- 26 Apr, 2023 2 commits
-
-
Vincent Pelletier authored
-
Vincent Pelletier authored
-
- 07 Nov, 2022 3 commits
-
-
Vincent Pelletier authored
-
Vincent Pelletier authored
-
Vincent Pelletier authored
Otherwise, this causes an IOError to be raised in _getPEMTypeDict. So move file existence check inside the loop. Also rely on isdir returning False on non-existent inputs. This may for example happen if openssl-rehash is used on these directories: caucase-updater may delete an expired CA, breaking its symlink, triggering this bug and crashing caucase-updater.
-
- 26 Oct, 2022 1 commit
-
-
Vincent Pelletier authored
Issue certificates and revocation lists a few seconds in the past of the true issuance time, to allow the client to be a bit in the past compared to the server. Otherwise, the client would receive a "not valid yet" certificate or CRL, which could crash it (es: caucase-update). Which normally is intended (so time attacks are noticed), but in this case is counter-productive.
-
- 22 Jul, 2022 1 commit
-
-
Vincent Pelletier authored
-
- 07 Jul, 2022 11 commits
-
-
Vincent Pelletier authored
-
Vincent Pelletier authored
-
Vincent Pelletier authored
Silence the warning about "local" not being POSIX, as many shells implement it. Resolve the other watnings, related to now-useless "x" prefixes in [ arguments.
-
Vincent Pelletier authored
This whole business of parsing openssl command output is so brittle...
-
Vincent Pelletier authored
Work around what should be a test-only issue, where versioneer produces a unicode object for the module's version (by decoding a json object, whose strings become unicode objects). Python 2.7's BaseHttpServer does not encode the response in such case, causing a test failure when writing to wfile, set to be a BytesIO object. I guess some magic encoding happens on a real socket, likely to ascii.
-
Vincent Pelletier authored
Silences pylint warnings.
-
Vincent Pelletier authored
Silences a pylint warning.
-
Vincent Pelletier authored
-
Vincent Pelletier authored
-
Vincent Pelletier authored
-
Vincent Pelletier authored
This was indirectly satisfied by cryptography depending on ipaddress, so no functional change is expected. This is just to be pedantic.
-
- 22 Dec, 2021 4 commits
-
-
Vincent Pelletier authored
Traversal to the root makes is unreasonable. Rely on "shell" directory being a sibling of test.py's container.
-
Vincent Pelletier authored
-
Vincent Pelletier authored
Break requested sleep period into smaller chunks, to try to compensate for extended suspension periods. The chosen values seem to be a reasonable trade-off between accuracy and number of wake-ups.
-
Vincent Pelletier authored
Positional arguments are comparatively a lot harder to understand.
-
- 15 Dec, 2021 1 commit
-
-
Vincent Pelletier authored
caucase.test: Increase the caucased start timeout for test_databaseUpgradeFrom_0_9_8_{with,no}_revoked This step needs to generate certificates, so it may reach the shorter, default timeout.
-
- 09 Nov, 2021 9 commits
-
-
Vincent Pelletier authored
-
Vincent Pelletier authored
If environment points us at a specific python interpreter, use it to run caucased, even if caucased is present reachable from PATH.
-
Vincent Pelletier authored
-
Vincent Pelletier authored
-
Vincent Pelletier authored
As seen at least on cryptography 35.0.0 . Ideally this should be on a 63 or 64bits cutoff, but somehow the breakage is a lot lower. Bug reported upstream: https://github.com/pyca/cryptography/issues/6573
-
Vincent Pelletier authored
Because: - Non-blocking lock acquisition does not work with a context manager. - subprocess is not a context manager in python 2.7 .
-
Boxiang Sun authored
-
Boxiang Sun authored
-
Vincent Pelletier authored
The test should not need to sanitise the environment of this test in particular (if we do not trust the environment then there would be a lot more to sanitise for the python part of the test as well), and the intent was just to add the CAUCASE_PYTHON variable so caucase.sh runs the expected python executable and not one possibly picked from PATH. So copy environment, edit the copy and pass this to the caucase.sh subprocess.
-
- 08 Nov, 2021 2 commits
-
-
Vincent Pelletier authored
-
Vincent Pelletier authored
This codebase must remain py2 compatible for some more, so do not complain about backward-compatible code.
-
- 20 Oct, 2021 3 commits
-
-
Vincent Pelletier authored
-
Vincent Pelletier authored
Fixes cli.updater crashing when one of the locally-stored CA is expired. Also, explicitly raise when there are CAs in the local trust store but all fail loading.
-
Vincent Pelletier authored
If an unverifiable CRL is present (ex: its CA expired), then it can be ignored in the computation of the next wake-up time. Also, factorise with similar code in client.CaucaseClient.updateCRLFile .
-
- 07 Oct, 2021 3 commits
-
-
Vincent Pelletier authored
-
Vincent Pelletier authored
Preserve py2.7 compatibility. Also, make pylint happier with the result.
-
Vincent Pelletier authored
-