- 12 Jul, 2018 4 commits
-
-
Vincent Pelletier authored
pyca/cryptography 21st release is out and caucase already requires is_signature_valid. Also, literal IPv6 CRL distribution points do not fail anymore - add test. No more known 1.0 blockers ! Weee !
-
Vincent Pelletier authored
-
Vincent Pelletier authored
Also, remove irrelevant key usage extension, as during certificate renewal the extensions of the existing certificate are used, not the ones of the certificate signing request.
-
Vincent Pelletier authored
Found by shellcheck.
-
- 08 Jul, 2018 1 commit
-
-
Vincent Pelletier authored
Do not rely on test's -a & -o. Escape backslashes which are intended as literals. Avoid one useless "cat". Avoid testing $?. Simplify "is integer ?" test. Quote a few variable expansions. Arithmetic expression does not need explicit expansion. Split declaration and assignment to unmask status. Disable shellcheck warning about "local" being undefined in POSIX.
-
- 04 Nov, 2017 9 commits
-
-
Vincent Pelletier authored
-
Vincent Pelletier authored
-
Vincent Pelletier authored
Also, drop redundant HTTP version fallback: this is already handled in BaseHTTPRequestHandler.
-
Vincent Pelletier authored
-
Vincent Pelletier authored
-
Vincent Pelletier authored
-
Vincent Pelletier authored
Export is already provided by the regular protocol.
-
Vincent Pelletier authored
CRL object comparison does not check the list of revoked certificates. Instead, compare signatures as they are supposed to be all-inclusive.
-
Vincent Pelletier authored
-
- 03 Nov, 2017 12 commits
-
-
Vincent Pelletier authored
-
Vincent Pelletier authored
Thanks, pylint.
-
Vincent Pelletier authored
-
Vincent Pelletier authored
-
Vincent Pelletier authored
-
Vincent Pelletier authored
Too many issues with processes not willing to shutdown. Instead, spawn threads, use an event to stop caucased while sleeping, and make it stop its http[s] servers more gracefully. Increases realiability of tests, especially when checking coverage.
-
Vincent Pelletier authored
For offline database administration: restoring backups, importing and exporting CA key pairs.
-
Vincent Pelletier authored
For easier use when renewing a single certificate after restoring backups, for example.
-
Vincent Pelletier authored
Also, makes them not count against the maximum number of auto-emitted certificates.
-
Vincent Pelletier authored
Also, inline createCAKeyPair method in its only caller. This was not intended to be part of the API. Prepares support for externally-provided CA certificates.
-
Vincent Pelletier authored
This is called from many places which make sense to call independently and should not conflict. So protect against parallel CA renewal. Result code will never block: a single thread will process renewal, concurrent threads will just use the still-valid latest CA.
-
Vincent Pelletier authored
This is fixed in latest cryptography module. Forgotten when cryptography minimal version was bumped to 2.1.1 .
-
- 31 Oct, 2017 5 commits
-
-
Vincent Pelletier authored
-
Vincent Pelletier authored
For python-hostile and python-deprived audiences.
-
Vincent Pelletier authored
While identifiers are integers, they could just as well be treated as opaque identifiers by external applications.
-
Vincent Pelletier authored
Instead, use a thread-safe way. Current code using it is not threaded, but future code will be.
-
Vincent Pelletier authored
-
- 30 Oct, 2017 1 commit
-
-
Vincent Pelletier authored
-
- 27 Oct, 2017 6 commits
-
-
Vincent Pelletier authored
Current tests have no extra dependencies. This takes some time before running caucase tests, especially on slower machines.
-
Vincent Pelletier authored
To accommodate with slower machines, which are a reasonable target for caucase. Caucase tests do not timeout anymore on a Raspberry Pi B+.
-
Vincent Pelletier authored
Allows running tests without setup.py around.
-
Romain Courteaud authored
Remove special handling of first folder level. Generalise CAU/CAS context decision. Split functionalities further, making each method shorter. Factorise subpath checks. Factorise response generation when producing a body. The resulting data structure, if more verbose than the original one, is not harder to traverse and more extensible.
-
Vincent Pelletier authored
-
Vincent Pelletier authored
-
- 25 Oct, 2017 2 commits
-
-
Vincent Pelletier authored
-
Vincent Pelletier authored
Chunk size is not bounded. So instead of remembering chunk tail, remember how much there is to read in current chunk.
-