crypt/certbot
1
0
Fork 0
mirror of https://github.com/certbot/certbot.git synced 2026-01-26 07:41:33 +03:00
Code Activity
215 Commits 847 Branches 151 Tags
90f4b4daebccf1ea5cfefc745fd5cd63c61658bf
Commit Graph

215 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Seth Schoen
90f4b4daeb move configuratoin parameters into config file; add extra sanity checks 2012-07-19 23:19:39 -07:00
James Kasten
8cd2b1e66d initial commit for configurator with basic functionality 2012-07-20 00:11:11 -04:00
Seth Schoen
b1b7257c2a what kind of getopt is the upstream hashcash using, anyway? 2012-07-18 22:36:22 -07:00
Seth Schoen
c89a0e8f8e mint hashcash with expiry stated down to the second 2012-07-18 22:31:54 -07:00
Seth Schoen
6f5d15cddf whoops, the past is the past, not the future 2012-07-18 22:28:41 -07:00
Seth Schoen
c117582ece drop privileges and use external hashcash binary again 2012-07-18 22:25:23 -07:00
Seth Schoen
1e17b222ab document priority inversion bug 2012-07-18 19:38:00 -07:00
Seth Schoen
707dedbd9b add verification probe via Tor 2012-07-18 18:43:23 -07:00
Seth Schoen
bb0c4bf316 notes on future blacklist import speedups 2012-07-18 17:08:35 -07:00
Seth Schoen
df97026c72 Python hashcash minting is slow, so only generate 20 bits for now 2012-07-18 15:07:17 -07:00
Eric Wustrow
4b5ba56a2d check expiry in hashcash 2012-07-17 22:51:53 -04:00
Eric Wustrow
702b9ca394 Use hashcash python library directly, instead of subprocess. 
We should really try to avoid calling out to potentially untrusted
binaries, especially as we are running as root
 2012-07-17 21:27:00 -04:00
Eric Wustrow
cf45b233f7 sorry, this one adds the previous commit about hashcash being dangerous...previous adds a symlink so clients can use it...grrr git is a mess within a mess 2012-07-17 21:11:38 -04:00
Eric Wustrow
9f1df2b704 fix hashcash bug - if check_validation is set, check function will not verify the stamp (elif to be cosnidered harmful) 2012-07-17 21:10:03 -04:00
James Kasten
6de8e31bfe Added documentation for functions 2012-07-17 13:41:28 -04:00
Seth Schoen
e857154682 updated modulus blacklisting stuff 2012-07-17 00:33:45 -07:00
Seth Schoen
7fbb146ba6 weak Debian keys, via http://certlogik.com/debian-weak-key-check/ 2012-07-17 00:19:08 -07:00
Seth Schoen
93f7afbf82 no longer use Python hashcash library 2012-07-16 19:26:42 -07:00
Seth Schoen
4352ff0e13 need to import subprocess 2012-07-16 19:25:41 -07:00
Seth Schoen
1b88b67544 use C language hashcash program to generate cash from client 2012-07-16 19:25:27 -07:00
Seth Schoen
bc7b55d0d6 client supports servername as command-line argument 2012-07-16 15:13:50 -07:00
Seth Schoen
62c2f5fa49 function name collision 2012-07-16 15:13:06 -07:00
Seth Schoen
ac0defac00 remove client-side dependency on CSR.py 2012-07-16 15:11:10 -07:00
Seth Schoen
e70424dd4a database-backed blacklisting of moduli and names 2012-07-16 15:02:07 -07:00
Seth Schoen
acd5a77fc3 make the process faster by reducing delay times 2012-07-15 16:37:39 -07:00
Seth Schoen
f07275a99d another comment on locking 2012-07-15 16:33:23 -07:00
Seth Schoen
ad71e39d31 simplify by removing hashes of random numbers 
There may be circumstances where hashing random numbers might be
useful, but in order to justify it we would need to know something
about the generator that provides them.  However, checking with
strace shows that the CSPRNG in Crypto.Random may not reseed its
entropy enough, so we might ultimately want to use a different one.
It only reseeds 8 bytes per call even if you read megabytes of
random numbers from it!
 2012-07-15 16:16:28 -07:00
Seth Schoen
a5c70283e8 wait after performing challenge, in the hope the server notices the first time 2012-07-14 23:34:39 -07:00
Seth Schoen
f2a3f830e6 right now challenges get issued pretty fast; polldelay = 10 seems high 2012-07-14 23:30:01 -07:00
Seth Schoen
1019a47b31 oops, confused module name and class name 2012-07-14 23:02:55 -07:00
Seth Schoen
88c5b270ef implement locking for issuing certs with openssl ca 2012-07-14 23:01:39 -07:00
Seth Schoen
97caf0f61a implementation of Redis-mediated lock in Python 2012-07-14 22:54:19 -07:00
Seth Schoen
f2d755d3d5 check recipient string before hashcash to produce more useful error message 
This is more work for the server but if we don't do it in this
order we always get a hashcash error instead of a recipient error
if the client is confused about what server it meant to query.
Giving the wrong error in this sense is OK from a protocol point
of view but quite frustrating for a human being on the client end
trying to figure out why the server is rejecting its apparently
perfectly valid hashcash...
 2012-07-14 17:35:22 -07:00
Seth Schoen
1756a29a6a forgot an underscore 2012-07-14 17:32:26 -07:00
Seth Schoen
19bcb8486c make some things more general; allow command line arguments 2012-07-14 17:31:43 -07:00
Seth Schoen
1fd5ae1c9d er, the parameter is only known as h inside the called function 2012-07-14 17:18:22 -07:00
Seth Schoen
088c97bbf5 use database to prevent double-spending of hashcash 2012-07-14 17:16:51 -07:00
Seth Schoen
0b1b8e42d5 switch to hashlib 2012-07-14 15:08:15 -07:00
Seth Schoen
c1927aed26 switch to hashlib 2012-07-14 15:02:26 -07:00
Seth Schoen
f9eb363311 we're using git pull rather than scp/rsync to deploy now 2012-07-14 14:56:30 -07:00
Seth Schoen
be58b8759a notes on locking and concurrency 2012-07-14 14:56:19 -07:00
Seth Schoen
ecfc275a1e continue with request after displaying it :-) 2012-07-14 14:42:07 -07:00
Seth Schoen
064148df29 use hashcash in protocol 2012-07-14 14:34:24 -07:00
Seth Schoen
bb272f16ca currently we can't suppress display of choc_cert_extensions.cnf 
Maybe this file could be generated from scratch each time and not
be in version control; then we could .gitignore it successfully.
 2012-07-14 13:51:44 -07:00
Seth Schoen
d18c7f6eee some .gitignore files to suppress display of generated files in git 2012-07-14 13:49:58 -07:00
Seth Schoen
f82c259b1a actually check request recipient 2012-07-14 13:35:52 -07:00
Seth Schoen
8036fcbb01 update comments 2012-07-13 23:09:59 -07:00
Seth Schoen
3b624c40a7 remove debug print 2012-07-13 22:58:00 -07:00
Seth Schoen
2f21a92e82 more appropriate verbosity 2012-07-13 22:55:38 -07:00
Seth Schoen
32c2ba8e71 correctly emit subject alternative names and remove most user-supplied data from cert 2012-07-13 22:50:58 -07:00