8a CI: Build on Ubuntu 18.04 while we are Python 2 compatbile and OS version is not EOL 2021-03-23 18:43:07 +01:00
Kishi85
9953cb4527 standalone: Fix multiple challange handlers on same port
If you define challenge handlers on a per-domain basis multiple will be
created. This would cause the standalone handler to potientially try
to bind the same port (when configured) multiple times, which would only
work on the first try. Subsequent tries would fail with "Address already
in use". To fix this only bind the server between start and stop of the
challenge and cleanup afterwards.
2021-03-23 18:43:07 +01:00
7a5d35f29b GitHub Actions: use current setuptools and wheel 2020-10-12 19:22:02 +02:00
62f01aeff9 GitHub Actions: twine upload via pypa/gh-action-pypi-publish 2020-10-12 19:01:09 +02:00
b48f4532b9 reformat setup.py 2020-10-12 17:48:55 +02:00
bc2a7229ec GitHub Actions: unify whitespace style 2020-10-12 17:22:52 +02:00
fd4fed9432 version: bump to 1.0.3 2020-03-12 18:41:15 +01:00
56743dcbb9 GitHub Actions: fix fetching tags 2020-03-04 17:29:11 +01:00
Kishi85
0648cb7b38 tools: Fix IDNA handler (again) 2020-03-04 14:50:05 +01:00
Kishi85
b37d0cad94 acertmgr: Add a OCSP validation to certificate verification 2020-03-04 14:50:05 +01:00
Kishi85
c33a39a433 tools: make pem file writable by owner before tryting to write
A PEM file might not be writable by the owner when it should be written
(e.g. on Windows), so we have to ensure the file has write permissions
before doing so
2020-03-04 14:40:49 +01:00
Kishi85
882ddfd0b8 Generate proper dependencies on deb Packages 2020-02-20 18:40:22 +01:00
Kishi
e5edc4e5aa Use Github Actions for automated building and release 2020-02-20 18:35:41 +01:00
e48724b726 version: bump to 1.0.2 2019-11-23 15:37:07 +01:00
6314f468c1 setup.py: fix package name for yaml 2019-11-08 19:40:05 +01:00
Kishi85
97e9be80cf acertmgr: Fix module/function issues on windows 2019-10-28 10:50:09 +01:00
Kishi85
f5f038d47b configuration: global config is now relative to config_dir 2019-10-26 19:11:33 +02:00
a0a4b0bf07 version: bump to 1.0.1 2019-10-01 13:08:45 +02:00
a63eabd0ee .drone.yml: upload releases to PyPI 2019-10-01 13:08:10 +02:00
2911e05165 setup.py: use proper PyPI supported classifiers 2019-10-01 13:06:37 +02:00
8dad549d68 version: bump to 1.0.0 2019-09-23 14:57:29 +02:00
11d43d4817 build packages via drone.io 2019-09-23 14:57:12 +02:00
Kishi85
ba4dda154b acertmgr: Remove legacy configuration directives (#30) 2019-09-06 16:07:16 +02:00
31c43321d4 version: bump to 0.9.8 2019-07-04 09:34:31 +02:00
Kishi85
9b10f10efd dns.*: Use a static query timeout for any DNS queries using dnspython 2019-07-02 12:55:09 +02:00
Kishi85
1a4272f11a authority.v2: invalidate nonces after 2 minutes and re-request
Boulder seems to invalidate older nonces after some time. Therefore we
allow nonces from the cache to be used for up to 2 minutes and after
those they will be considered invalid (and re-requested with an extra
request to the nonce endpoint when necessary)
2019-06-21 11:39:10 +02:00
514ff7cbad version: bump to 0.9.7 2019-06-12 10:40:06 +02:00
Kishi85
0b8e49d6ee tools: Display warning about IDNA only if unicode names are in use 2019-06-11 10:05:37 +02:00
Kishi85
af0bb45d73 authority.v2: Properly clear the nonce cache on using it's content 2019-06-11 09:52:55 +02:00
Kishi85
7475d5e73f authority.v2: Check challenge return code on validation as well 2019-06-11 09:52:55 +02:00
bc991f12d1 version: bump to 0.9.6 2019-05-20 18:43:49 +02:00
Kishi85
abc0c4a9c2 authority: use correct account_key_length 2019-05-13 21:47:31 +02:00
Kishi85
258855c5b4 legacy: fix ToS agreement value 2019-05-13 20:48:44 +02:00
Kishi85
6e52dd41b0 docs: Update README 2019-05-06 21:24:35 +02:00
Kishi85
7a019d1ac9 idna: unify usage as tools function 2019-05-06 21:24:24 +02:00