10392 Commits

This Branch

This Branch

All Branches

Author	SHA1	Message	Date
Seth Schoen	6d3ca7c94c	work towards one request per session	2012-06-27 17:16:07 -07:00
James Kasten	abb4673fd8	Adding sni_challenge verification	2012-06-26 20:01:52 -04:00
Peter Eckersley	deb9ce0a4e	These (initially empty) directories are necessary for correct CA operation?	2012-06-19 15:09:04 -07:00
James Kasten	16b1128c4a	minor fixes and now using crypto random	2012-06-19 15:28:56 -04:00
James Kasten	626695a85e	added basic sni/cert challenge for the webserver	2012-06-19 13:24:55 -04:00
Seth Schoen	689928b1d3	note protobuf dependency	2012-06-06 14:10:44 -07:00
Seth Schoen	c3af316c60	attempt to handle multiple signing requests per message and check for duplicate nonces	2012-06-02 00:28:59 -07:00
Seth Schoen	bcd4168b1f	let's check for duplicate request nonces from the client	2012-06-02 00:01:35 -07:00
Seth Schoen	7c3e656a9a	note dependency on redis	2012-06-01 23:57:32 -07:00
Seth Schoen	726da5c7f9	use redis instead of shelve; new session class instead of sessionstore	2012-06-01 23:55:59 -07:00
Seth Schoen	1b6ffaecc2	add two notes	2012-06-01 00:05:10 -07:00
Seth Schoen	4e93c24e49	actually randomized client nonce	2012-05-31 20:29:04 -07:00
Seth Schoen	50f78b8afb	check goodness of cn field	2012-05-31 20:10:46 -07:00
Seth Schoen	f0e044a555	by default, we can sign names	2012-05-31 20:09:03 -07:00
Seth Schoen	208c5a178d	more helpful functions to help you make a valid request	2012-05-31 19:53:00 -07:00
Seth Schoen	be17482a6a	field validation; die; validate requests!	2012-05-31 19:52:34 -07:00
Seth Schoen	a03af3e6ba	argh different versions of OpenSSL format this message totally differently!	2012-05-31 19:51:42 -07:00
Seth Schoen	7d21c1f9bb	sig is bytes (8-bit clean); timestamp is int64	2012-05-31 19:48:56 -07:00
Seth Schoen	5d330bf2c4	implement subject and cn functions; separate "goodkey" for csr and key	2012-05-31 18:11:28 -07:00
Seth Schoen	f62db4d807	implement everything except cn, san, and issue	2012-05-31 16:48:36 -07:00
Seth Schoen	622b92ef89	Merge branch 'master' of ssh://github.com/research/chocolate	2012-05-31 15:45:13 -07:00
Peter Eckersley	4fee71d647	A toy CA we can mess about with	2012-05-31 15:23:19 -07:00
Seth Schoen	ee2e183834	actually timestamp is an integer, not string	2012-05-31 15:06:13 -07:00
Seth Schoen	7aceaba6f0	some reorganization and a start toward processing requests	2012-05-31 13:22:33 -07:00
Seth Schoen	da47a260bc	add make_request() to help prepare signing requests	2012-05-31 13:22:15 -07:00
Seth Schoen	14d73231c0	add CSR.py	2012-05-31 13:22:05 -07:00
Seth Schoen	d178377b6f	import tempfile	2012-05-31 12:42:22 -07:00
Seth Schoen	d244412d94	notion of can_sign()	2012-05-31 12:34:47 -07:00
Seth Schoen	7c9d46dba5	now there will be lots of .pyc files	2012-05-31 12:30:30 -07:00
Seth Schoen	966e3a591f	we are going to need to use OpenSSL for a lot of stuff	2012-05-31 12:30:02 -07:00
Seth Schoen	64786a0563	we need to think more about multiplicity!	2012-05-31 12:02:48 -07:00
Seth Schoen	ff1fd81679	successful timeout and failure of sessions	2012-05-30 17:38:48 -07:00
Seth Schoen	25c41b655e	ExistingCertificate failure type	2012-05-29 17:17:32 -07:00
Seth Schoen	e243bb6bdf	session creation and (super-non-concurrency friendly) tracking	2012-05-29 17:15:28 -07:00
Seth Schoen	bf157ecd5d	add session identifiers	2012-05-29 17:14:08 -07:00
Seth Schoen	218423f909	but set text/plain in debug mode	2012-05-28 11:09:19 -07:00
Seth Schoen	c607c0adbf	send application/x-protobuf instead of text/html	2012-05-28 11:04:23 -07:00
Seth Schoen	9ab1d41ea5	signing requests should be relative to a specified CA	2012-05-27 23:50:14 -07:00
Seth Schoen	b70d4c8215	initial checkin of client and server that can talk to each other!	2012-05-27 23:14:55 -07:00
Seth Schoen	6dcfdcecda	making sure that I can push to this repository	2012-05-27 22:50:27 -07:00
Peter Eckersley	820e3f035e	Docs	2012-05-17 13:08:39 -07:00
Peter Eckersley	a07e36e1d1	Create some directory structure.	2012-05-17 11:50:10 -07:00