lauri
/
certidude
mirror of https://github.com/laurivosandi/certidude
1
0
Fork 0
Code Issues Activity
461 Commits 2 Branches 0 Tags 18 MiB
Commit Graph

15 Commits

Author SHA1 Message Date
Lauri Võsandi c6d117b9cf mailer: Better utf-8 handling 2018-05-16 14:39:51 +00:00
Lauri Võsandi ce93fbb58b Several updates #4 
* Improved offline install docs
* Migrated token mechanism backend to SQL
* Preliminary token mechanism frontend integration
* Add clock skew tolerance for OCSP
* Add 'ldap computer filter' support for Kerberized machine enroll
* Include OCSP and CRL URL-s in certificates, controlled by profile.conf
* Better certificate extension handling
* Place DH parameters file in /etc/ssl/dhparam.pem
* Always talk to CA over port 8443 for 'certidude enroll'
* Hardened frontend nginx config
* Separate log files for frontend nginx
* Better provisioning heuristics
* Add sample site.sh config for LEDE image builder
* Add more device profiles for LEDE image builder
* Various bugfixes and improvements
 2018-05-15 07:45:29 +00:00
Lauri Võsandi 4e4b551cc2 Several updates #2 
* Reverse RDN components for all certs
* Less side effects in unittests
* Split help dialog shell snippets into separate files
* Restore 'admin subnets' config option
* Embedded subnets, IKE and ESP proposals now configurable in builder.conf
* Use expr instead of bc for math operations in shell
* Better frontend support for Let's Encrypt certificates
 2018-05-02 08:11:01 +00:00
Lauri Võsandi d911e5da33 config: Add 'mail suffix' for POSIX accounts to derive e-mail 2018-04-10 09:28:47 +00:00
Lauri Võsandi 577962e09b Several improvements 
* Add EC support
* Make token form toggleable
* Make client certificates compatible with iOS native IKEv2
* Fix OU for self-enroll
* Improved sample scripts in web UI
 2018-04-09 16:25:03 +03:00
Lauri Võsandi 59bedc1f16 Major refactor 
* Migrate to Python 3
* Update token generator mechanism
* Switch to Bootstrap 4
* Switch from Iconmonstr to Font Awesome icons
* Rename default CA common name to "Certidude at ca.example.lan"
* Add self-enroll for the TLS server certificates
* TLS client auth for lease updating
* Compile assets from npm packages to /var/lib/certidude/ca.example.lan/assets
 2017-12-30 14:00:19 +00:00
Lauri Võsandi 545febf3d0 tests: Cover LDAP auth and more 2017-05-07 22:14:58 +00:00
Lauri Võsandi 15ae064f55 Preliminary tests for auth 2017-04-25 21:47:41 +03:00
Lauri Võsandi 721cce05ac Don't enforce dependency on ldap module 2017-04-13 21:03:26 +00:00
Lauri Võsandi 06010ceaf3 Refactor 
* Remove PyOpenSSL based wrapper classes
* Remove unused API calls
* Add certificate renewal via X-Renewal-Signature header
* Remove (extended) key usage handling
* Clean up OpenVPN and nginx server setup code
* Use UDP port 51900 for OpenVPN by default
* Add basic auth fallback for iOS in addition to Android
* Reduce complexity
 2017-03-13 11:42:58 +00:00
Lauri Võsandi cca9d2ab2d Refactor LDAP authentication 
* ldap uri can be specified in /etc/certidude/server.conf now
* /etc/ldap/ldap.conf is ignored
 2017-01-25 09:43:19 +00:00
Lauri Võsandi 1b04a848e3 Improve Unicode handling in bundle generation 2016-09-18 14:32:14 +03:00
Lauri Võsandi b4d006227a Refactor codebase 
* Replace PyOpenSSL with cryptography.io
* Rename constants to const
* Drop support for uwsgi
* Use systemd to launch certidude server
* Signer automatically spawned as part of server
* Update requirements.txt
* Clean up certidude client configuration handling
* Add automatic enroll with Kerberos machine cerdentials
 2016-09-18 00:00:14 +03:00
Lauri Võsandi 22846327a0 Fix is_admin of PosixUserManager 2016-03-29 08:44:07 +03:00
Lauri Võsandi 925bc0ef9a Refactor users, add OpenVPN and mailing support 
* Add abstraction for user objects
* Mail authority admins about pending, revoked and signed certificates
* Add NetworkManager's OpenVPN plugin support
* Improve CRL support
* Refactor CSRF protection
* Update documentation
 2016-03-27 23:38:14 +03:00