1. 22 Dec, 2021 1 commit
  2. 20 Oct, 2021 3 commits
  3. 07 Oct, 2021 1 commit
  4. 07 Apr, 2021 1 commit
  5. 15 Feb, 2021 1 commit
    • Vincent Pelletier's avatar
      caucase: Fix CRL support. · 3aefb18a
      Vincent Pelletier authored
      Emit Certificate Revocation Lists signed by all valid CAs.
      Apparently openssl (or at least how it is used in stunnel4) fails to
      validate a certificate when CRL validation is enabled and the key which
      signed the CRL differs from the key which signed the certificate.
      Also, add Authority Key Identifier CRL extension, required to be standard-
      compliant.
      Also, fix revocation entry expiration: the RFC requires them to be kept
      at least one renewal cycle after the certificate's expiration.
      As a consequence of this whole change:
      - the protocol for retrieving the curren CRL changes to return the
        concatenated list of CRLs, which breaks the CRL distribution (...but
        the distributed CRLs were invalid anyway)
      - stop storing the CRL PEM in caucased's database so that it gets
        re-generated with fresh code. As caucased is not expected to be
        restarted very often, the extra CRL generation on every start should
        not make a difference.
      3aefb18a
  6. 27 Jun, 2020 2 commits
  7. 26 Jun, 2020 1 commit
  8. 23 Jun, 2020 2 commits
    • Vincent Pelletier's avatar
      all: Finalise python3 support. · e9de51f0
      Vincent Pelletier authored
      Basically, wrap stdout and stderr whenever they do not have an encoding
      with an ascii-encoding writer, and write unicode to stdout & stderr.
      wsgi.errors is defined in the reference implementation as being a StringIO,
      so follow that.
      Stop using argparse.FileType to get rid of python3 "file not closed"
      errors.
      Also, fix setup access to CHANGES.txt .
      Also, fix 2to3 involvement.
      Also, replace test.captureStdout with extra tool arguments.
      e9de51f0
    • Vincent Pelletier's avatar
      cli: Fix indentation. · d45a12a2
      Vincent Pelletier authored
      d45a12a2
  9. 06 Jun, 2020 1 commit
  10. 04 Jun, 2020 1 commit
    • Vincent Pelletier's avatar
      cli: Fix CRL renewal. · cfb83640
      Vincent Pelletier authored
      Load CRL expiration date even when it has not just been renewed.
      Also, request a newer CRL before local one expires (7 days by
      default).
      cfb83640
  11. 06 May, 2020 2 commits
    • Kirill Smelkov's avatar
      fixup! all: Update license and copyright. · 3a00d7bf
      Kirill Smelkov authored
      Rerun with updated nxd-relicense. This actually changes license text in
      every file.
      
      Before:
      
      	W: caucase/__init__.py: cannot find license start
      	W: caucase/_version.py: no copyright
      	W: caucase/ca.py: cannot find license start
      	W: caucase/cli.py: cannot find license start
      	W: caucase/client.py: cannot find license start
      	W: caucase/exceptions.py: cannot find license start
      	W: caucase/http.py: cannot find license start
      	W: caucase/http_wsgibase.py: cannot find license start
      	W: caucase/storage.py: cannot find license start
      	W: caucase/test.py: cannot find license start
      	W: caucase/utils.py: cannot find license start
      	W: caucase/version.py: cannot find license start
      	W: caucase/wsgi.py: cannot find license start
      	W: setup.py: cannot find license start
      	W: shell/caucase.sh: cannot find license start
      	W: versioneer.py: no copyright
      
      After:
      
      	W: caucase/_version.py: no copyright
      	W: versioneer.py: no copyright
      3a00d7bf
    • Vincent Pelletier's avatar
      all: Update license and copyright. · fe861043
      Vincent Pelletier authored
      Add FOSS licence exception.
      Fix copyright holder name.
      fe861043
  12. 27 May, 2019 1 commit
  13. 25 Jan, 2019 1 commit
  14. 24 Jan, 2019 1 commit
    • Łukasz Nowak's avatar
      cli: Use utcnow() as everywhere else · cd640230
      Łukasz Nowak authored
      Timedeltas between utcnow() and now() depend on system timezone, so
      they can last many hours when a few seconds is intended.
      
      The now() here was entered by mistake.
      
      /reviewed-on !5
      cd640230
  15. 03 Jan, 2019 1 commit
  16. 18 Dec, 2018 2 commits
  17. 14 Dec, 2018 2 commits
  18. 13 Dec, 2018 2 commits
  19. 05 Nov, 2018 1 commit
    • Vincent Pelletier's avatar
      cli: Fix RetryingCaucaseClient. · 6c612e22
      Vincent Pelletier authored
      Python was unexpectedly binding utils.until to this class, causing "self"
      argument to be automatically generated, which is not expected by this
      function.
      Tests do not exercise this code path because they are overriding this
      property, precisely to check that it gets called...
      Also, add docstring.
      6c612e22
  20. 02 Nov, 2018 2 commits
  21. 26 Sep, 2018 2 commits
  22. 21 Sep, 2018 2 commits
  23. 22 Jul, 2018 1 commit
    • Vincent Pelletier's avatar
      cli: Do not open file to then get its path and open it again. · fd8a152b
      Vincent Pelletier authored
      The intent was getting a nice error message if file was not readable, but
      it causes a resource warning in python3 (file object being garbage-
      collected while open - wasn't that the beauty of automatic garbage
      collection to begin with ? It makes sense for writeable files as not
      closing may cause race conditions, but for read-only it's just annoying).
      fd8a152b
  24. 13 Jul, 2018 2 commits
  25. 12 Jul, 2018 1 commit
  26. 04 Nov, 2017 2 commits
  27. 03 Nov, 2017 1 commit