xenolf
32a29fd5ad
We have two solvers now
2015-11-22 19:33:26 +01:00
xenolf
775545e2bb
Add tests to TLS-SNI-01
2015-11-22 19:31:16 +01:00
xenolf
22622438fd
Implement TLS-SNI-01 to match Boulder. Not spec conform.
2015-11-22 19:31:16 +01:00
xenolf
e8d64bb50b
WIP TLS-SNI-01
...
[ci skip]
2015-11-22 19:31:16 +01:00
Matthew Holt
974f2fa929
Don't try appending /directory to caURL (spec doesn't require it)
...
Also improved some comments/docs and fixed a test
2015-11-20 12:01:06 -07:00
xenolf
f2389fda58
Remove simpleHTTP - Update README
2015-11-18 22:17:02 +01:00
xenolf
08680d8fcf
Properly name challenge types for http-01 tests
2015-11-18 22:11:47 +01:00
xenolf
7662cbcec5
Merge pull request #30 from xenolf/add-san-cert
...
Add SAN certificates - fix #20
2015-11-18 22:07:54 +01:00
xenolf
f41ed4f9de
Remove unneeded function
2015-11-18 21:41:27 +01:00
xenolf
a8c2a12871
Move back to square/go-jose (reverted from commit cae6d59e19
)
2015-11-18 21:15:49 +01:00
xenolf
cae6d59e19
Move back to square/go-jose
2015-11-18 21:06:45 +01:00
xenolf
caba7ddee7
Add comment to ObtainSANCertificate
2015-11-18 19:53:42 +01:00
xenolf
3be490f6cb
Change how challenge order is preserved as suggested by @zakjan
2015-11-18 19:44:47 +01:00
xenolf
b9ba9e58b3
Return the right error
2015-11-17 23:07:13 +01:00
xenolf
487c8763d5
Revert adding locks to jws - not in scope of this branch
2015-11-17 22:36:25 +01:00
xenolf
6671fd137c
Make sure the challenges do not get re-ordered for SAN certs
2015-11-17 22:22:25 +01:00
xenolf
c849ca1b90
If any challenge fails - return an error
2015-11-17 19:45:15 +01:00
xenolf
cce3d79fc9
Add DNS-01
2015-11-17 00:05:01 +01:00
xenolf
dd3d2d5668
Demote challenge lookup failures to infos
2015-11-17 00:05:01 +01:00
xenolf
17576f0626
Update README & Extract KeyAuthorizations from HTTP-01
2015-11-16 23:57:04 +01:00
Jan Zak
5f566d2e0c
Add JSON tags to RegistrationResource as used in official client
2015-11-13 20:20:15 +01:00
xenolf
9ee93e8428
Add tests for http-01
2015-11-12 23:51:07 +01:00
xenolf
f29debf702
Adjust client tests to new solver count
2015-11-12 22:51:12 +01:00
xenolf
94caca08d8
correctly fix go1.5 dependency
2015-11-12 22:49:02 +01:00
xenolf
87e9f08cfa
Replace code which needs go1.5
2015-11-12 22:33:00 +01:00
xenolf
83dc16fa5e
Add the http-01 challenge to the list of solvers
2015-11-12 22:32:27 +01:00
xenolf
ba66756d4e
Initial work on HTTP-01
2015-11-12 21:42:57 +01:00
xenolf
3409740d33
Fix nonce starvation bug in SimpleHTTP - fix tests
2015-11-12 02:55:28 +01:00
xenolf
998a8325aa
Move back to square/go-jose
2015-11-12 02:06:22 +01:00
xenolf
b958bd2da4
Make the CA URL accept /directory. #23
2015-11-11 13:51:03 +01:00
xenolf
27a8cff3c6
Initial support for SAN certificates
2015-11-11 01:01:15 +01:00
xenolf
f6576e8815
Add locking to JWS nonce store.
2015-11-11 01:00:20 +01:00
xenolf
7717294d9e
Add fallback to SimpleHTTP bind in case domain:port is not bindable.
2015-11-09 18:41:27 +01:00
Matthew Holt
10f2b59add
Removed unused functions, more consistent/readable debugging
2015-11-06 23:22:32 -07:00
Matthew Holt
6f9e487d7d
Make acme.Logger optional; otherwise use standard log.Logger
...
Also fixed lil' vet warning
2015-11-05 23:43:42 -07:00
Matthew Holt
71d0e8db6f
Bind to domain:port to solve simple HTTP
...
This way it doesn't conflict with other processes bound to 0.0.0.0 on the same port. Refactored tests to use 127.0.0.1 instead of a bogus domain, since it must resolve to localhost to pass.
2015-11-03 12:13:20 -07:00
xenolf
3e1a5dc04b
Add hooks to SimpleHTTP
2015-11-03 00:02:47 +01:00
xenolf
a2867a0c18
Add TOSError and change ObtainCertificates to return errors by domain.
2015-11-02 01:01:00 +01:00
xenolf
ee2c7f3ad7
Library support for optional email
2015-10-31 00:12:12 +01:00
Matthew Holt
2c24056374
Close leaky file descriptors
2015-10-30 15:38:59 -06:00
xenolf
38e66cf43a
Fix test regexp
2015-10-30 13:50:02 +01:00
xenolf
f91d853068
Fix test to also match on travis
2015-10-30 13:26:22 +01:00
xenolf
34fe2a5547
Re-organized SimpleHTTPTests and expanded them a bit
2015-10-30 13:13:34 +01:00
xenolf
fc08101f79
Add docs to error
2015-10-30 00:50:03 +01:00
Matthew Holt
f146acc019
fix panic for situation common with self-signed certs
2015-10-28 21:36:02 -06:00
xenolf
3842dc6432
Forward server error messages to the caller
...
Fixes #18 .
2015-10-29 01:42:05 +01:00
xenolf
cf288a3503
Change Content-Type of JWS posts.
...
Fixes #19 .
2015-10-28 23:42:57 +01:00
xenolf
6764e53bbe
Merge pull request #17 from xenolf/errorhandling
...
Replaced fatal with print; return errors from NewClient
2015-10-28 16:26:07 +01:00
Matthew Holt
56d50cebd8
Replaced fatal with print; return errors from NewClient
2015-10-27 17:00:42 -06:00
xenolf
94aeac7b5f
Add the OCSP status code to GetOCSPForCert
2015-10-27 23:55:50 +01:00
xenolf
65b62b5670
Make ocsp validate the signature of a response.
...
OCSP signatures should get validated if no issuer certificate is returned from
the OCSP responder.
2015-10-27 22:31:56 +01:00
xenolf
f2f5117496
Fix client_test
2015-10-26 02:29:02 +01:00
xenolf
8b16d59831
Remove devMode from library and cli.
2015-10-26 00:47:37 +01:00
xenolf
8d31bb0123
Remove challenge pre-checks.
...
We won't ever be able to do this properly for all possible scenarios.
2015-10-26 00:40:11 +01:00
xenolf
537a0b74fd
Update client.go
2015-10-25 23:37:26 +01:00
xenolf
2afea79309
Fix cert bundle order
2015-10-24 04:31:12 +02:00
xenolf
51a95ee548
Add initial support for certificate bundling
2015-10-24 03:55:18 +02:00
xenolf
d6f4e42b13
Add support for getting OCSP responses for OCSPStapling
2015-10-24 03:46:00 +02:00
xenolf
4d99c9e543
Support for RecoveryKey (not enabled). But not supported server side...
2015-10-23 16:24:02 +02:00
xenolf
3ddf33c8c3
Change name of AgreeToTos to AgreeToTOS.
...
According to https://github.com/golang/go/wiki/CodeReviewComments#initialisms
2015-10-23 10:17:51 +02:00
Matthew Holt
5efb56a1d4
Fix file descriptor leaks
2015-10-21 22:16:36 -06:00
xenolf
e74d5d4586
Make cert revocation on renewal optional. Also change signature of renew.
2015-10-19 03:20:41 +02:00
xenolf
0cd31861d3
Implement renewal. Fixes #7
2015-10-19 00:42:04 +02:00
xenolf
29a27ba807
Make CertResources json savable. Fix cli_handlers to use it.
2015-10-19 00:40:59 +02:00
xenolf
dc4125d3cf
Change GetCertExpiration to accept PEM encoded certs.
2015-10-19 00:36:25 +02:00
xenolf
10b0192255
Fix goroutine leak.
...
Fixes #10
Tired coding is bad for you, mkay?
2015-10-18 17:27:59 +02:00
Matt Holt
5d31b0a04c
Fix panic
2015-10-17 20:58:14 -06:00
xenolf
7f6f790253
Wrap []byte for DER certificates in its own type.
2015-10-18 03:29:26 +02:00
xenolf
dcdcde03aa
Certificates are PEM encoded by default now
2015-10-18 03:10:46 +02:00
xenolf
caa6e78289
Clean some stuff up and refactor getCerts for some concurrency.
2015-10-18 02:16:15 +02:00
xenolf
62b4ebe72b
Fix client tests
2015-10-18 02:10:17 +02:00
xenolf
12c04828c1
Move the tests to a different port.
2015-10-18 02:09:19 +02:00
xenolf
b49f37d920
Add a dev flag for skipping challenge pre-checks
2015-10-18 01:57:46 +02:00
xenolf
835927f5d5
Clean-up ugly zero time check
2015-10-18 00:25:46 +02:00
xenolf
3ef08f7413
Add a comment to GetCertExpiration
2015-10-17 22:27:04 +02:00
xenolf
34910bd541
Add a function to check cert expiration dates.
2015-10-16 21:05:16 +02:00
xenolf
b3035b16b5
Support for cert revocation
2015-09-27 14:51:44 +02:00
xenolf
e5f6f4c4a3
Changed the client to pull the urls down from the directory on the CA server.
...
CA Url now needs to point to the root of the CA
2015-09-26 22:59:16 +02:00
xenolf
37b20117bf
Update everything to work with the latest boulder updates.
2015-09-26 19:45:52 +02:00
xenolf
98e23bab07
Make solvers private + remove random from crypto tests
2015-06-14 02:33:21 +02:00
xenolf
076173ef11
Merge pull request #4 from mholt/patch-1
...
Basic tests for crypto wrapper functions
2015-06-13 21:18:33 +02:00
xenolf
e6aaf7e2dd
Program should not exit on bind error, but return the error to get handled
2015-06-13 21:15:34 +02:00
xenolf
2231118fdf
Add SimpleHTTP tests
2015-06-13 21:06:47 +02:00
xenolf
53d7b59d36
Initial SimpleHTTP test
2015-06-13 19:13:04 +02:00
xenolf
fcd0fba9c7
Add a basic execution check to SimpleHTTP
2015-06-13 18:37:30 +02:00
Matt Holt
6b6876d15a
Basic tests for crypto wrapper functions
...
Even though the std lib does the heavy lifting, this should verify (somewhat) that the helper functions are working.
Better tests would involve replacing crypto/rand.Reader with a non-random Reader then comparing the contents to make sure the proper std lib crypto functions were called and their values returned.
2015-06-13 09:53:17 -06:00
Matt Holt
7e12bcd800
Test NewClient
...
Just a simple test to make sure a Client gets set up properly
2015-06-13 09:00:18 -06:00
xenolf
6ca96fc99d
More comments
2015-06-13 04:50:36 +02:00
xenolf
aa818d0515
Some more comments
2015-06-13 04:26:33 +02:00
xenolf
1ceebb72a2
Add Authorizations to CSR request message
2015-06-13 04:10:32 +02:00
xenolf
b04e5a4aac
add crypto.go
2015-06-13 03:57:05 +02:00
xenolf
728646c70e
Implement new interface with DVSNI
2015-06-13 03:56:52 +02:00
xenolf
612033a83a
Flesh out run cli_handler for error handling and saving certificates
2015-06-13 03:56:34 +02:00
xenolf
a2d9bf4cc3
Initial version of the SimpleHTTPS challenge
2015-06-13 03:55:53 +02:00
xenolf
8f992218b9
Allow the user to override the challenge port. Enables running as non-root.
2015-06-13 00:16:49 +02:00
xenolf
84c2bceade
Add initial implementation for challenge choosing
2015-06-12 00:15:13 +02:00
xenolf
2b99a75aff
Change solver interface definition
2015-06-12 00:14:33 +02:00
xenolf
e600438aeb
Extract JWS to its own struct
2015-06-12 00:13:43 +02:00
xenolf
bcdc00add6
change solver.solve definition
2015-06-11 16:09:53 +02:00
xenolf
7f7e96097b
Rename challengeHandler to solver
2015-06-11 15:31:09 +02:00