upstream/certbot
1
0
Fork 0
mirror of https://github.com/certbot/certbot.git synced 2026-04-27 00:59:12 -04:00
Code Issues Projects Releases Packages Wiki Activity Actions 1
337 commits 864 branches 155 tags 127 MiB
Commit graph

123 commits

Author SHA1 Message Date
Seth Schoen
f212aa207c fix typo on format string 2012-08-13 00:55:36 -07:00
Seth Schoen
41b59fbc91 improving logging again 2012-08-13 00:52:31 -07:00
Seth Schoen
2d1ca6bf6f show what names the cert was issued for 2012-08-13 00:47:48 -07:00
Seth Schoen
4847670654 even nicer logging :-) 2012-08-13 00:42:06 -07:00
Seth Schoen
57a48d1c1d balance parens 2012-08-13 00:38:38 -07:00
Seth Schoen
ae0e4a422a try to failure reason textual instead of numeric 2012-08-13 00:36:32 -07:00
Seth Schoen
d03bc6f8ea add space after comma for prettier logs 2012-08-13 00:25:57 -07:00
Seth Schoen
6e897496b3 use pubsub for logging! 2012-08-13 00:16:38 -07:00
Seth Schoen
34e3e27a6e use abbreviated session IDs in logging for readability 2012-08-12 23:42:24 -07:00
Seth Schoen
036e7f3bed fix typo 2012-08-12 23:32:47 -07:00
Seth Schoen
4a892b0e02 more logging including client IP address 2012-08-12 23:31:32 -07:00
Seth Schoen
8cda7066b4 make logging clearer to read 2012-08-12 23:22:35 -07:00
Seth Schoen
24f4e065e5 lowercase names and remove duplicates 2012-08-12 18:49:26 -07:00
Seth Schoen
d10434974a check wildcards in Observatory 2012-08-12 18:32:16 -07:00
Faidon Liambotis
b8d3aab7a5 Move protocol and client into Python modules 
Shuffle files around in an initial attempt of creating trustify,
trustify.protocol and trustify.client Python modules. The reference
implemntation of the server remains where it was for now.
 2012-08-12 07:49:45 +03:00
Seth Schoen
8b082f9fde evidently, current best practice is to include ALL DNS names, including the primary name, as SANs 2012-08-10 16:26:25 -07:00
Seth Schoen
12ef7489ec output the name that we're doing the test for 2012-08-10 10:41:29 -07:00
Seth Schoen
f3d1b4b996 fix logic to not test ancientness of nonexistent sessions 2012-08-10 10:18:35 -07:00
Seth Schoen
f449f538dd upstream changed API :-) 2012-08-09 17:41:38 -07:00
Seth Schoen
c9cc928dc4 implement Observatory blacklist 2012-08-09 14:20:18 -07:00
Seth Schoen
c6453513b6 switch to Peter's round-robin scheduling approach 2012-08-08 17:30:44 -07:00
James Kasten
c1e3da6395 Merge branch 'master' of github.com:research/chocolate 2012-08-08 17:02:38 -04:00
James Kasten
0bd5bf57d5 Added check to see if certificate exists 2012-08-08 17:01:54 -04:00
Seth Schoen
c4c8bd04f9 argh, ugly hack for problem of stale requests poisoning queues 2012-08-08 13:41:15 -07:00
Peter Eckersley
84eb5058c6 Disable raw IPv6 addresses by default 
(they're scarier than I thought, and a bit dangerous in Web and maybe Windows
shell contexts)
 2012-08-06 15:27:05 -07:00
James Kasten
fc56a875d0 Added code to auto-configure the Apache server for SNI challenges 2012-08-01 19:31:21 -04:00
James Kasten
91907b1264 Slight update to README 2012-08-01 14:23:25 -04:00
Seth Schoen
c75f154bd6 have daemon send a pubsub message to itself to achieve prompt clean shutdowns 2012-07-20 23:54:58 -07:00
Seth Schoen
7ee2b9ef21 note priority inversion bug is now somewhat less severe 2012-07-20 18:47:29 -07:00
Seth Schoen
2ba0eae5d6 support for distributing certificate chain file 2012-07-20 18:37:47 -07:00
Seth Schoen
cb5922edd8 switch to pubsub mechanism instead of polling 2012-07-20 16:48:10 -07:00
Seth Schoen
d02883ca38 add field for certficate chain 2012-07-20 16:43:42 -07:00
Seth Schoen
8db37e5501 add cert_chain_file config option 2012-07-20 16:43:18 -07:00
Seth Schoen
06357addf0 min_key_size → min_keysize 2012-07-19 23:22:52 -07:00
Seth Schoen
90f4b4daeb move configuratoin parameters into config file; add extra sanity checks 2012-07-19 23:19:39 -07:00
Seth Schoen
6f5d15cddf whoops, the past is the past, not the future 2012-07-18 22:28:41 -07:00
Seth Schoen
c117582ece drop privileges and use external hashcash binary again 2012-07-18 22:25:23 -07:00
Seth Schoen
1e17b222ab document priority inversion bug 2012-07-18 19:38:00 -07:00
Seth Schoen
707dedbd9b add verification probe via Tor 2012-07-18 18:43:23 -07:00
Seth Schoen
bb0c4bf316 notes on future blacklist import speedups 2012-07-18 17:08:35 -07:00
Seth Schoen
df97026c72 Python hashcash minting is slow, so only generate 20 bits for now 2012-07-18 15:07:17 -07:00
Eric Wustrow
4b5ba56a2d check expiry in hashcash 2012-07-17 22:51:53 -04:00
Eric Wustrow
cf45b233f7 sorry, this one adds the previous commit about hashcash being dangerous...previous adds a symlink so clients can use it...grrr git is a mess within a mess 2012-07-17 21:11:38 -04:00
Seth Schoen
e857154682 updated modulus blacklisting stuff 2012-07-17 00:33:45 -07:00
Seth Schoen
1b88b67544 use C language hashcash program to generate cash from client 2012-07-16 19:25:27 -07:00
Seth Schoen
ac0defac00 remove client-side dependency on CSR.py 2012-07-16 15:11:10 -07:00
Seth Schoen
e70424dd4a database-backed blacklisting of moduli and names 2012-07-16 15:02:07 -07:00
Seth Schoen
acd5a77fc3 make the process faster by reducing delay times 2012-07-15 16:37:39 -07:00
Seth Schoen
f07275a99d another comment on locking 2012-07-15 16:33:23 -07:00
Seth Schoen
ad71e39d31 simplify by removing hashes of random numbers 
There may be circumstances where hashing random numbers might be
useful, but in order to justify it we would need to know something
about the generator that provides them.  However, checking with
strace shows that the CSPRNG in Crypto.Random may not reseed its
entropy enough, so we might ultimately want to use a different one.
It only reseeds 8 bytes per call even if you read megabytes of
random numbers from it!
 2012-07-15 16:16:28 -07:00