Commit graph

9 commits

Author SHA1 Message Date
Matthew Holt
971541dc0a Use http client with timeout of 10s
This will prevent indefinitely-hanging requests in case some service or middle box is malfunctioning.

Fix vet errors and lint warnings

Add vet to CI check

Only get issuer certificate if it would be used

No need to make a GET request if the OCSP server is not specified in leaf certificate

Fix CI tests

Make tests verbose
2016-02-14 14:33:54 -07:00
xenolf
ba64faa4e1 Merge pull request #116 from janeczku/dns-check
Refactor DNS check
2016-02-11 02:50:28 +01:00
Jan Broer
c97b5a52a1 Refactor DNS check
* Gets a list of all authoritative nameservers by looking up the NS RRs for the root domain (zone apex)
* Verifies that the expected TXT record exists on all nameservers before sending off the challenge to ACME server
2016-02-09 05:23:58 +01:00
Will Glynn
13e01e1751 Add support for additional AWS authentication sources
AWS client tools commonly support passing credentials via
`AWS_ACCESS_KEY_ID` + `AWS_SECRET_ACCESS_KEY`, but supporting only this is
insufficient. For example, access key IDs provided by STS require passing in
`AWS_SECURITY_TOKEN` as a third value, and EC2 instances are often provided
dynamic credentials at runtime via the EC2 metadata service.

This changeset makes `lego` attempt to find credentials in the same way that
the `aws` CLI tool attempts to find credentials. The result is even less
auth code than before because `goamz` provides all this with `aws.GetAuth()`.
2016-02-06 18:38:40 -06:00
Jan Broer
bae7428c08 Fixes issues with the Present() method of Route53 provider:
- InvalidTXTRDATA error when creating TXT record (closes #94)
- Present() should poll and wait until the status of the record change becomes INSYNC (thanks @oov)

Adds a retry/timeout utility function to dns_challenge.go that may be used in other places
2016-02-04 00:34:52 +01:00
Jehiah Czebotar
617dd4d37c Refactor challenge providers to new ChallengeProvider interface
* new ChallengeProvider with Present and CleanUp methods
* new Challenge type describing `http-01`, `tls-sni-01`, `dns-01`
* new client.SetChallengeProvider to support custom implementations
2016-01-24 16:10:50 -05:00
Jan Broer
323bb88640 Fetch remaining zones when response is truncated.
Route53 API won’t return more than 100 zones per request.
2016-01-22 18:50:18 +01:00
xenolf
50be32a69e Change maximum zone number requested from Route53 to Math.MaxInt32 from MaxInt64.
Fixes #79.
2016-01-22 18:18:53 +01:00
Jan Broer
666698cea3 Modular DNS challenge
- Manual provider
- Dynamic DNS Update provider (RFC2136)
- Route53 provider
- CloudFlare provider
2015-12-10 18:35:35 +01:00