1. 07 Nov, 2022 1 commit
    • Vincent Pelletier's avatar
      caucase.utils: Tolerate broken symlinks · a5306278
      Vincent Pelletier authored
      Otherwise, this causes an IOError to be raised in _getPEMTypeDict.
      So move file existence check inside the loop. Also rely on isdir returning
      False on non-existent inputs.
      This may for example happen if openssl-rehash is used on these directories:
      caucase-updater may delete an expired CA, breaking its symlink, triggering
      this bug and crashing caucase-updater.
      a5306278
  2. 26 Oct, 2022 1 commit
    • Vincent Pelletier's avatar
      ca: Add clock desynchronisation tolerance. · ba693499
      Vincent Pelletier authored
      Issue certificates and revocation lists a few seconds in the past of the
      true issuance time, to allow the client to be a bit in the past compared
      to the server. Otherwise, the client would receive a "not valid yet"
      certificate or CRL, which could crash it (es: caucase-update). Which
      normally is intended (so time attacks are noticed), but in this case is
      counter-productive.
      ba693499
  3. 22 Jul, 2022 1 commit
  4. 07 Jul, 2022 11 commits
  5. 22 Dec, 2021 4 commits
  6. 15 Dec, 2021 1 commit
  7. 09 Nov, 2021 9 commits
  8. 08 Nov, 2021 2 commits
  9. 20 Oct, 2021 3 commits
  10. 07 Oct, 2021 4 commits
  11. 07 Apr, 2021 3 commits