Commit graph

115 commits

Author SHA1 Message Date
xenolf
00af84d91b Close response body in getIssuerCertificate 2015-12-21 02:44:25 +01:00
xenolf
136cc73ff8 Move call to ObtainSANCertificate 2015-12-18 17:55:43 +01:00
xenolf
5930ea52f0 lib: make renew aware of SAN 2015-12-18 17:55:43 +01:00
xenolf
c13968859a tweak log messages a bit 2015-12-15 21:21:12 +01:00
xenolf
a23289899c Fix typo 2015-12-07 16:58:01 +01:00
xenolf
54e96f6fc5 Document that ObtainSANCertificate will never return a partial certificate on error. 2015-12-07 16:51:28 +01:00
Tommie Gannert
e32b9abfb2 Remove ObtainCertificates and rename ObtainSANCertificate to ObtainCertificate.
Also removes revokation abilities from RenewCertificate.

Makes the API more orthogonal. These things are not provided by the
ACME protocol, but were convenience helpers.
2015-12-05 22:07:12 +00:00
Tommie Gannert
71624f607a Replace exponential back-off in validate with Retry-After header.
Last paragraph of ACME spec, section 6.5:

  To check on the status of an authorization, the client sends a GET
  request to the authorization URI, and the server responds with the
  current authorization object.  In responding to poll requests while
  the validation is still in progress, the server MUST return a 202
  (Accepted) response with a Retry-After header field.
2015-12-05 21:32:53 +00:00
Tommie Gannert
b2c88d7a5d Make solvers configurable.
Allows selecting which solvers are available, and specifying options for them.
2015-12-05 21:01:08 +00:00
Tommie Gannert
039b7c50dc Use postJSON and getJSON wherever possible.
Encapsulates JSON marshalling.
2015-12-05 15:59:15 +00:00
Tommie Gannert
2dc2fdd1af Split off tests for validate, simplifying HTTP-01 and TLS-SNI-01 tests. 2015-12-05 15:09:29 +00:00
Tommie Gannert
58a2fd2267 Split off validation function.
This is a loop that interacts with the ACME server, not the individual challenges.

Also switch to exponential back-off polling for good measure.
2015-12-05 11:52:24 +00:00
xenolf
22622438fd Implement TLS-SNI-01 to match Boulder. Not spec conform. 2015-11-22 19:31:16 +01:00
Matthew Holt
974f2fa929 Don't try appending /directory to caURL (spec doesn't require it)
Also improved some comments/docs and fixed a test
2015-11-20 12:01:06 -07:00
xenolf
f2389fda58 Remove simpleHTTP - Update README 2015-11-18 22:17:02 +01:00
xenolf
7662cbcec5 Merge pull request #30 from xenolf/add-san-cert
Add SAN certificates - fix #20
2015-11-18 22:07:54 +01:00
xenolf
f41ed4f9de Remove unneeded function 2015-11-18 21:41:27 +01:00
xenolf
caba7ddee7 Add comment to ObtainSANCertificate 2015-11-18 19:53:42 +01:00
xenolf
3be490f6cb Change how challenge order is preserved as suggested by @zakjan 2015-11-18 19:44:47 +01:00
xenolf
b9ba9e58b3 Return the right error 2015-11-17 23:07:13 +01:00
xenolf
6671fd137c Make sure the challenges do not get re-ordered for SAN certs 2015-11-17 22:22:25 +01:00
xenolf
c849ca1b90 If any challenge fails - return an error 2015-11-17 19:45:15 +01:00
xenolf
83dc16fa5e Add the http-01 challenge to the list of solvers 2015-11-12 22:32:27 +01:00
xenolf
3409740d33 Fix nonce starvation bug in SimpleHTTP - fix tests 2015-11-12 02:55:28 +01:00
xenolf
b958bd2da4 Make the CA URL accept /directory. #23 2015-11-11 13:51:03 +01:00
xenolf
27a8cff3c6 Initial support for SAN certificates 2015-11-11 01:01:15 +01:00
Matthew Holt
10f2b59add Removed unused functions, more consistent/readable debugging 2015-11-06 23:22:32 -07:00
Matthew Holt
6f9e487d7d Make acme.Logger optional; otherwise use standard log.Logger
Also fixed lil' vet warning
2015-11-05 23:43:42 -07:00
xenolf
a2867a0c18 Add TOSError and change ObtainCertificates to return errors by domain. 2015-11-02 01:01:00 +01:00
xenolf
ee2c7f3ad7 Library support for optional email 2015-10-31 00:12:12 +01:00
xenolf
3842dc6432 Forward server error messages to the caller
Fixes #18.
2015-10-29 01:42:05 +01:00
Matthew Holt
56d50cebd8 Replaced fatal with print; return errors from NewClient 2015-10-27 17:00:42 -06:00
xenolf
8b16d59831 Remove devMode from library and cli. 2015-10-26 00:47:37 +01:00
xenolf
8d31bb0123 Remove challenge pre-checks.
We won't ever be able to do this properly for all possible scenarios.
2015-10-26 00:40:11 +01:00
xenolf
537a0b74fd Update client.go 2015-10-25 23:37:26 +01:00
xenolf
2afea79309 Fix cert bundle order 2015-10-24 04:31:12 +02:00
xenolf
51a95ee548 Add initial support for certificate bundling 2015-10-24 03:55:18 +02:00
xenolf
4d99c9e543 Support for RecoveryKey (not enabled). But not supported server side... 2015-10-23 16:24:02 +02:00
xenolf
3ddf33c8c3 Change name of AgreeToTos to AgreeToTOS.
According to https://github.com/golang/go/wiki/CodeReviewComments#initialisms
2015-10-23 10:17:51 +02:00
Matthew Holt
5efb56a1d4 Fix file descriptor leaks 2015-10-21 22:16:36 -06:00
xenolf
e74d5d4586 Make cert revocation on renewal optional. Also change signature of renew. 2015-10-19 03:20:41 +02:00
xenolf
0cd31861d3 Implement renewal. Fixes #7 2015-10-19 00:42:04 +02:00
xenolf
10b0192255 Fix goroutine leak.
Fixes #10
Tired coding is bad for you, mkay?
2015-10-18 17:27:59 +02:00
xenolf
7f6f790253 Wrap []byte for DER certificates in its own type. 2015-10-18 03:29:26 +02:00
xenolf
dcdcde03aa Certificates are PEM encoded by default now 2015-10-18 03:10:46 +02:00
xenolf
caa6e78289 Clean some stuff up and refactor getCerts for some concurrency. 2015-10-18 02:16:15 +02:00
xenolf
b49f37d920 Add a dev flag for skipping challenge pre-checks 2015-10-18 01:57:46 +02:00
xenolf
b3035b16b5 Support for cert revocation 2015-09-27 14:51:44 +02:00
xenolf
e5f6f4c4a3 Changed the client to pull the urls down from the directory on the CA server.
CA Url now needs to point to the root of the CA
2015-09-26 22:59:16 +02:00
xenolf
37b20117bf Update everything to work with the latest boulder updates. 2015-09-26 19:45:52 +02:00
xenolf
98e23bab07 Make solvers private + remove random from crypto tests 2015-06-14 02:33:21 +02:00
xenolf
fcd0fba9c7 Add a basic execution check to SimpleHTTP 2015-06-13 18:37:30 +02:00
xenolf
6ca96fc99d More comments 2015-06-13 04:50:36 +02:00
xenolf
1ceebb72a2 Add Authorizations to CSR request message 2015-06-13 04:10:32 +02:00
xenolf
a2d9bf4cc3 Initial version of the SimpleHTTPS challenge 2015-06-13 03:55:53 +02:00
xenolf
8f992218b9 Allow the user to override the challenge port. Enables running as non-root. 2015-06-13 00:16:49 +02:00
xenolf
84c2bceade Add initial implementation for challenge choosing 2015-06-12 00:15:13 +02:00
xenolf
2b99a75aff Change solver interface definition 2015-06-12 00:14:33 +02:00
xenolf
e600438aeb Extract JWS to its own struct 2015-06-12 00:13:43 +02:00
xenolf
bcdc00add6 change solver.solve definition 2015-06-11 16:09:53 +02:00
xenolf
7f7e96097b Rename challengeHandler to solver 2015-06-11 15:31:09 +02:00
xenolf
811c68692c Add solvers to client 2015-06-11 01:11:14 +02:00
xenolf
a09886b577 Add challengeHandler interface 2015-06-10 15:11:01 +02:00
xenolf
7aab5562c1 Move CLI handlers to their own file
Implement Tos accept and start obtain certificates
2015-06-08 23:54:15 +02:00
xenolf
ea47f1137a Base implementation with registration support 2015-06-08 02:36:07 +02:00