certbot

mirror of https://github.com/certbot/certbot.git synced 2026-01-26 07:41:33 +03:00

Files

orangepizza 52e207a404 add ip address support to certbot/acme lib (2021 ver) (#8904 )

* add ip address support to acme saving

* remove client-site check for ip address

* using right prefix for san parsing

* remove type hint for backward compatibility

* remove bare ip blocking check from main_test

* upppercase

* lint tix

* add additional tests for new IP support

* support for ipv6 bare address

* make apache and nginx plugin raise error for certs with ip address

* linting

* add pem file's last newline char

* gen_ss_cert ip support and comment fixup

* fix test coverage

* indent fix and assetTrue to assetIN

* indent mistake, made a note where class end

* acme lib now receive IPs as separate list

* fix typos

* type 2

* fix tests

* Deny IP address on certbot/certbot side as LE don't support it

* remove excess empty line to rerun tox

* comment indent and typo fix

Apply suggestions from code review

Co-authored-by: Brad Warren <bmw@users.noreply.github.com>

* trim unused functions

* trim unused import

* make raw san list extraction as separate function

* Apply suggestions from code review

mostly comment suggestions here

Co-authored-by: Brad Warren <bmw@users.noreply.github.com>

* apply patches suggested on review.

* remove excessive empty lines

* update CHANGELOG.md

* added acme lib update about ipaddress support in CHANGELOG.md

Co-authored-by: Brad Warren <bmw@users.noreply.github.com>

2021-08-27 06:47:01 -07:00

cert-100sans.pem

Refactor tests out of packaged module for acme plugin (#7600 )

2019-11-26 15:25:41 -08:00

cert-idnsans.pem

Refactor tests out of packaged module for acme plugin (#7600 )

2019-11-26 15:25:41 -08:00

cert-ipsans.pem

add ip address support to certbot/acme lib (2021 ver) (#8904 )

2021-08-27 06:47:01 -07:00

cert-ipv6sans.pem

add ip address support to certbot/acme lib (2021 ver) (#8904 )

2021-08-27 06:47:01 -07:00

cert-nocn.der

Refactor tests out of packaged module for acme plugin (#7600 )

2019-11-26 15:25:41 -08:00

cert-san.pem

Refactor tests out of packaged module for acme plugin (#7600 )

2019-11-26 15:25:41 -08:00

cert.der

Refactor tests out of packaged module for acme plugin (#7600 )

2019-11-26 15:25:41 -08:00

cert.pem

Refactor tests out of packaged module for acme plugin (#7600 )

2019-11-26 15:25:41 -08:00

critical-san.pem

Refactor tests out of packaged module for acme plugin (#7600 )

2019-11-26 15:25:41 -08:00

csr-6sans.pem

Refactor tests out of packaged module for acme plugin (#7600 )

2019-11-26 15:25:41 -08:00

csr-100sans.pem

Refactor tests out of packaged module for acme plugin (#7600 )

2019-11-26 15:25:41 -08:00

csr-idnsans.pem

Refactor tests out of packaged module for acme plugin (#7600 )

2019-11-26 15:25:41 -08:00

csr-ipsans.pem

add ip address support to certbot/acme lib (2021 ver) (#8904 )

2021-08-27 06:47:01 -07:00

csr-ipv6sans.pem

add ip address support to certbot/acme lib (2021 ver) (#8904 )

2021-08-27 06:47:01 -07:00

csr-mixed.pem

add ip address support to certbot/acme lib (2021 ver) (#8904 )

2021-08-27 06:47:01 -07:00

csr-nosans.pem

Refactor tests out of packaged module for acme plugin (#7600 )

2019-11-26 15:25:41 -08:00

csr-san.pem

Refactor tests out of packaged module for acme plugin (#7600 )

2019-11-26 15:25:41 -08:00

csr.der

Refactor tests out of packaged module for acme plugin (#7600 )

2019-11-26 15:25:41 -08:00

csr.pem

Refactor tests out of packaged module for acme plugin (#7600 )

2019-11-26 15:25:41 -08:00

dsa512_key.pem

Refactor tests out of packaged module for acme plugin (#7600 )

2019-11-26 15:25:41 -08:00

README

Fix TLS-ALPN tests with newer versions of OpenSSL (#8026 )

2020-06-01 15:18:38 -07:00

rsa256_key.pem

Refactor tests out of packaged module for acme plugin (#7600 )

2019-11-26 15:25:41 -08:00

rsa512_key.pem

Refactor tests out of packaged module for acme plugin (#7600 )

2019-11-26 15:25:41 -08:00

rsa1024_cert.pem

Reimplement tls-alpn-01 in acme (#6886 )

2020-03-12 13:53:19 -07:00

rsa1024_key.pem

Refactor tests out of packaged module for acme plugin (#7600 )

2019-11-26 15:25:41 -08:00

rsa2048_cert.pem

Refactor tests out of packaged module for acme plugin (#7600 )

2019-11-26 15:25:41 -08:00

rsa2048_key.pem

Refactor tests out of packaged module for acme plugin (#7600 )

2019-11-26 15:25:41 -08:00

rsa4096_cert.pem

Fix TLS-ALPN tests with newer versions of OpenSSL (#8026 )

2020-06-01 15:18:38 -07:00

rsa4096_key.pem

Fix TLS-ALPN tests with newer versions of OpenSSL (#8026 )

2020-06-01 15:18:38 -07:00

README

In order for acme.test_util._guess_loader to work properly, make sure
to use appropriate extension for vector filenames: .pem for PEM and
.der for DER.

The following command has been used to generate test keys:

  for k in 256 512 1024 2048 4096; do openssl genrsa -out rsa${k}_key.pem $k; done

and for the CSR:

  openssl req -key rsa2048_key.pem -new -subj '/CN=example.com' -outform DER > csr.der

and for the certificates:

  openssl req -key rsa2048_key.pem -new -subj '/CN=example.com' -x509 -outform DER > cert.der
  openssl req -key rsa2048_key.pem -new -subj '/CN=example.com' -x509 > rsa2048_cert.pem
  openssl req -key rsa1024_key.pem -new -subj '/CN=example.com' -x509 > rsa1024_cert.pem