* increases server_names_hash_bucket_size if it's too low in your nginx conf
* switching from k,v pairwise indices -> inner_line
* simply using bucket_directive
* make a list of contributors
* make all links websites
* alphebetize and remove extra file
* remove ref to contributors
* add one more!
* sort using linux sort command
* display: support validation of user input
To avoid each caller of `display.input` and `display.directory_select`
needing to implement validation logic, this allows for a validator to be
supplied as a part of the call.
Following the existing pattern from `webroot`, this validator is expected
to throw a `Error` when it encounters invalid input. The user then
receives a `notification` is re-prompted.
Testing Done:
* tox -e py27
* tox -e lint
* plugins: update webroot to use display's validation functionality
This change updates the webroot plugin to use the now-built-in validation
functionality in display, reducing duplicated code.
Testing Done:
* tox -e py27
* tox -e lint
* display: move validation logic to ops
To avoid adding complexity to `IDisplay` methods, move validation logic
to helper methods in `display.ops`.
Testing Done:
* tox -e py27
* tox -e lint
Add port/package URL for py-acme
Use Freshports URL's instead of SVNWeb (repository) links as they provide (binary) package installation installation as well as further port/package information such as vulnerabilities, revision history and bug reports for each port respectively.
* Add url and kid to jws.
This will be required in order to implement the latest ACME spec, which uses
these protected header fields.
* Add comments and fix lint.
* Enforce mutual exclusivity of jwk and kid.
* say -- echo which honors quiet
* error -- echo which does not honor quiet
* switch non error echos to say
* switch error echos to error
* run letsencrypt-auto-source/build.py
* Use binary flag when writing cert and key files
Add binary flag to mode argument when opening files for writing key and
certificate files.
On Python 3 the data buffers use for writing are bytes objects not
strings, and the write fails accordingly.
As far as I understand, it the "b" flag will not hurt things in Python 2
either.
* Update the tests for RenewableCert::save_successor
Update the tests for RenewableCert::save_successor after changing
three parameters to be called with bytes objects instead of strings.
Also, update the doc comment of the function.
Second part of #4443. Built on #4444. Fixes#3148.
This fixes an old problem with code logging messages before logging has been set up. How this works is explained in the docstring of certbot.log.pre_arg_setup.
* add memory handler
* Add exit_with_log_path
* add new_except_hook
* pre_arg_parse_setup++ and remove old except_hook
* Rewrite post_arg_setup
* test restricted permissions
* move changes to main
* Use .name of NamedTemporaryFile
* use better assertions
* set exc_info in except_hook
* Make post_arg_setup more robust
* final cleanup
* Add TempHandler
* undo main_test changes
* improve documentation
* use decorators instead of with for mock.patch
* add inline comment about logging.shutdown
If the updated datetime collides, the comparator of heapq will move
onto the AuthorizationResource value and throws an "unorderable type"
error.
This adds an index value to the element tuple to ensure that they are
always strictly ordered.
It's relatively finicky to make a CSR appropriate to pass to poll_and_request_issuance. I think most users want to be able to give a list of domains and a private key, and get back a CSR. This branch adds that functionality to crypto_util.
Note that the two new functions take arguments, and return values, as PEM-encoded buffers. This is a departure from some existing ACME interfaces that take PyOpenSSL types. I've discussed with the Certbot team, and we agree that this is broadly the direction the ACME API should take, so that users of the module don't need to import PyOpenSSL themselves, or use its primitives.
* Add make_csr.
* accept privkey
* Tweak API.
* Remove make_csr from certbot package.
* Skip test in older Pythons.
* Move get_Extensions call under protection.
* Remove assertIn because not backwards-compatible.
* Fix encoding, and use PEM.
* Fix test
* Fix tests on py35.
* Fix error in test.
* Make import_csr_file always return PEM.
Also delete get_sans_from_csr (unused) and get_names_from_csr (newly unused).
* Fix function doc.
* Fix indent
* Fix call of obtain_certificate_from_Csr
* lint
* Handle review feedback.
* Fix test.
In some sense, certbot.client.Client is an ACME client, but it's the not the client in the ACME library and this leads to confusion. Let's make what this is clear.
* call certbot client cb_client rather than acme_client
* update tests
