Commit graph

224 commits

Author SHA1 Message Date
Den Quixote
0e53e51ba5 dns_challenge preCheckDNS: let system resolver decide IPv4 ./. IPv6.
We can ask the OS resolver for the IP of Google's public anycast DNS.
No need to "bootstrap" with literal IP address. The OS resolver knows
best about IPv4 ./. IPv6.

Mostly fixes #88.
2016-01-30 19:39:10 +01:00
Simone Carletti
753f9ca798 DNSimpleProvider: Fix bug with subdomains
When requesting a certificate for a subdomain, the DNS record was
attached to the domain instead.

E.g.

Requested:

    ww1.example.com

Created:

   _acme-challenge.example.com

instead of

    _acme-challenge.ww1.example.com
2016-01-30 00:03:50 +01:00
Simone Carletti
adc8afbb89 Update the path to the go lib 2016-01-29 23:47:56 +01:00
xenolf
815d8bba0c Merge pull request #84 from weppos/dnsimple
Add DNSimple DNS support
2016-01-29 23:06:42 +01:00
xenolf
54e272aaa3 Fix regression in Renew with SAN.
re-apply 5930ea52f0
Fixes #87
2016-01-29 14:10:57 +01:00
Matthew Holt
cf4ca2a89d Use http.DefaultClient
The Go docs recommend this.
2016-01-27 20:43:51 -07:00
Matthew Holt
b42b256d5c Add DigitalOcean DNS provider
Also a few vet/lint fixes and improved some error messages
2016-01-26 17:57:55 -07:00
Simone Carletti
d70e2869d2 Move toFqdn and unFqdn into a shared place (see GH-84) 2016-01-26 16:37:50 +01:00
Simone Carletti
08516614dd DNSimpleProvider: implement Present/CleanUp 2016-01-26 15:09:33 +01:00
Simone Carletti
6a3297e36f DNSimpleProvider: fetch credentials from env
I also had to rename the `envAuth()` in the Cloudflare implementation
to avoid the "redeclared" error

    acme/dns_challenge_dnsimple.go:41: envAuth redeclared in this block
        previous declaration at acme/dns_challenge_cloudflare.go:154
2016-01-26 13:13:40 +01:00
Simone Carletti
bcfce0809a DNSimpleProvider: Check valid credentials 2016-01-26 12:25:51 +01:00
Simone Carletti
3f4b078329 Basic DNSimple implementation for DNSProvider 2016-01-26 12:14:10 +01:00
xenolf
50031525c9 Fix DNS-01 challenge resource property 2016-01-25 00:32:47 +01:00
xenolf
08cd016ed3 Switch DNS-01 challenge over to central validation function 2016-01-25 00:23:21 +01:00
Jehiah Czebotar
617dd4d37c Refactor challenge providers to new ChallengeProvider interface
* new ChallengeProvider with Present and CleanUp methods
* new Challenge type describing `http-01`, `tls-sni-01`, `dns-01`
* new client.SetChallengeProvider to support custom implementations
2016-01-24 16:10:50 -05:00
Matthew Holt
1ceed018fd Tweak comment 2016-01-22 13:39:32 -07:00
Jan Broer
323bb88640 Fetch remaining zones when response is truncated.
Route53 API won’t return more than 100 zones per request.
2016-01-22 18:50:18 +01:00
xenolf
50be32a69e Change maximum zone number requested from Route53 to Math.MaxInt32 from MaxInt64.
Fixes #79.
2016-01-22 18:18:53 +01:00
xenolf
5992793edd Refactor DNS precheck 2016-01-22 02:25:27 +01:00
xenolf
602aeba6c1 Merge branch 'add-dns-challenge' 2016-01-22 01:51:10 +01:00
xenolf
a3f134e3fb Check DNS entry for validity before hitting boulder 2016-01-22 01:38:15 +01:00
Matthew Holt
db3a956d52 Couple more tests to ensure right method is being used 2016-01-13 18:49:25 -07:00
Ernesto Alejo
873ed4771d Fix fallthrough in the response status codes 2016-01-14 00:32:45 +01:00
xenolf
beac6273f6 Merge pull request #71 from xenolf/pem-decode-fix
Fix PEM decoding if file ends with multiple newlines
2016-01-12 18:16:52 +01:00
xenolf
33216d7563 Fix a race for socket in HTTP-01 2016-01-11 22:04:04 +01:00
Matthew Holt
19ea2cbf75 Fix PEM decoding if file ends with multiple newlines
This method more closely reflects how crypto/tls does it here: https://golang.org/src/crypto/tls/tls.go?s=5139:5210#L174
2016-01-11 10:02:28 -07:00
xenolf
db1a519684 Add the ability to reuse a private key 2016-01-08 10:14:41 +01:00
xenolf
6e33cd1b84 Move JSON http wrappers to http.go file 2016-01-08 10:04:57 +01:00
xenolf
0c10083ef0 Update tests 2016-01-08 08:04:50 +01:00
xenolf
de29381f7a Add interface:port override to HTTP-01 and TLS-01 instead of only port 2016-01-08 08:04:38 +01:00
xenolf
1193ae895a Merge pull request #66 from xenolf/user-agent-string
Implement custom User-Agent string
2016-01-07 04:51:31 +01:00
Jan Broer
04e4239653 Base64 encode dns-01 record 2016-01-05 00:40:05 +01:00
Matthew Holt
0786c993c9 Return full, parsed ocsp response instead of just the status 2015-12-31 16:07:18 -07:00
Matthew Holt
bfc24007db Oops 2015-12-31 15:04:58 -07:00
Matthew Holt
89908f39e9 Implement custom User-Agent string
Also a couple miscellaneous vet fixes
2015-12-30 15:01:21 -07:00
xenolf
fce9468e1e Update client docs 2015-12-27 20:56:02 +01:00
xenolf
8362f35823 Remove unreachable code 2015-12-27 20:55:44 +01:00
xenolf
3a3baf1597 Fix validateFunc tests 2015-12-27 19:26:47 +01:00
xenolf
09ff568758 Adjust logging output for http-01 2015-12-27 19:18:38 +01:00
xenolf
466af28672 Extract validateFunc from httpChallenge and tlsSNIChallenge 2015-12-27 19:08:17 +01:00
xenolf
6b750198f2 Fix tests 2015-12-27 18:56:44 +01:00
xenolf
523f3eb250 Change SetHTTPSPort to SetTLSPort 2015-12-27 18:56:36 +01:00
xenolf
0e857b2fef Adapt CLI to changes in lib
- Change explicit include of challenges to explicit exclude
- Add CLI switches for HTTP and TLS ports
2015-12-27 18:35:19 +01:00
xenolf
053dc4cfb1 Extract mutation of client into functions 2015-12-27 18:28:54 +01:00
xenolf
595f684e27 Merge branch 'master' of https://github.com/tommie/lego into refactor-client
# Conflicts:
#	acme/client.go
#	acme/http_challenge.go
#	acme/http_challenge_test.go
#	acme/tls_sni_challenge.go
#	cli.go
#	cli_handlers.go
2015-12-27 17:38:49 +01:00
Mustafa Altun
f3df6b81b2 Fix gofmt errors 2015-12-24 10:57:09 +02:00
xenolf
c2630f8eb7 Limit ioutil.ReadAll calls in client as well 2015-12-21 02:44:25 +01:00
xenolf
00af84d91b Close response body in getIssuerCertificate 2015-12-21 02:44:25 +01:00
xenolf
7789bd2ffc Limit OCSP answers to 1MB.
fixes #56
2015-12-18 22:33:30 +01:00
xenolf
136cc73ff8 Move call to ObtainSANCertificate 2015-12-18 17:55:43 +01:00
xenolf
5930ea52f0 lib: make renew aware of SAN 2015-12-18 17:55:43 +01:00
xenolf
c13968859a tweak log messages a bit 2015-12-15 21:21:12 +01:00
xenolf
c2467d031f Fix tests with new error 2015-12-11 17:16:24 +01:00
xenolf
f08c15df80 Use boulder error messages. 2015-12-11 17:16:24 +01:00
Jan Broer
666698cea3 Modular DNS challenge
- Manual provider
- Dynamic DNS Update provider (RFC2136)
- Route53 provider
- CloudFlare provider
2015-12-10 18:35:35 +01:00
xenolf
a23289899c Fix typo 2015-12-07 16:58:01 +01:00
xenolf
54e96f6fc5 Document that ObtainSANCertificate will never return a partial certificate on error. 2015-12-07 16:51:28 +01:00
Tommie Gannert
e32b9abfb2 Remove ObtainCertificates and rename ObtainSANCertificate to ObtainCertificate.
Also removes revokation abilities from RenewCertificate.

Makes the API more orthogonal. These things are not provided by the
ACME protocol, but were convenience helpers.
2015-12-05 22:07:12 +00:00
Tommie Gannert
71624f607a Replace exponential back-off in validate with Retry-After header.
Last paragraph of ACME spec, section 6.5:

  To check on the status of an authorization, the client sends a GET
  request to the authorization URI, and the server responds with the
  current authorization object.  In responding to poll requests while
  the validation is still in progress, the server MUST return a 202
  (Accepted) response with a Retry-After header field.
2015-12-05 21:32:53 +00:00
Tommie Gannert
b2c88d7a5d Make solvers configurable.
Allows selecting which solvers are available, and specifying options for them.
2015-12-05 21:01:08 +00:00
Tommie Gannert
039b7c50dc Use postJSON and getJSON wherever possible.
Encapsulates JSON marshalling.
2015-12-05 15:59:15 +00:00
Tommie Gannert
2dc2fdd1af Split off tests for validate, simplifying HTTP-01 and TLS-SNI-01 tests. 2015-12-05 15:09:29 +00:00
Tommie Gannert
bee1326835 Use a local ServeMux in httpChallenge.Solve.
Avoids modifying global state.
2015-12-05 12:25:01 +00:00
Tommie Gannert
38cb60624f Simplify tlsSNIChallenge code.
Solve is blocking, so no need to run initialization code in a separate
goroutine. Removes the need for s.start.

Once the listener is closed, all I/O resources have been returned. No
need to wait for http.Serve to return. Removes the need for s.end.
2015-12-05 12:24:49 +00:00
Tommie Gannert
5dc33c8c08 Simplify httpChallenge code.
Solve is blocking, so no need to run initialization code in a separate
goroutine. Removes the need for s.start.

Once the listener is closed, all I/O resources have been returned. No
need to wait for http.Serve to return. Removes the need for s.end.
2015-12-05 12:00:00 +00:00
Tommie Gannert
58a2fd2267 Split off validation function.
This is a loop that interacts with the ACME server, not the individual challenges.

Also switch to exponential back-off polling for good measure.
2015-12-05 11:52:24 +00:00
Tommie Gannert
237689b0cf Run gofmt on acme/tls_sni_challenge. 2015-12-05 11:50:57 +00:00
Matthew Holt
d9e2e2a873 Cleaned up a couple log lines 2015-12-02 12:33:37 -07:00
xenolf
32a29fd5ad We have two solvers now 2015-11-22 19:33:26 +01:00
xenolf
775545e2bb Add tests to TLS-SNI-01 2015-11-22 19:31:16 +01:00
xenolf
22622438fd Implement TLS-SNI-01 to match Boulder. Not spec conform. 2015-11-22 19:31:16 +01:00
xenolf
e8d64bb50b WIP TLS-SNI-01
[ci skip]
2015-11-22 19:31:16 +01:00
Matthew Holt
974f2fa929 Don't try appending /directory to caURL (spec doesn't require it)
Also improved some comments/docs and fixed a test
2015-11-20 12:01:06 -07:00
xenolf
f2389fda58 Remove simpleHTTP - Update README 2015-11-18 22:17:02 +01:00
xenolf
08680d8fcf Properly name challenge types for http-01 tests 2015-11-18 22:11:47 +01:00
xenolf
7662cbcec5 Merge pull request #30 from xenolf/add-san-cert
Add SAN certificates - fix #20
2015-11-18 22:07:54 +01:00
xenolf
f41ed4f9de Remove unneeded function 2015-11-18 21:41:27 +01:00
xenolf
a8c2a12871 Move back to square/go-jose (reverted from commit cae6d59e19) 2015-11-18 21:15:49 +01:00
xenolf
cae6d59e19 Move back to square/go-jose 2015-11-18 21:06:45 +01:00
xenolf
caba7ddee7 Add comment to ObtainSANCertificate 2015-11-18 19:53:42 +01:00
xenolf
3be490f6cb Change how challenge order is preserved as suggested by @zakjan 2015-11-18 19:44:47 +01:00
xenolf
b9ba9e58b3 Return the right error 2015-11-17 23:07:13 +01:00
xenolf
487c8763d5 Revert adding locks to jws - not in scope of this branch 2015-11-17 22:36:25 +01:00
xenolf
6671fd137c Make sure the challenges do not get re-ordered for SAN certs 2015-11-17 22:22:25 +01:00
xenolf
c849ca1b90 If any challenge fails - return an error 2015-11-17 19:45:15 +01:00
xenolf
cce3d79fc9 Add DNS-01 2015-11-17 00:05:01 +01:00
xenolf
dd3d2d5668 Demote challenge lookup failures to infos 2015-11-17 00:05:01 +01:00
xenolf
17576f0626 Update README & Extract KeyAuthorizations from HTTP-01 2015-11-16 23:57:04 +01:00
Jan Zak
5f566d2e0c Add JSON tags to RegistrationResource as used in official client 2015-11-13 20:20:15 +01:00
xenolf
9ee93e8428 Add tests for http-01 2015-11-12 23:51:07 +01:00
xenolf
f29debf702 Adjust client tests to new solver count 2015-11-12 22:51:12 +01:00
xenolf
94caca08d8 correctly fix go1.5 dependency 2015-11-12 22:49:02 +01:00
xenolf
87e9f08cfa Replace code which needs go1.5 2015-11-12 22:33:00 +01:00
xenolf
83dc16fa5e Add the http-01 challenge to the list of solvers 2015-11-12 22:32:27 +01:00
xenolf
ba66756d4e Initial work on HTTP-01 2015-11-12 21:42:57 +01:00
xenolf
3409740d33 Fix nonce starvation bug in SimpleHTTP - fix tests 2015-11-12 02:55:28 +01:00
xenolf
998a8325aa Move back to square/go-jose 2015-11-12 02:06:22 +01:00
xenolf
b958bd2da4 Make the CA URL accept /directory. #23 2015-11-11 13:51:03 +01:00
xenolf
27a8cff3c6 Initial support for SAN certificates 2015-11-11 01:01:15 +01:00
xenolf
f6576e8815 Add locking to JWS nonce store. 2015-11-11 01:00:20 +01:00