Merge branch 'master' into boulder-start-fixes

.travis.yml

@@ -1,13 +1,18 @@
 language: python
 
+go:
+  - 1.5
+
 services:
   - rabbitmq
   - mysql
 
 # http://docs.travis-ci.com/user/ci-environment/#CI-environment-OS
+# gimme has to be kept in sync with Boulder's Go version setting in .travis.yml
 before_install:
   - travis_retry sudo ./bootstrap/ubuntu.sh
   - travis_retry sudo apt-get install --no-install-recommends nginx-light openssl
+  - '[ "xxx$BOULDER_INTEGRATION" = "xxx" ] || eval "$(gimme 1.5)"'
 
 # using separate envs with different TOXENVs creates 4x1 Travis build
 # matrix, which allows us to clearly distinguish which component under

acme/acme/challenges.py

@@ -116,7 +116,7 @@ class SimpleHTTPResponse(ChallengeResponse):
     def gen_resource(self, chall):
         """Generate provisioned resource.
 
-        :param .SimpleHTTP chall:
+        :param challenges.SimpleHTTP chall:
         :rtype: SimpleHTTPProvisionedResource
 
         """
@@ -125,7 +125,7 @@ class SimpleHTTPResponse(ChallengeResponse):
     def gen_validation(self, chall, account_key, alg=jose.RS256, **kwargs):
         """Generate validation.
 
-        :param .SimpleHTTP chall:
+        :param challenges.SimpleHTTP chall:
         :param .JWK account_key: Private account key.
         :param .JWA alg:
 
@@ -142,14 +142,14 @@ class SimpleHTTPResponse(ChallengeResponse):
         """Check validation.
 
         :param .JWS validation:
-        :param .SimpleHTTP chall:
+        :param challenges.SimpleHTTP chall:
         :type account_public_key:
             `~cryptography.hazmat.primitives.asymmetric.rsa.RSAPublicKey`
             or
             `~cryptography.hazmat.primitives.asymmetric.dsa.DSAPublicKey`
             or
             `~cryptography.hazmat.primitives.asymmetric.ec.EllipticCurvePublicKey`
-            wrapped in `.ComparableKey
+            wrapped in `.ComparableKey`
 
         :rtype: bool
 
@@ -173,7 +173,7 @@ class SimpleHTTPResponse(ChallengeResponse):
         ignore the certificate provided by the HTTPS server", so
         ``requests.get`` is called with ``verify=False``.
 
-        :param .SimpleHTTP chall: Corresponding challenge.
+        :param challenges.SimpleHTTP chall: Corresponding challenge.
         :param unicode domain: Domain name being verified.
         :param account_public_key: Public key for the key pair
             being authorized. If ``None`` key verification is not
@@ -184,7 +184,7 @@ class SimpleHTTPResponse(ChallengeResponse):
             `~cryptography.hazmat.primitives.asymmetric.dsa.DSAPublicKey`
             or
             `~cryptography.hazmat.primitives.asymmetric.ec.EllipticCurvePublicKey`
-            wrapped in `.ComparableKey
+            wrapped in `.ComparableKey`
         :param int port: Port used in the validation.
 
         :returns: ``True`` iff validation is successful, ``False``
@@ -306,7 +306,7 @@ class DVSNIResponse(ChallengeResponse):
     def chall(self):
         """Get challenge encoded in the `validation` payload.
 
-        :rtype: DVSNI
+        :rtype: challenges.DVSNI
 
         """
         # pylint: disable=no-member
@@ -370,7 +370,7 @@ class DVSNIResponse(ChallengeResponse):
             `~cryptography.hazmat.primitives.asymmetric.dsa.DSAPublicKey`
             or
             `~cryptography.hazmat.primitives.asymmetric.ec.EllipticCurvePublicKey`
-            wrapped in `.ComparableKey
+            wrapped in `.ComparableKey`
         :param OpenSSL.crypto.X509 cert: Optional certificate. If not
             provided (``None``) certificate will be retrieved using
             `probe_cert`.

acme/acme/client.py

@@ -534,7 +534,8 @@ class ClientNetwork(object):
 
 
         """
-        logging.debug('Sending %s request to %s', method, url)
+        logging.debug('Sending %s request to %s. args: %r, kwargs: %r',
+                      method, url, args, kwargs)
         kwargs['verify'] = self.verify_ssl
         response = requests.request(method, url, *args, **kwargs)
         logging.debug('Received %s. Headers: %s. Content: %r',

acme/acme/jose/jws.py

@@ -54,7 +54,7 @@ class Header(json_util.JSONObjectWithFields):
         the "crit" (Critical) Header Parameter (4.1.11) and as a
         conforming implementation, :meth:`from_json` treats its
         occurence as an error. Please subclass if you seek for
-        a diferent behaviour.
+        a different behaviour.
 
     :ivar x5tS256: "x5t#S256"
     :ivar str typ: MIME Media Type, inc. :const:`MediaType.PREFIX`.

acme/acme/messages.py

@@ -231,7 +231,7 @@ class ChallengeBody(ResourceBody):
         call ``challb.x`` to get ``challb.chall.x`` contents.
     :ivar acme.messages.Status status:
     :ivar datetime.datetime validated:
-    :ivar Error error:
+    :ivar messages.Error error:
 
     """
     __slots__ = ('chall',)

docs/contributing.rst

@@ -67,7 +67,7 @@ The following tools are there to help you:
 Integration
 ~~~~~~~~~~~
 
-First, install `Go`_ 1.4 and start Boulder_, an ACME CA server::
+First, install `Go`_ 1.5 and start Boulder_, an ACME CA server::
 
   ./tests/boulder-start.sh
 
@@ -82,7 +82,7 @@ If you would like to test `letsencrypt_nginx` plugin (highly
 encouraged) make sure to install prerequisites as listed in
 ``tests/integration/nginx.sh``:
 
-.. include:: ../tests/integration/nginx.sh
+.. include:: ../letsencrypt-nginx/tests/boulder-integration.sh
    :start-line: 1
    :end-line: 2
    :code: shell

examples/generate-csr.sh

@@ -1,7 +1,7 @@
 #!/bin/sh
 # This script generates a simple SAN CSR to be used with Let's Encrypt
-# CA. Mostly intedened for "auth --csr" testing, but, since its easily
-# auditable, feel free to adjust it and use on you production web
+# CA. Mostly intended for "auth --csr" testing, but, since it's easily
+# auditable, feel free to adjust it and use it on your production web
 # server.
 
 if [ "$#" -lt 1 ]

letsencrypt-apache/letsencrypt_apache/configurator.py

@@ -953,9 +953,10 @@ class ApacheConfigurator(augeas_configurator.AugeasConfigurator):
         """Enables an available site, Apache restart required.
 
         .. note:: Does not make sure that the site correctly works or that all
-        modules are enabled appropriately.
+                  modules are enabled appropriately.
 
         .. todo:: This function should number subdomains before the domain vhost
+
         .. todo:: Make sure link is not broken...
 
         :param vhost: vhost to enable
@@ -1034,8 +1035,9 @@ class ApacheConfigurator(augeas_configurator.AugeasConfigurator):
 
         .. todo:: This function will be converted to using reload
 
-        :raises .errors.MisconfigurationError: If unable to restart due to a
-        configuration problem, or if the restart subprocess cannot be run.
+        :raises .errors.MisconfigurationError: If unable to restart due
+            to a configuration problem, or if the restart subprocess
+            cannot be run.
 
         """
         return apache_restart(self.conf("init-script"))

letsencrypt-apache/letsencrypt_apache/obj.py

@@ -41,21 +41,24 @@ class Addr(common.Addr):
             return 2
 
     def conflicts(self, addr):
-        """Returns if address could conflict with correct function of self.
+        r"""Returns if address could conflict with correct function of self.
 
         Could addr take away service provided by self within Apache?
 
         .. note::IP Address is more important than wildcard.
             Connection from 127.0.0.1:80 with choices of *:80 and 127.0.0.1:*
-            chooses 127.0.0.1:*
+            chooses 127.0.0.1:\*
 
         .. todo:: Handle domain name addrs...
 
         Examples:
-        127.0.0.1:*.conflicts(127.0.0.1:443) - True
-        127.0.0.1:443.conflicts(127.0.0.1:*) - False
-        *:443.conflicts(*:80) - False
-        _default_:443.conflicts(*:443) - True
+
+        =========================================  =====
+        ``127.0.0.1:\*.conflicts(127.0.0.1:443)``  True
+        ``127.0.0.1:443.conflicts(127.0.0.1:\*)``  False
+        ``\*:443.conflicts(\*:80)``                False
+        ``_default_:443.conflicts(\*:443)``        True
+        =========================================  =====
 
         """
         if self._addr_less_specific(addr):
@@ -72,9 +75,10 @@ class Addr(common.Addr):
     def get_sni_addr(self, port):
         """Returns the least specific address that resolves on the port.
 
-        Example:
-        1.2.3.4:443 -> 1.2.3.4:<port>
-        1.2.3.4:* -> 1.2.3.4:*
+        Examples:
+
+        - ``1.2.3.4:443`` -> ``1.2.3.4:<port>``
+        - ``1.2.3.4:*`` -> ``1.2.3.4:*``
 
         :param str port: Desired port
 
@@ -100,8 +104,9 @@ class VirtualHost(object):  # pylint: disable=too-few-public-methods
     :ivar bool enabled: Virtual host is enabled
 
     https://httpd.apache.org/docs/2.4/vhosts/details.html
+
     .. todo:: Any vhost that includes the magic _default_ wildcard is given the
-        same ServerName as the main server.
+              same ServerName as the main server.
 
     """
     # ?: is used for not returning enclosed characters

letsencrypt/crypto_util.py

@@ -267,5 +267,5 @@ def asn1_generalizedtime_to_dt(timestamp):
 
 
 def pyopenssl_x509_name_as_text(x509name):
-    """Convert `OpenSSL.crypto.X509Name to text."""
+    """Convert `OpenSSL.crypto.X509Name` to text."""
     return "/".join("{0}={1}" for key, value in x509name.get_components())