crypt/certbot
1
0
Fork 0
mirror of https://github.com/certbot/certbot.git synced 2026-01-26 07:41:33 +03:00
Code Activity
10,392 Commits 847 Branches 151 Tags
dac0b2c187fd94de9725da623587729ef356b60d
Commit Graph

10392 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Eric Wustrow
0a85d8154f Merge branch 'master' of github.com:research/chocolate 2012-07-12 19:38:44 -04:00
Eric Wustrow
9ccd7d2e1e use M2Crypto (patched to support X509.Request.get_extensions) to read the SANs from the CSR; remove pkcs10.py 2012-07-12 19:38:37 -04:00
Seth Schoen
7bef1f50b9 actually do the challenge and wait for the results 2012-07-12 16:38:33 -07:00
Seth Schoen
344602edb6 actually the challenge code decrypts y for us to get r 2012-07-12 16:37:53 -07:00
Seth Schoen
d58e2901fa script for clearing out Redis databae 2012-07-12 16:29:54 -07:00
Eric Wustrow
94b6e593fb A bit less annoying - you can init a BIO with a string 2012-07-12 19:16:48 -04:00
Eric Wustrow
1c129ea1d7 use M2Crypto for parse function 2012-07-12 19:10:54 -04:00
Eric Wustrow
1bb0fc7286 Merge branch 'master' of github.com:research/chocolate 2012-07-12 18:07:22 -04:00
Eric Wustrow
19df04c516 use M2Crypto instead of openssl command line/subprocess for CSR parsing 2012-07-12 18:07:13 -04:00
Seth Schoen
6d64bab45e wow, but M2Crypto is annoying! - make a BIO for the public key 
It turns out that M2Crypto.RSA.load_key_string() requires a keypair,
not a public key.  There is no M2Crypto.RSA.load_pub_key_string(),
only M2Crypto.RSA.load_pub_key_bio(), which requires an OpenSSL BIO
object.
 2012-07-12 14:48:32 -07:00
Seth Schoen
b8a814a13f make client use M2Crypto also 2012-07-12 14:36:39 -07:00
Seth Schoen
d441355715 make daemon exit cleanly after interrupt signals 2012-07-12 14:30:56 -07:00
Seth Schoen
49d70c0966 it's fine to use M2Crypto, but you must import it :-) 2012-07-12 12:39:54 -07:00
Seth Schoen
f907899358 slight tolerance for requests timestamped in the future 2012-07-12 12:38:13 -07:00
Eric Wustrow
d54858689a Merge branch 'master' of github.com:research/chocolate 2012-07-12 14:55:06 -04:00
Eric Wustrow
42999f7bb9 use M2Crypto for getting public key length 2012-07-12 14:55:00 -04:00
Eric Wustrow
a6f244ec76 use M2Crypto for encrypting (Crypto.PublicKey uses unpaded RSA\!) 2012-07-12 14:54:39 -04:00
Seth Schoen
9c499c06f3 show all challenges 2012-07-11 19:40:09 -07:00
Seth Schoen
0d6b85a9b5 this client won't wait more than 60 seconds even if the server asks it to 2012-07-11 19:10:50 -07:00
Seth Schoen
2e49fbaa5e implement polldelay in client 2012-07-11 19:09:54 -07:00
Seth Schoen
c538876c35 add newline to GET error message output 2012-07-11 16:44:52 -07:00
James Kasten
e8f90a631a Added a fetch OID TODO 2012-07-11 15:10:44 -04:00
Eric Wustrow
1cb25dd143 oops, commited over the c6ac5858e4 server-param changes... 2012-07-11 02:26:04 -04:00
Eric Wustrow
2399b46354 use M2Crypto.RSA instead of Crypto.Public key (which was using an unpadded RSA\!\!\!) 2012-07-11 02:23:44 -04:00
Ubuntu
de459195e5 Merge branch 'master' of github.com:research/chocolate 2012-07-11 06:15:21 +00:00
Ubuntu
c6ac5858e4 use example.com instead of 127.0.0.1 and localhost for the sni_challenge 2012-07-11 06:15:08 +00:00
Ubuntu
5bc2eee4b0 using chocolate server (ec2)'s parameters in sni_challenge (these are just as good as any hardcoded value, and this way we don't have uncommited changes on our test server) 2012-07-11 06:14:25 +00:00
Eric Wustrow
e336d2cb0e use hashlib/hmac instead of Crypto 2012-07-10 23:36:23 -04:00
Seth Schoen
83d246bc7f correctly interpret challtime and challtype as ints 2012-07-10 18:51:58 -07:00
Seth Schoen
0a56d7fd60 add debug prints; actually check whether issuance succeeded 2012-07-10 18:34:32 -07:00
Seth Schoen
b1bc65b082 also deploy demoCA to server 2012-07-10 18:34:23 -07:00
Seth Schoen
07792d6fd0 rename verify_sni_challenge.py for shorter import 2012-07-10 18:33:38 -07:00
Peter Eckersley
d1c2572a03 Merge branch 'master' of github.com:research/chocolate 2012-07-10 18:04:40 -07:00
Peter Eckersley
2f8de2efab Add m3crypto as a submodule 2012-07-10 18:04:18 -07:00
Seth Schoen
2f35f39797 deploy and build sni_challenge code on Chocolate server 2012-07-10 17:01:32 -07:00
Seth Schoen
2a514f5166 adjust daemon to use sni_challenge package 2012-07-10 16:59:04 -07:00
Seth Schoen
208ded9d02 make this a Python package that can be imported 2012-07-10 16:48:36 -07:00
James Kasten
e1bbcd04b7 changed format for perform_sni_challenge to [(addr, y, nonce, ext)], csr, key 2012-07-10 17:27:26 -04:00
James Kasten
87918f6124 added in code to catch SSL connection failures 2012-07-10 17:06:26 -04:00
James Kasten
6ac9d358af minor postConnectionCheck fix 2012-07-10 17:00:59 -04:00
James Kasten
662e935bdf removed postConnectionCheck 2012-07-10 16:46:38 -04:00
James Kasten
ec33d2be6e Merge branch 'master' of github.com:research/chocolate 2012-07-10 16:20:18 -04:00
James Kasten
cd7b849366 Fixed conference call bug, made challenge servers only accessible by SNI name 2012-07-10 16:17:10 -04:00
James Kasten
b8c3856dfd Changed extension conf to critical 2012-07-10 15:43:49 -04:00
Seth Schoen
3f03dc4e5c implement dvsni challenge checking 2012-07-10 00:25:11 -07:00
Seth Schoen
cfc4cbaae3 remove disused debug flag in protocol 2012-07-09 22:33:02 -07:00
Seth Schoen
ee9343469f more explicit clarification about concurrency 2012-07-09 22:23:44 -07:00
Seth Schoen
1f45a4cfe5 enforce some protocol sanity checks 2012-07-09 22:22:20 -07:00
James Kasten
a3435b7982 added ability for concurrent sni challenges, made choc ext critical, allows variable oid 2012-07-09 07:59:30 -04:00
Seth Schoen
ac3441a972 changes to make CSR.issue() successfully issue certs 2012-07-09 00:01:19 -07:00