Commit graph

115 commits

Author SHA1 Message Date
Tommie Gannert
e32b9abfb2 Remove ObtainCertificates and rename ObtainSANCertificate to ObtainCertificate.
Also removes revokation abilities from RenewCertificate.

Makes the API more orthogonal. These things are not provided by the
ACME protocol, but were convenience helpers.
2015-12-05 22:07:12 +00:00
Tommie Gannert
71624f607a Replace exponential back-off in validate with Retry-After header.
Last paragraph of ACME spec, section 6.5:

  To check on the status of an authorization, the client sends a GET
  request to the authorization URI, and the server responds with the
  current authorization object.  In responding to poll requests while
  the validation is still in progress, the server MUST return a 202
  (Accepted) response with a Retry-After header field.
2015-12-05 21:32:53 +00:00
Tommie Gannert
b2c88d7a5d Make solvers configurable.
Allows selecting which solvers are available, and specifying options for them.
2015-12-05 21:01:08 +00:00
Tommie Gannert
039b7c50dc Use postJSON and getJSON wherever possible.
Encapsulates JSON marshalling.
2015-12-05 15:59:15 +00:00
Tommie Gannert
2dc2fdd1af Split off tests for validate, simplifying HTTP-01 and TLS-SNI-01 tests. 2015-12-05 15:09:29 +00:00
Tommie Gannert
bee1326835 Use a local ServeMux in httpChallenge.Solve.
Avoids modifying global state.
2015-12-05 12:25:01 +00:00
Tommie Gannert
38cb60624f Simplify tlsSNIChallenge code.
Solve is blocking, so no need to run initialization code in a separate
goroutine. Removes the need for s.start.

Once the listener is closed, all I/O resources have been returned. No
need to wait for http.Serve to return. Removes the need for s.end.
2015-12-05 12:24:49 +00:00
Tommie Gannert
5dc33c8c08 Simplify httpChallenge code.
Solve is blocking, so no need to run initialization code in a separate
goroutine. Removes the need for s.start.

Once the listener is closed, all I/O resources have been returned. No
need to wait for http.Serve to return. Removes the need for s.end.
2015-12-05 12:00:00 +00:00
Tommie Gannert
58a2fd2267 Split off validation function.
This is a loop that interacts with the ACME server, not the individual challenges.

Also switch to exponential back-off polling for good measure.
2015-12-05 11:52:24 +00:00
Tommie Gannert
237689b0cf Run gofmt on acme/tls_sni_challenge. 2015-12-05 11:50:57 +00:00
Matthew Holt
d9e2e2a873 Cleaned up a couple log lines 2015-12-02 12:33:37 -07:00
xenolf
32a29fd5ad We have two solvers now 2015-11-22 19:33:26 +01:00
xenolf
775545e2bb Add tests to TLS-SNI-01 2015-11-22 19:31:16 +01:00
xenolf
22622438fd Implement TLS-SNI-01 to match Boulder. Not spec conform. 2015-11-22 19:31:16 +01:00
xenolf
e8d64bb50b WIP TLS-SNI-01
[ci skip]
2015-11-22 19:31:16 +01:00
Matthew Holt
974f2fa929 Don't try appending /directory to caURL (spec doesn't require it)
Also improved some comments/docs and fixed a test
2015-11-20 12:01:06 -07:00
xenolf
f2389fda58 Remove simpleHTTP - Update README 2015-11-18 22:17:02 +01:00
xenolf
08680d8fcf Properly name challenge types for http-01 tests 2015-11-18 22:11:47 +01:00
xenolf
7662cbcec5 Merge pull request #30 from xenolf/add-san-cert
Add SAN certificates - fix #20
2015-11-18 22:07:54 +01:00
xenolf
f41ed4f9de Remove unneeded function 2015-11-18 21:41:27 +01:00
xenolf
a8c2a12871 Move back to square/go-jose (reverted from commit cae6d59e19) 2015-11-18 21:15:49 +01:00
xenolf
cae6d59e19 Move back to square/go-jose 2015-11-18 21:06:45 +01:00
xenolf
caba7ddee7 Add comment to ObtainSANCertificate 2015-11-18 19:53:42 +01:00
xenolf
3be490f6cb Change how challenge order is preserved as suggested by @zakjan 2015-11-18 19:44:47 +01:00
xenolf
b9ba9e58b3 Return the right error 2015-11-17 23:07:13 +01:00
xenolf
487c8763d5 Revert adding locks to jws - not in scope of this branch 2015-11-17 22:36:25 +01:00
xenolf
6671fd137c Make sure the challenges do not get re-ordered for SAN certs 2015-11-17 22:22:25 +01:00
xenolf
c849ca1b90 If any challenge fails - return an error 2015-11-17 19:45:15 +01:00
xenolf
17576f0626 Update README & Extract KeyAuthorizations from HTTP-01 2015-11-16 23:57:04 +01:00
Jan Zak
5f566d2e0c Add JSON tags to RegistrationResource as used in official client 2015-11-13 20:20:15 +01:00
xenolf
9ee93e8428 Add tests for http-01 2015-11-12 23:51:07 +01:00
xenolf
f29debf702 Adjust client tests to new solver count 2015-11-12 22:51:12 +01:00
xenolf
94caca08d8 correctly fix go1.5 dependency 2015-11-12 22:49:02 +01:00
xenolf
87e9f08cfa Replace code which needs go1.5 2015-11-12 22:33:00 +01:00
xenolf
83dc16fa5e Add the http-01 challenge to the list of solvers 2015-11-12 22:32:27 +01:00
xenolf
ba66756d4e Initial work on HTTP-01 2015-11-12 21:42:57 +01:00
xenolf
3409740d33 Fix nonce starvation bug in SimpleHTTP - fix tests 2015-11-12 02:55:28 +01:00
xenolf
998a8325aa Move back to square/go-jose 2015-11-12 02:06:22 +01:00
xenolf
b958bd2da4 Make the CA URL accept /directory. #23 2015-11-11 13:51:03 +01:00
xenolf
27a8cff3c6 Initial support for SAN certificates 2015-11-11 01:01:15 +01:00
xenolf
f6576e8815 Add locking to JWS nonce store. 2015-11-11 01:00:20 +01:00
xenolf
7717294d9e Add fallback to SimpleHTTP bind in case domain:port is not bindable. 2015-11-09 18:41:27 +01:00
Matthew Holt
10f2b59add Removed unused functions, more consistent/readable debugging 2015-11-06 23:22:32 -07:00
Matthew Holt
6f9e487d7d Make acme.Logger optional; otherwise use standard log.Logger
Also fixed lil' vet warning
2015-11-05 23:43:42 -07:00
Matthew Holt
71d0e8db6f Bind to domain:port to solve simple HTTP
This way it doesn't conflict with other processes bound to 0.0.0.0 on the same port. Refactored tests to use 127.0.0.1 instead of a bogus domain, since it must resolve to localhost to pass.
2015-11-03 12:13:20 -07:00
xenolf
3e1a5dc04b Add hooks to SimpleHTTP 2015-11-03 00:02:47 +01:00
xenolf
a2867a0c18 Add TOSError and change ObtainCertificates to return errors by domain. 2015-11-02 01:01:00 +01:00
xenolf
ee2c7f3ad7 Library support for optional email 2015-10-31 00:12:12 +01:00
Matthew Holt
2c24056374 Close leaky file descriptors 2015-10-30 15:38:59 -06:00
xenolf
38e66cf43a Fix test regexp 2015-10-30 13:50:02 +01:00