- 11 Jan, 2016 2 commits
-
-
Patrick J Cherry authored
I'm not sure the trap needs to be there at all really..
-
Patrick J Cherry authored
Fixes: undefined method `gid' for #<Symbiosis::SSL::SelfSigned:0x00000001ea9088>
-
- 09 Jan, 2016 1 commit
-
-
Patrick J Cherry authored
Pared down the exceptions caught to EEXIST and ENOTDIR when retrying a write. I think erring on the conservative side here (rather than catching StandardError) is best. Also there's no infinite retry loop now.
-
- 08 Jan, 2016 4 commits
-
-
Patrick J Cherry authored
* Refactored symbiosis-ssl code into the library * Added tests to test this new code. * symbiosis-ssl tries to regain privs after creating the certs if it thinks it has them. * Changed what gets logged when a bit. Stuff in the SSL validation checks is now only shown if $DEBUG is set. * The cache of available SSL sets is always emptied before rollover starts. * The way available sets are sorted has changed to be done by expiry. * The symlink to current now uses the full path. * SSL sets are now kept in config/ssl/sets for neatness/namespace goodness. * CertificateSet#write drops privs if possible when creating a new set.
-
Patrick J Cherry authored
-
Patrick J Cherry authored
-
Patrick J Cherry authored
Otherwise we get authorization errors
-
- 07 Jan, 2016 9 commits
-
-
Patrick J Cherry authored
-
Patrick J Cherry authored
-
Patrick J Cherry authored
-
Patrick J Cherry authored
-
Patrick J Cherry authored
This is part of the Letsencrypt roll-over process.
-
Patrick J Cherry authored
-
Patrick J Cherry authored
This now means that the generic self-signed cert that most people end up with for SMTP etc will be signed by Letsencrypt.
-
Patrick J Cherry authored
-
Patrick J Cherry authored
There is no way to determine if an key is already registered with the server. Previously we just registered and caught any errors, but it turns out that the Acme servers always return "Malformed" if there is any problem with the request at all (e.g. bad email address, key previously registered). This means we can return a sane error to the user if the request fails, without parsing the error text. However if a key is not registered, the server will return Unauthorized when requesting a new challenge via new-authz, so we can use that to see if a key is valid or not.
-
- 06 Jan, 2016 4 commits
-
-
Patrick J Cherry authored
This allows self-signed certificates to be valid.
-
Patrick J Cherry authored
-
Patrick J Cherry authored
-
Patrick J Cherry authored
-
- 05 Jan, 2016 1 commit
-
-
Patrick J Cherry authored
-
- 04 Jan, 2016 3 commits
-
-
Patrick J Cherry authored
-
Patrick J Cherry authored
-
Patrick J Cherry authored
It is more logical that the set itself knows how to be written. Simplifies testing a little bit. The domain knows what the next SSL set should be called, so that needs to be done before the set is written.
-
- 17 Dec, 2015 2 commits
-
-
Patrick J Cherry authored
-
Patrick J Cherry authored
This is required for the vhost module to work when the IP is being shared with other name-based virtual hosts. Hopefully closes #12423
-
- 15 Dec, 2015 6 commits
-
-
Patrick J Cherry authored
Error: test_register(SSLLetsEncryptTest) NoMethodError: undefined method `[]' for nil:NilClass /etc/symbiosis/test.d/tc_ssl_letsencrypt.rb:85:in `do_post_new_reg' /etc/symbiosis/test.d/tc_ssl_letsencrypt.rb:41:in `block in setup'
-
Patrick J Cherry authored
-
Patrick J Cherry authored
Set#verify now returns the Store error number instead of just "true" when doing the verification.
-
Patrick J Cherry authored
-
Patrick J Cherry authored
-
Patrick J Cherry authored
-
- 14 Dec, 2015 8 commits
-
-
Patrick J Cherry authored
-
Patrick J Cherry authored
-
Patrick J Cherry authored
-
Patrick J Cherry authored
-
Patrick J Cherry authored
This makes verbose logging neater. Also various fixups around for the binary
-
Patrick J Cherry authored
We now deal in "Sets" of SSL certificates. A valid set is a directory with a working certificate, key, and possibly a bundle. This has moved a lot of the SSL code from Symbiosis::Domain into Symbiosis::SSL::Set.
-
Patrick J Cherry authored
-
Patrick J Cherry authored
Also added more loggin
-