- 03 Nov, 2017 5 commits
-
-
Vincent Pelletier authored
For easier use when renewing a single certificate after restoring backups, for example.
-
Vincent Pelletier authored
Also, makes them not count against the maximum number of auto-emitted certificates.
-
Vincent Pelletier authored
Also, inline createCAKeyPair method in its only caller. This was not intended to be part of the API. Prepares support for externally-provided CA certificates.
-
Vincent Pelletier authored
This is called from many places which make sense to call independently and should not conflict. So protect against parallel CA renewal. Result code will never block: a single thread will process renewal, concurrent threads will just use the still-valid latest CA.
-
Vincent Pelletier authored
This is fixed in latest cryptography module. Forgotten when cryptography minimal version was bumped to 2.1.1 .
-
- 31 Oct, 2017 5 commits
-
-
Vincent Pelletier authored
-
Vincent Pelletier authored
For python-hostile and python-deprived audiences.
-
Vincent Pelletier authored
While identifiers are integers, they could just as well be treated as opaque identifiers by external applications.
-
Vincent Pelletier authored
Instead, use a thread-safe way. Current code using it is not threaded, but future code will be.
-
Vincent Pelletier authored
-
- 30 Oct, 2017 1 commit
-
-
Vincent Pelletier authored
-
- 27 Oct, 2017 6 commits
-
-
Vincent Pelletier authored
Current tests have no extra dependencies. This takes some time before running caucase tests, especially on slower machines.
-
Vincent Pelletier authored
To accommodate with slower machines, which are a reasonable target for caucase. Caucase tests do not timeout anymore on a Raspberry Pi B+.
-
Vincent Pelletier authored
Allows running tests without setup.py around.
-
Romain Courteaud authored
Remove special handling of first folder level. Generalise CAU/CAS context decision. Split functionalities further, making each method shorter. Factorise subpath checks. Factorise response generation when producing a body. The resulting data structure, if more verbose than the original one, is not harder to traverse and more extensible.
-
Vincent Pelletier authored
-
Vincent Pelletier authored
-
- 25 Oct, 2017 12 commits
-
-
Vincent Pelletier authored
-
Vincent Pelletier authored
Chunk size is not bounded. So instead of remembering chunk tail, remember how much there is to read in current chunk.
-
Vincent Pelletier authored
-
Vincent Pelletier authored
-
Vincent Pelletier authored
-
Vincent Pelletier authored
-
Vincent Pelletier authored
-
Vincent Pelletier authored
-
Vincent Pelletier authored
As per WSGI specs, transfer encoding (and other hop-by-hop headers) must not be processed by WSGI applications.
-
Vincent Pelletier authored
-
Vincent Pelletier authored
-
Vincent Pelletier authored
-
- 24 Oct, 2017 3 commits
-
-
Vincent Pelletier authored
-
Vincent Pelletier authored
Allows introducing more reasons to reject authentication, with different WWW-Authenticate values.
-
Romain Courteaud authored
So "wsgi.url_scheme" gets the correct value.
-
- 22 Oct, 2017 1 commit
-
-
Vincent Pelletier authored
-
- 21 Oct, 2017 2 commits
-
-
Vincent Pelletier authored
-
Vincent Pelletier authored
Needed by curl with --upload-file . Curl also asks us to return "100 Continue" responses, but WSGI (as of python 2.7 reference implementation) does not allow that. Gah.
-
- 20 Oct, 2017 4 commits
-
-
Vincent Pelletier authored
So that wsgi layer can convert it into a 4xx error, and it stops being a 5xx error + traceback. Add a test.
-
Vincent Pelletier authored
-
Vincent Pelletier authored
-
Vincent Pelletier authored
Allows enforcing CRL signature checking.
-
- 19 Oct, 2017 1 commit
-
-
Vincent Pelletier authored
-