- 04 Nov, 2017 2 commits
-
-
Vincent Pelletier authored
CRL object comparison does not check the list of revoked certificates. Instead, compare signatures as they are supposed to be all-inclusive.
-
Vincent Pelletier authored
-
- 03 Nov, 2017 12 commits
-
-
Vincent Pelletier authored
-
Vincent Pelletier authored
Thanks, pylint.
-
Vincent Pelletier authored
-
Vincent Pelletier authored
-
Vincent Pelletier authored
-
Vincent Pelletier authored
Too many issues with processes not willing to shutdown. Instead, spawn threads, use an event to stop caucased while sleeping, and make it stop its http[s] servers more gracefully. Increases realiability of tests, especially when checking coverage.
-
Vincent Pelletier authored
For offline database administration: restoring backups, importing and exporting CA key pairs.
-
Vincent Pelletier authored
For easier use when renewing a single certificate after restoring backups, for example.
-
Vincent Pelletier authored
Also, makes them not count against the maximum number of auto-emitted certificates.
-
Vincent Pelletier authored
Also, inline createCAKeyPair method in its only caller. This was not intended to be part of the API. Prepares support for externally-provided CA certificates.
-
Vincent Pelletier authored
This is called from many places which make sense to call independently and should not conflict. So protect against parallel CA renewal. Result code will never block: a single thread will process renewal, concurrent threads will just use the still-valid latest CA.
-
Vincent Pelletier authored
This is fixed in latest cryptography module. Forgotten when cryptography minimal version was bumped to 2.1.1 .
-
- 31 Oct, 2017 5 commits
-
-
Vincent Pelletier authored
-
Vincent Pelletier authored
For python-hostile and python-deprived audiences.
-
Vincent Pelletier authored
While identifiers are integers, they could just as well be treated as opaque identifiers by external applications.
-
Vincent Pelletier authored
Instead, use a thread-safe way. Current code using it is not threaded, but future code will be.
-
Vincent Pelletier authored
-
- 30 Oct, 2017 1 commit
-
-
Vincent Pelletier authored
-
- 27 Oct, 2017 6 commits
-
-
Vincent Pelletier authored
Current tests have no extra dependencies. This takes some time before running caucase tests, especially on slower machines.
-
Vincent Pelletier authored
To accommodate with slower machines, which are a reasonable target for caucase. Caucase tests do not timeout anymore on a Raspberry Pi B+.
-
Vincent Pelletier authored
Allows running tests without setup.py around.
-
Romain Courteaud authored
Remove special handling of first folder level. Generalise CAU/CAS context decision. Split functionalities further, making each method shorter. Factorise subpath checks. Factorise response generation when producing a body. The resulting data structure, if more verbose than the original one, is not harder to traverse and more extensible.
-
Vincent Pelletier authored
-
Vincent Pelletier authored
-
- 25 Oct, 2017 12 commits
-
-
Vincent Pelletier authored
-
Vincent Pelletier authored
Chunk size is not bounded. So instead of remembering chunk tail, remember how much there is to read in current chunk.
-
Vincent Pelletier authored
-
Vincent Pelletier authored
-
Vincent Pelletier authored
-
Vincent Pelletier authored
-
Vincent Pelletier authored
-
Vincent Pelletier authored
-
Vincent Pelletier authored
As per WSGI specs, transfer encoding (and other hop-by-hop headers) must not be processed by WSGI applications.
-
Vincent Pelletier authored
-
Vincent Pelletier authored
-
Vincent Pelletier authored
-
- 24 Oct, 2017 2 commits
-
-
Vincent Pelletier authored
-
Vincent Pelletier authored
Allows introducing more reasons to reject authentication, with different WWW-Authenticate values.
-