alexvanin/lego
1
0
Fork 0
forked from TrueCloudLab/lego
Code Pull requests Activity

refactor: clean residual TLS challenge data.

Browse source
This commit is contained in:
Fernandez Ludovic 2018-05-28 13:29:40 +02:00 committed by Ludovic Fernandez
parent ff6a346e5a
commit 1f0c69adc5
3 changed files with 4 additions and 20 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

8
README.md
View file

@ -37,7 +37,6 @@ yaourt -S lego-git
- Revoke certificates - Revoke certificates
- Robust implementation of all ACME challenges - Robust implementation of all ACME challenges
- HTTP (http-01) - HTTP (http-01)
- TLS with Server Name Indication (tls-sni-01)
- DNS (dns-01) - DNS (dns-01)
- SAN certificate support - SAN certificate support
- Comes with multiple optional [DNS providers](https://github.com/xenolf/lego/tree/master/providers/dns) - Comes with multiple optional [DNS providers](https://github.com/xenolf/lego/tree/master/providers/dns)
@ -100,15 +99,14 @@ GLOBAL OPTIONS:
--accept-tos, -a By setting this flag to true you indicate that you accept the current Let's Encrypt terms of service. --accept-tos, -a By setting this flag to true you indicate that you accept the current Let's Encrypt terms of service.
--key-type value, -k value Key type to use for private keys. Supported: rsa2048, rsa4096, rsa8192, ec256, ec384 (default: "rsa2048") --key-type value, -k value Key type to use for private keys. Supported: rsa2048, rsa4096, rsa8192, ec256, ec384 (default: "rsa2048")
--path value Directory to use for storing the data (default: "/.lego") --path value Directory to use for storing the data (default: "/.lego")
--exclude value, -x value Explicitly disallow solvers by name from being used. Solvers: "http-01", "tls-sni-01". --exclude value, -x value Explicitly disallow solvers by name from being used. Solvers: "http-01", "dns-01",.
--webroot value Set the webroot folder to use for HTTP based challenges to write directly in a file in .well-known/acme-challenge --webroot value Set the webroot folder to use for HTTP based challenges to write directly in a file in .well-known/acme-challenge
--memcached-host value Set the memcached host(s) to use for HTTP based challenges. Challenges will be written to all specified hosts. --memcached-host value Set the memcached host(s) to use for HTTP based challenges. Challenges will be written to all specified hosts.
--http value Set the port and interface to use for HTTP based challenges to listen on. Supported: interface:port or :port --http value Set the port and interface to use for HTTP based challenges to listen on. Supported: interface:port or :port
--tls value Set the port and interface to use for TLS based challenges to listen on. Supported: interface:port or :port
--dns value Solve a DNS challenge using the specified provider. Disables all other challenges. Run 'lego dnshelp' for help on usage. --dns value Solve a DNS challenge using the specified provider. Disables all other challenges. Run 'lego dnshelp' for help on usage.
--http-timeout value Set the HTTP timeout value to a specific value in seconds. The default is 10 seconds. (default: 0) --http-timeout value Set the HTTP timeout value to a specific value in seconds. The default is 10 seconds. (default: 0)
--dns-timeout value Set the DNS timeout value to a specific value in seconds. The default is 10 seconds. (default: 0) --dns-timeout value Set the DNS timeout value to a specific value in seconds. The default is 10 seconds. (default: 0)
--dns-resolvers value Set the resolvers to use for performing recursive DNS queries. Supported: host:port. The default is to use Google's DNS resolvers. --dns-resolvers value Set the resolvers to use for performing recursive DNS queries. Supported: host:port. The default is to use the system resolvers, or Google's DNS resolvers if the system's cannot be determined.
--pem Generate a .pem file by concatanating the .key and .crt files together. --pem Generate a .pem file by concatanating the .key and .crt files together.
--help, -h show help --help, -h show help
--version, -v print the version --version, -v print the version
@ -145,7 +143,7 @@ Obtain a certificate using the DNS challenge and AWS Route 53:
$ AWS_REGION=us-east-1 AWS_ACCESS_KEY_ID=my_id AWS_SECRET_ACCESS_KEY=my_key lego --email="foo@bar.com" --domains="example.com" --dns="route53" run $ AWS_REGION=us-east-1 AWS_ACCESS_KEY_ID=my_id AWS_SECRET_ACCESS_KEY=my_key lego --email="foo@bar.com" --domains="example.com" --dns="route53" run
``` ```
Note that `--dns=foo` implies `--exclude=http-01` and `--exclude=tls-sni-01`. lego will not attempt other challenges if you've told it to use DNS instead. Note that `--dns=foo` implies `--exclude=http-01`. lego will not attempt other challenges if you've told it to use DNS instead.
Obtain a certificate given a certificate signing request (CSR) generated by something else: Obtain a certificate given a certificate signing request (CSR) generated by something else:

14
acme/client_test.go
View file

@ -103,20 +103,6 @@ func TestClientOptPort(t *testing.T) {
t.Errorf("Expected http-01 to have iface %s but was %s", optHost, got) t.Errorf("Expected http-01 to have iface %s but was %s", optHost, got)
} }
/* httpsSolver, ok := client.solvers[TLSSNI01].(*tlsSNIChallenge)
if !ok {
t.Fatal("Expected tls-sni-01 solver to be httpChallenge type")
}
if httpsSolver.jws != client.jws {
t.Error("Expected tls-sni-01 to have same jws as client")
}
if got := httpsSolver.provider.(*TLSProviderServer).port; got != optPort {
t.Errorf("Expected tls-sni-01 to have port %s but was %s", optPort, got)
}
if got := httpsSolver.provider.(*TLSProviderServer).iface; got != optHost {
t.Errorf("Expected tls-sni-01 to have port %s but was %s", optHost, got)
} */
// test setting different host // test setting different host
optHost = "127.0.0.1" optHost = "127.0.0.1"
client.SetHTTPAddress(net.JoinHostPort(optHost, optPort)) client.SetHTTPAddress(net.JoinHostPort(optHost, optPort))

2
cli.go
View file

@ -141,7 +141,7 @@ func main() {
}, },
cli.StringSliceFlag{ cli.StringSliceFlag{
Name: "exclude, x", Name: "exclude, x",
Usage: "Explicitly disallow solvers by name from being used. Solvers: \"http-01\", \"tls-sni-01\", \"dns-01\",.", Usage: "Explicitly disallow solvers by name from being used. Solvers: \"http-01\", \"dns-01\".",
}, },
cli.StringFlag{ cli.StringFlag{
Name: "webroot", Name: "webroot",