mirror of
https://github.com/certbot/certbot.git
synced 2026-04-03 08:04:57 -04:00
84eb5058c6
(they're scarier than I thought, and a bit dangerous in Web and maybe Windows shell contexts) |
||
|---|---|---|
| .. | ||
| blacklisting | ||
| demoCA | ||
| sni_challenge | ||
| .gitignore | ||
| blacklists.py | ||
| CA.sh | ||
| chocolate.py | ||
| chocolate_protocol.proto | ||
| clear-db.py | ||
| CONFIG.py | ||
| CSR.py | ||
| daemon.py | ||
| hashcash.py | ||
| Makefile | ||
| README | ||
| REDIS | ||
| redis_lock.py | ||
In this directory is a reference CA implementation of the Chocolate protocol,
DV and signing mechanism.
Instead of using "make deploy", we're currently using git pull to deploy this.
This requires restarting lighttpd on the server and ensuring that Redis and
a copy of daemon.py are running there. If the .proto definition has
changed, it also needs to be recompiled on both the server and the client.
chocolate.py - server-side, requires web.py (python-webpy),
PyCrypto (python-crypto) 2.3 (not 2.1!!), redis, python-redis,
python-protobuf, "M3Crypto" (from our own tree) (hence also
build-essential, python-dev, and swig)
probably wants to run under a web server like lighttpd with fastcgi
chocolate_protocol.proto - protocol definition; needs protobuf-compiler
sni_challenge -
Assumes Apache server with name based virtual hosts is running
(for intended address).
Call perform_sni_cert_challenge(address, r, nonce) to verify the
server.
Example code is given in main method
Right now requires full path specification of CSR/KEY in the Global
Variables (how should this be specified?)
requires python-socksipy, tor