- 26 Sep, 2018 2 commits
-
-
Vincent Pelletier authored
This is a step in the direction of being browser-friendly: if caucased https certificate is issued by CAS CA, then for a browser to trust that certificate it would have to trust all certificates emitted by CAS CA certificate. This would be very dangerous, as CAS CA does not constrain the certificates it may sign, so it exposes users of that caucased to rogue certificates. Alone, this step is insufficient, as the new internal "http_cas" does not constrain certificates yet. This will happen in a separate commit, to ease review and regression testing. As a consequence of this step, by default client will not check server certificate in https. This is consistent with how trust is bootstrapped with plain http: maybe client is accessing an unexpected/malicious caucased, but in such case issued certificates will be worthless to a party which could access the correct caucased. Also, the client certificate presented to caucased does not allow that caucased to fake being that user, so there is no privilege escalation possible for server.
-
Vincent Pelletier authored
-
- 21 Sep, 2018 10 commits
-
-
Łukasz Nowak authored
/reviewed-on !3
-
Łukasz Nowak authored
-
Łukasz Nowak authored
-
Vincent Pelletier authored
-
Vincent Pelletier authored
-
Vincent Pelletier authored
Maybe name resolution is flapping, or server is unreachable or misbehaving... This must not cause caucase-update to exit.
-
Vincent Pelletier authored
So they can be customised in subclasses.
-
Vincent Pelletier authored
So that they do not hardcode the class to instanciate. This prepares further class tweaking. Also, update users.
-
Vincent Pelletier authored
-
Vincent Pelletier authored
-
- 20 Sep, 2018 5 commits
-
-
Vincent Pelletier authored
Work around a python bug (both present in 2.7.15 and 3.6.6) which prevents changing the ssl context on a listening socket. Reported: https://bugs.python.org/issue34747
-
Vincent Pelletier authored
The code could actually not loop. Still check that deadline is not reached when entering, as code often uses "now" as initial deadline. Also, clarify dosctring.
-
Vincent Pelletier authored
Do not wait forever so test does not block. Always clear event after it occurred. Also, ensure itsUntilEvent behaviour is to raise so server actually stops in _stopServer.
-
Vincent Pelletier authored
So the instance is readily reusable and less likely to be misused.
-
Vincent Pelletier authored
Spawned thread is not returned.
-
- 12 Sep, 2018 1 commit
-
-
Vincent Pelletier authored
Except it is not present on caucase root object. This reverts commit b26eeb38.
-
- 22 Jul, 2018 6 commits
-
-
Vincent Pelletier authored
-
Vincent Pelletier authored
It is not in python3.
-
Vincent Pelletier authored
-
Vincent Pelletier authored
To ease debugging.
-
Vincent Pelletier authored
-
Vincent Pelletier authored
The intent was getting a nice error message if file was not readable, but it causes a resource warning in python3 (file object being garbage- collected while open - wasn't that the beauty of automatic garbage collection to begin with ? It makes sense for writeable files as not closing may cause race conditions, but for read-only it's just annoying).
-
- 21 Jul, 2018 1 commit
-
-
Vincent Pelletier authored
-
- 20 Jul, 2018 3 commits
-
-
Vincent Pelletier authored
Concatenate potential homonymous headers following specification.
-
Vincent Pelletier authored
-
Vincent Pelletier authored
-
- 15 Jul, 2018 4 commits
-
-
Vincent Pelletier authored
Escape all quoted strings. Add referrer. Add user-agent.
-
Vincent Pelletier authored
Include both caucase name and its current version number. Add versioneer for version number introspection, producing egg version and caucase.__version__.
-
Vincent Pelletier authored
-
Vincent Pelletier authored
-
- 14 Jul, 2018 8 commits
-
-
Vincent Pelletier authored
More realistic than checking server certificate.
-
Vincent Pelletier authored
Reference value is pre-timeshift, so it will immediately differ but for the wrong reason.
-
Vincent Pelletier authored
sqlite does not allow controlling creation mode, so create the file ourselves so it gets created when missing.
-
Vincent Pelletier authored
Rather than starting to listen on http before https. This makes tests more reliable, as they will no actually wait for caucased to be fully ready, in turn making shutdown more reliable.
-
Vincent Pelletier authored
It is not expiration which is disabled, but pruning from database.
-
Vincent Pelletier authored
-
Vincent Pelletier authored
For consistency with other places in caucase.
-
Vincent Pelletier authored
-