Pauline Middelink
4945919c69
- Moved findZone from rfc2136 to dns_challenge.go and renamed to findZoneByFqdn
...
- Reworked the code in dns_challenge.go to not assume nameserver is
port-less or defaults to 53. (messes up testing)
- Updated nameserver test to clear the fqdn2zone cache and return a dummy
SOA RR to make initial findZoneByFqdn call happy.
- Used publicsuffix library to determine if the "authorative" zone we found
is a public registry, in that case error out. (Also used by boulder btw)
2016-02-28 21:09:05 +01:00
Pauline Middelink
bc5c3b53e1
Merge remote-tracking branch 'upstream/master' into issue-140-multi-zone-certs
...
Conflicts solved:
README.md
cli.go
2016-02-28 15:42:09 +01:00
xenolf
e316284682
Merge pull request #139 from middelink/master
...
Some small textual fixes and adding a flag to supress bundle creation.
2016-02-28 07:10:08 +01:00
Pauline Middelink
e772779caf
Fix for issue/140:
...
- Removal of RFC2136_ZONE from help text
- Query nameserver directly to find zone we have to update
- During insert, make sure the new record is the ONLY challence.
(I had a few panics, hence 3 challences left. Not good.)
2016-02-28 01:08:59 +01:00
Pauline Middelink
b5e0b91c05
Merge remote-tracking branch 'upstream/master'
2016-02-27 17:47:25 +01:00
Pauline Middelink
3b56b5a3e2
As per request, renamed nobundle to no-bundle to be more in line with the other multi word switches.
2016-02-27 10:46:13 +01:00
xenolf
fcd05ae397
Merge pull request #130 from xenolf/add-ecc-support
...
Add EC support
2016-02-27 03:38:12 +01:00
Pauline Middelink
96762fa6ba
Add --nobundle flag to supress the default creation of certificate bundle.
2016-02-26 02:57:16 +01:00
Pauline Middelink
6b0be6de61
Update help+README for missing RFC2136_TSIG_ALGORITHM environment setting.
2016-02-26 02:56:17 +01:00
Pauline Middelink
ec18e5ce07
Unneeded assignment
2016-02-26 02:52:13 +01:00
xenolf
da7dd0f7b8
Remove no longer needed crypto function. ACME spec no longer requires this.
2016-02-21 04:31:02 +01:00
xenolf
c9e1d0a482
Remove keyBits from tests, use keyType instead.
2016-02-21 04:22:03 +01:00
xenolf
a61e41c90e
Fix typo in the constant for the P384 curve.
2016-02-21 04:18:45 +01:00
xenolf
d46b0db199
Fix missing return in loadPrivateKey
2016-02-21 04:18:45 +01:00
xenolf
1f777a0d77
Adapt tests to EC changes
2016-02-21 04:18:45 +01:00
xenolf
0e26bb45ca
Add support for EC certificates / account keys
2016-02-21 04:18:45 +01:00
xenolf
f203a8e336
Fix wrong variables being used in DNSimple test.
2016-02-21 04:14:32 +01:00
xenolf
a4d8c0e6b9
Fix a couple of misspelled words and lint errors.
2016-02-15 03:59:43 +01:00
xenolf
416a63120e
Introduce --agree-tos switch. Fixes #128
2016-02-15 03:51:59 +01:00
xenolf
9fef872cac
Merge pull request #138 from xi2/improve-cli-error-messages
...
CLI: Give helpful error message if --http/--tls is given without colon
2016-02-20 01:43:04 +01:00
Michael Cross
c3abd54dc7
CLI: Give helpful error message if --http/--tls is given without colon
...
Fixes #134
2016-02-20 00:35:47 +00:00
xenolf
7dcfb4a92b
Merge pull request #136 from xi2/fix-handling-of-cnames
...
DNS Challenge: Fix handling of CNAMEs
2016-02-20 01:24:12 +01:00
Michael Cross
06b3802346
DNS Challenge: Fix handling of CNAMEs
...
Prior to this commit, the checkDNSPropagation function was exiting
early if the TXT record could not be found on the recursive
nameserver, and thus the authoritative nameservers were not being
queried until after the record showed up on the recursive nameserver
causing a delay.
This commit changes that behaviour so that the authoritative
nameservers are queried on each execution of checkDNSPropagation when
possible.
2016-02-19 21:44:35 +00:00
xenolf
d17982745f
Merge pull request #137 from xi2/fix-TestCheckAuthoritativeNss-failure-report
...
Fix TestCheckAuthoritativeNss failure report
2016-02-19 18:25:45 +01:00
xenolf
dea896da28
Merge pull request #132 from janeczku/cloudflare-newlib
...
Refactor CloudFlare DNS provider to have no 3rd party dependencies
2016-02-19 18:18:51 +01:00
Michael Cross
fc64f8b99d
DNS Challenge: Fix TestCheckAuthoritativeNss failure report
2016-02-19 10:24:39 +00:00
Jan Broer
453a3d6b3f
Declare own HTTP client
2016-02-18 20:41:27 +01:00
Jan Broer
93cfae053a
Use custom lego user-agent in requests
2016-02-16 18:38:51 +01:00
Jan Broer
d03fb496c0
Refactor CloudFlare provider to have no 3rd party dependencies
2016-02-16 15:50:24 +01:00
xenolf
9900bf675a
Merge pull request #131 from xi2/master
...
Fix small typos in error messages
2016-02-15 18:00:06 +01:00
Michael Cross
78c36ef846
Fix small typos in error messages
2016-02-15 14:18:31 +00:00
xenolf
f1a1e081c8
Merge pull request #127 from xenolf/tweaks
...
Add go vet to the CI checks, fix vet errors and set default HTTP timeout to 10 seconds.
2016-02-15 00:02:11 +01:00
Matthew Holt
971541dc0a
Use http client with timeout of 10s
...
This will prevent indefinitely-hanging requests in case some service or middle box is malfunctioning.
Fix vet errors and lint warnings
Add vet to CI check
Only get issuer certificate if it would be used
No need to make a GET request if the OCSP server is not specified in leaf certificate
Fix CI tests
Make tests verbose
2016-02-14 14:33:54 -07:00
xenolf
a44384f52f
Fix tests for new naming.
2016-02-14 22:07:27 +01:00
xenolf
21de29e902
Take the magic out of defaulting to the Server implementations of HTTP-01 and TLS-SNI-01
2016-02-14 16:57:06 +01:00
xenolf
7475e7f9c2
Move the HTTP-01 and TLS-SNI-01 default solvers to a more unified layout.
...
Made the solvers exported and added New... functions to them.
2016-02-14 16:56:14 +01:00
xenolf
00f13f2da0
Merge pull request #123 from willglynn/dns_provider_implies_dns_challenge
...
--dns=foo means we specifically intend to fulfill a DNS challenge
2016-02-14 02:01:21 +01:00
Will Glynn
3bceed427a
Make the --dns help message more explicit about disabling challenges
2016-02-13 18:42:47 -06:00
Will Glynn
030ba6877a
Document that --dns=provider specifically selects the DNS challenge
2016-02-13 18:31:04 -06:00
Will Glynn
fdc05d2942
--dns=foo means we specifically intend to fulfill a DNS challenge
2016-02-13 18:24:52 -06:00
xenolf
48cf387dd5
Run tests with multiple versions of go.
2016-02-14 01:03:40 +01:00
xenolf
bf66ac9e17
Resolve issue where the route53 tests would take 30secs to complete.
...
The default AWS HTTP client retries three times with a deadline of 10 seconds in order to fetch metadata from EC2. Replaced the default HTTP client with one that does not retry and has a low timeout.
2016-02-14 00:55:03 +01:00
xenolf
01ac49f59a
Merge pull request #101 from pkern/master
...
Allow to customize the TSIG algorithm and allow to omit the DNS port
2016-02-14 00:08:38 +01:00
Philipp Kern
f00f09f19c
Allow to specify RFC2136_NAMESERVER without the port.
...
Append the default DNS port if the nameserver specification does not
contain any.
2016-02-13 18:46:32 +01:00
Philipp Kern
b3d25a9a61
Allow to specify the TSIG algorithm for RFC2136 DNS-01 authentication.
...
Add a new environment variable RFC2136_TSIG_ALGORITHM that accepts the
TSIG algorithm pseudo-domain name. Let it default to
"hmac-md5.sig-alg.reg.int." if unset.
2016-02-13 18:46:28 +01:00
xenolf
f18ec353f1
Add CONTRIBUTING.md
2016-02-12 18:42:43 +01:00
xenolf
ba64faa4e1
Merge pull request #116 from janeczku/dns-check
...
Refactor DNS check
2016-02-11 02:50:28 +01:00
Jan Broer
b594acbc2a
Validation domain may be a CNAME or delegated to another NS
2016-02-10 16:56:50 +01:00
Jan Broer
c97b5a52a1
Refactor DNS check
...
* Gets a list of all authoritative nameservers by looking up the NS RRs for the root domain (zone apex)
* Verifies that the expected TXT record exists on all nameservers before sending off the challenge to ACME server
2016-02-09 05:23:58 +01:00
Matt Holt
0dc1b5b7bf
Merge pull request #113 from willglynn/mention_staging_endpoint
...
Mention the Let's Encrypt staging endpoint in the README
2016-02-08 15:04:02 -07:00