- 22 Jul, 2018 1 commit
-
-
Vincent Pelletier authored
The intent was getting a nice error message if file was not readable, but it causes a resource warning in python3 (file object being garbage- collected while open - wasn't that the beauty of automatic garbage collection to begin with ? It makes sense for writeable files as not closing may cause race conditions, but for read-only it's just annoying).
-
- 21 Jul, 2018 1 commit
-
-
Vincent Pelletier authored
-
- 20 Jul, 2018 3 commits
-
-
Vincent Pelletier authored
Concatenate potential homonymous headers following specification.
-
Vincent Pelletier authored
-
Vincent Pelletier authored
-
- 15 Jul, 2018 4 commits
-
-
Vincent Pelletier authored
Escape all quoted strings. Add referrer. Add user-agent.
-
Vincent Pelletier authored
Include both caucase name and its current version number. Add versioneer for version number introspection, producing egg version and caucase.__version__.
-
Vincent Pelletier authored
-
Vincent Pelletier authored
-
- 14 Jul, 2018 8 commits
-
-
Vincent Pelletier authored
More realistic than checking server certificate.
-
Vincent Pelletier authored
Reference value is pre-timeshift, so it will immediately differ but for the wrong reason.
-
Vincent Pelletier authored
sqlite does not allow controlling creation mode, so create the file ourselves so it gets created when missing.
-
Vincent Pelletier authored
Rather than starting to listen on http before https. This makes tests more reliable, as they will no actually wait for caucased to be fully ready, in turn making shutdown more reliable.
-
Vincent Pelletier authored
It is not expiration which is disabled, but pruning from database.
-
Vincent Pelletier authored
-
Vincent Pelletier authored
For consistency with other places in caucase.
-
Vincent Pelletier authored
-
- 13 Jul, 2018 4 commits
-
-
Vincent Pelletier authored
No certificate is needed to be an anonymous client, only up-to-date CA and CRL are needed to validate service certificate.
-
Vincent Pelletier authored
Also, document why CA certificate expiration is not tracked explicitly.
-
Vincent Pelletier authored
-
Vincent Pelletier authored
-
- 12 Jul, 2018 10 commits
-
-
Vincent Pelletier authored
-
Vincent Pelletier authored
-
Vincent Pelletier authored
Contains a few handy commands to run before sending patches.
-
Vincent Pelletier authored
-
Vincent Pelletier authored
Otherwise, this port will fail https handshake if clients connects too early.
-
Vincent Pelletier authored
netloc is the public access point to a caucase instance. bind is the private access point to a caucase instance, which may be different (ex: NAT). Allow overriding netloc address with --bind. As a consequence, add support for multiple binds: a netloc may resolve to multiple addresses (ex: one IPv4, one global IPv6 and one Unique Local Address). As a further consequence, systematically disable automatic IPv4 binding when binding to an IPv6 address. Also, allow overriding netloc port with --base-port. The same port pair will be used on all bound hosts. Share SSL context between multiple https sockets. To increase binding visibility, print bindings, and print when exiting.
-
Vincent Pelletier authored
pyca/cryptography 21st release is out and caucase already requires is_signature_valid. Also, literal IPv6 CRL distribution points do not fail anymore - add test. No more known 1.0 blockers ! Weee !
-
Vincent Pelletier authored
-
Vincent Pelletier authored
Also, remove irrelevant key usage extension, as during certificate renewal the extensions of the existing certificate are used, not the ones of the certificate signing request.
-
Vincent Pelletier authored
Found by shellcheck.
-
- 08 Jul, 2018 1 commit
-
-
Vincent Pelletier authored
Do not rely on test's -a & -o. Escape backslashes which are intended as literals. Avoid one useless "cat". Avoid testing $?. Simplify "is integer ?" test. Quote a few variable expansions. Arithmetic expression does not need explicit expansion. Split declaration and assignment to unmask status. Disable shellcheck warning about "local" being undefined in POSIX.
-
- 04 Nov, 2017 8 commits
-
-
Vincent Pelletier authored
-
Vincent Pelletier authored
-
Vincent Pelletier authored
Also, drop redundant HTTP version fallback: this is already handled in BaseHTTPRequestHandler.
-
Vincent Pelletier authored
-
Vincent Pelletier authored
-
Vincent Pelletier authored
-
Vincent Pelletier authored
Export is already provided by the regular protocol.
-
Vincent Pelletier authored
CRL object comparison does not check the list of revoked certificates. Instead, compare signatures as they are supposed to be all-inclusive.
-