lauri
/
certidude
mirror of https://github.com/laurivosandi/certidude
1
0
Fork 0
Code Issues Activity
187 Commits 2 Branches 0 Tags 18 MiB
Commit Graph

14 Commits

Author SHA1 Message Date
Lauri Võsandi 1813056fc7 Move leases and tagging backend to filesystem extended attributes 2017-03-26 00:10:09 +00:00
Lauri Võsandi 06010ceaf3 Refactor 
* Remove PyOpenSSL based wrapper classes
* Remove unused API calls
* Add certificate renewal via X-Renewal-Signature header
* Remove (extended) key usage handling
* Clean up OpenVPN and nginx server setup code
* Use UDP port 51900 for OpenVPN by default
* Add basic auth fallback for iOS in addition to Android
* Reduce complexity
 2017-03-13 11:42:58 +00:00
Lauri Võsandi 2a8109704a Refactor 
* Remove given name and surname attributes because of issues with OpenVPN Connect
* Remove e-mail attribute because of no reliable method of deriving usable address
* Remove organizational unit attribute
* Don't overwrite Kerberos cronjob during certidude setup authority
* Enforce path_length=0 for disabling intermediate CA-s
* Remove SAN attributes
* Add configuration options for outbox sender name and address
* Use common name attribute to derive signature flags
* Use distinct pub/sub URL-s for long poll and event source
 2017-02-07 22:07:21 +00:00
Lauri Võsandi fab52dca76 Add request submission from web interface 2016-09-18 16:25:52 +03:00
Lauri Võsandi b4d006227a Refactor codebase 
* Replace PyOpenSSL with cryptography.io
* Rename constants to const
* Drop support for uwsgi
* Use systemd to launch certidude server
* Signer automatically spawned as part of server
* Update requirements.txt
* Clean up certidude client configuration handling
* Add automatic enroll with Kerberos machine cerdentials
 2016-09-18 00:00:14 +03:00
Lauri Võsandi 799b9e19c8 Use unicode literals for logging 2016-03-29 08:54:55 +03:00
Lauri Võsandi 925bc0ef9a Refactor users, add OpenVPN and mailing support 
* Add abstraction for user objects
* Mail authority admins about pending, revoked and signed certificates
* Add NetworkManager's OpenVPN plugin support
* Improve CRL support
* Refactor CSRF protection
* Update documentation
 2016-03-27 23:38:14 +03:00
Lauri Võsandi 811e6dbb08 Complete overhaul 
* Switch to Python 2.x due to lack of decent LDAP support in Python 3.x
* Add LDAP backend for authentication/authorization
* Add PAM backend for authentication
* Add getent backend for authorization
* Add preliminary CSRF protection
* Update icons
* Update push server documentation, use nchan from now on
* Add P12 bundle generation
* Add thin wrapper around Python's SQL connectors
* Enable mailing subsystem
* Add Kerberos TGT renewal cronjob
* Add HTTPS server setup commands for nginx
 2016-03-21 23:42:39 +02:00
Lauri Võsandi 4240d55fe4 Add preliminary Python 2.x support 2016-02-28 22:37:56 +02:00
Lauri Võsandi b830ce7671 api: Fix exception includes 2016-01-25 11:19:08 +02:00
Lauri Võsandi d8abde3d53 Refactor request submission 
API now properly distinguishes duplicate request from other requests with same common name.
 2016-01-14 11:02:57 +02:00
Lauri Võsandi da6600e2e9 api: Added signed certificate tagging mechanism 2015-12-16 17:41:49 +00:00
Lauri Võsandi fbbf7a320d Add preliminary support for logging 
Current logging mechanism makes use of Python's logging module.
MySQL logging handler inserts log entries to MySQL server and
another logging handler is used to stream events to web interface
via nginx streaming push.
 2015-12-13 15:11:22 +00:00
Lauri Võsandi b788d701eb Refactor wrappers 
Completely remove wrapper class for CA,
use certidude.authority module instead.
 2015-12-12 22:39:17 +00:00