crypt/certbot
1
0
Fork 0
mirror of https://github.com/certbot/certbot.git synced 2026-01-26 07:41:33 +03:00
Code Activity
10,392 Commits 847 Branches 151 Tags
dac0b2c187fd94de9725da623587729ef356b60d
Commit Graph

10392 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Seth Schoen
e70424dd4a database-backed blacklisting of moduli and names 2012-07-16 15:02:07 -07:00
Seth Schoen
acd5a77fc3 make the process faster by reducing delay times 2012-07-15 16:37:39 -07:00
Seth Schoen
f07275a99d another comment on locking 2012-07-15 16:33:23 -07:00
Seth Schoen
ad71e39d31 simplify by removing hashes of random numbers 
There may be circumstances where hashing random numbers might be
useful, but in order to justify it we would need to know something
about the generator that provides them.  However, checking with
strace shows that the CSPRNG in Crypto.Random may not reseed its
entropy enough, so we might ultimately want to use a different one.
It only reseeds 8 bytes per call even if you read megabytes of
random numbers from it!
 2012-07-15 16:16:28 -07:00
Seth Schoen
a5c70283e8 wait after performing challenge, in the hope the server notices the first time 2012-07-14 23:34:39 -07:00
Seth Schoen
f2a3f830e6 right now challenges get issued pretty fast; polldelay = 10 seems high 2012-07-14 23:30:01 -07:00
Seth Schoen
1019a47b31 oops, confused module name and class name 2012-07-14 23:02:55 -07:00
Seth Schoen
88c5b270ef implement locking for issuing certs with openssl ca 2012-07-14 23:01:39 -07:00
Seth Schoen
97caf0f61a implementation of Redis-mediated lock in Python 2012-07-14 22:54:19 -07:00
Seth Schoen
f2d755d3d5 check recipient string before hashcash to produce more useful error message 
This is more work for the server but if we don't do it in this
order we always get a hashcash error instead of a recipient error
if the client is confused about what server it meant to query.
Giving the wrong error in this sense is OK from a protocol point
of view but quite frustrating for a human being on the client end
trying to figure out why the server is rejecting its apparently
perfectly valid hashcash...
 2012-07-14 17:35:22 -07:00
Seth Schoen
1756a29a6a forgot an underscore 2012-07-14 17:32:26 -07:00
Seth Schoen
19bcb8486c make some things more general; allow command line arguments 2012-07-14 17:31:43 -07:00
Seth Schoen
1fd5ae1c9d er, the parameter is only known as h inside the called function 2012-07-14 17:18:22 -07:00
Seth Schoen
088c97bbf5 use database to prevent double-spending of hashcash 2012-07-14 17:16:51 -07:00
Seth Schoen
0b1b8e42d5 switch to hashlib 2012-07-14 15:08:15 -07:00
Seth Schoen
c1927aed26 switch to hashlib 2012-07-14 15:02:26 -07:00
Seth Schoen
f9eb363311 we're using git pull rather than scp/rsync to deploy now 2012-07-14 14:56:30 -07:00
Seth Schoen
be58b8759a notes on locking and concurrency 2012-07-14 14:56:19 -07:00
Seth Schoen
ecfc275a1e continue with request after displaying it :-) 2012-07-14 14:42:07 -07:00
Seth Schoen
064148df29 use hashcash in protocol 2012-07-14 14:34:24 -07:00
Seth Schoen
bb272f16ca currently we can't suppress display of choc_cert_extensions.cnf 
Maybe this file could be generated from scratch each time and not
be in version control; then we could .gitignore it successfully.
 2012-07-14 13:51:44 -07:00
Seth Schoen
d18c7f6eee some .gitignore files to suppress display of generated files in git 2012-07-14 13:49:58 -07:00
Seth Schoen
f82c259b1a actually check request recipient 2012-07-14 13:35:52 -07:00
Seth Schoen
8036fcbb01 update comments 2012-07-13 23:09:59 -07:00
Seth Schoen
3b624c40a7 remove debug print 2012-07-13 22:58:00 -07:00
Seth Schoen
2f21a92e82 more appropriate verbosity 2012-07-13 22:55:38 -07:00
Seth Schoen
32c2ba8e71 correctly emit subject alternative names and remove most user-supplied data from cert 2012-07-13 22:50:58 -07:00
Seth Schoen
34e3663399 passing type unicode instead of str to M2Crypto causes failures (!) 2012-07-13 19:30:58 -07:00
Seth Schoen
5b43540452 crazy M2Crypto bug: you have to get_pubkey().get_rsa() not just get_pubkey() 2012-07-13 19:29:36 -07:00
Seth Schoen
0da690afb2 make sure we use our own modified M2Crypto everywhere 2012-07-13 19:28:52 -07:00
Seth Schoen
17aa133774 Merge branch 'master' of ssh://github.com/research/chocolate 2012-07-13 18:57:51 -07:00
Seth Schoen
7b615c295e don't SHA256 twice! 2012-07-13 18:57:10 -07:00
Peter Eckersley
7f6f3e785e Merge branch 'master' of github.com:research/chocolate 2012-07-13 18:55:27 -07:00
Seth Schoen
9930ae8875 make sure to use "M3Crypto" 2012-07-13 18:55:09 -07:00
Peter Eckersley
95347b3d17 Make client.py executable 2012-07-13 18:55:08 -07:00
Peter Eckersley
8c94570319 Embed CSR from the other side 2012-07-13 18:43:20 -07:00
Seth Schoen
722aaab568 update description of dependencies and deployment 2012-07-13 16:03:21 -07:00
Seth Schoen
2901fa1c81 note about expected symlink to CSR.py 2012-07-13 14:51:59 -07:00
Seth Schoen
764b2783a7 explicitly require m3crypto inside ../m3/lib/python 2012-07-13 14:49:34 -07:00
Seth Schoen
e2b798fe26 implement session timeouts inside daemon 2012-07-12 18:19:14 -07:00
Eric Wustrow
70023c5b08 Merge branch 'master' of github.com:research/chocolate 2012-07-12 20:30:52 -04:00
Eric Wustrow
956ea28b95 use M2Crypto in CSR verify/sign/encrypt 2012-07-12 20:30:46 -04:00
Seth Schoen
5407be4df6 exit when failures are reported 2012-07-12 16:49:28 -07:00
Seth Schoen
e12d7f8fea report failures 2012-07-12 16:49:19 -07:00
Seth Schoen
dd2dc32a96 report failure after attempted issuance 2012-07-12 16:48:20 -07:00
Seth Schoen
34b61f68fa save certificate after it gets issued 2012-07-12 16:47:40 -07:00
Seth Schoen
30622a436a fix indentation 2012-07-12 16:45:41 -07:00
Seth Schoen
f40f372b88 I really like this looking from /etc better because it's faster 
(I realize that on some systems httpd.conf is somewhere other than /etc!)
 2012-07-12 16:44:44 -07:00
Seth Schoen
7699bf8583 key is also in CHOC_DIR 2012-07-12 16:43:07 -07:00
Seth Schoen
b63a255496 Merge branch 'master' of ssh://github.com/research/chocolate 2012-07-12 16:39:06 -07:00