216af460cf
Better system keytab checking for client
2017-04-14 01:49:32 +03:00
c5a0b34b0a
Update README
2017-04-14 01:47:28 +03:00
d91e12942d
Tagging fixes
2017-04-13 15:42:38 +00:00
7a7f22c1a1
Add clock sync tolerance of 5min for signed certs
2017-04-13 15:35:08 +00:00
4a9abab362
Fix nginx configuration generation
2017-04-13 15:19:26 +00:00
d7a2c7c193
Fix OpenVPN client configuration generation
2017-04-13 18:17:05 +03:00
a22e1eb557
Fix server certificate extensions for StrongSwan
2017-04-13 15:12:56 +00:00
02482e8d79
Migrate to python-gssapi
2017-04-13 14:33:40 +00:00
51d7dffa9b
Bugfixes
2017-04-12 13:56:29 +00:00
0201a84a64
Merge branch 'master' of github.com:laurivosandi/certidude
2017-04-12 13:22:21 +00:00
09724e04dc
Add preliminary bootstrap API call
2017-04-12 13:21:49 +00:00
e68829732d
Merge branch 'master' of github.com:laurivosandi/certidude
2017-04-07 10:57:38 +03:00
f477fb9ad8
cli: Add Yubikey enrollment command
2017-04-07 10:57:25 +03:00
848763160b
Merge github.com:laurivosandi/certidude
2017-04-04 05:03:33 +00:00
90b663ce26
Add file based rotating log handler
2017-04-04 05:02:08 +00:00
5c6097cc40
Fix CSR listing command
2017-03-28 12:24:51 +03:00
e506ea61be
Revert back to trusty for Travis, xattr package broken in xenial
2017-03-26 21:20:03 +00:00
2596543025
More code coverage
2017-03-26 21:16:01 +00:00
db3b89c71f
Switch to Ubuntu 16.04 for Travis
2017-03-26 21:15:48 +00:00
d5dcadc346
Remove dependency on pycountries
2017-03-26 20:47:45 +00:00
e3690bedf2
Another attempt to increase code coverage
2017-03-26 20:45:08 +00:00
44b6f13669
Use random serial for CA certificate
2017-03-26 20:44:47 +00:00
a663efd39e
Create directories and set selinux context for certidude request
2017-03-26 17:40:39 +00:00
77db728294
Fix attribute API call whitelist handling
2017-03-26 16:58:29 +00:00
13db28aaac
Add xattr package dependency for Travis
2017-03-26 10:16:22 +00:00
32356013fd
Correct configuration file tagging section name
2017-03-26 10:12:08 +00:00
f806545bee
Use filesystem extended attribute user.xdg.tags for tags, move leases to user.lease namespace
2017-03-26 10:09:18 +00:00
1813056fc7
Move leases and tagging backend to filesystem extended attributes
2017-03-26 00:10:09 +00:00
79aa1e18c0
Add explicit renewal flag for certiude request
2017-03-13 19:47:58 +02:00
7b1dae0901
Renew certificate only when 25% of certificate lifetime remains
2017-03-13 19:42:21 +02:00
b3185bbbf4
Attempt to increase test code coverage
2017-03-13 17:54:33 +02:00
4fc8fbb287
Run test only once
2017-03-13 17:31:32 +02:00
2f666d5943
Add missing dependency python-dateutil
2017-03-13 17:24:59 +02:00
7eb8378562
Attempt to fix tests
2017-03-13 17:20:41 +02:00
06010ceaf3
Refactor
...
* Remove PyOpenSSL based wrapper classes
* Remove unused API calls
* Add certificate renewal via X-Renewal-Signature header
* Remove (extended) key usage handling
* Clean up OpenVPN and nginx server setup code
* Use UDP port 51900 for OpenVPN by default
* Add basic auth fallback for iOS in addition to Android
* Reduce complexity
2017-03-13 11:42:58 +00:00
d1aa2f2073
Merge branch 'master' of github.com:laurivosandi/certidude
2017-02-09 17:03:18 +00:00
4eed940a66
Clean up PKCS#12 generation
2017-02-09 17:02:33 +00:00
dae282973e
Passphraseless PKCS#12 doesn't play well with Firefox
2017-02-09 16:59:01 +00:00
94757cf25c
Conform to RFC 5280, remove unused variable and a comment
2017-02-09 14:16:01 +00:00
bef97eddab
Update requirements.txt
2017-02-08 23:22:41 +02:00
b0e7ad9540
Fix mailbox configuration in the web interface
2017-02-08 20:22:26 +00:00
2a8109704a
Refactor
...
* Remove given name and surname attributes because of issues with OpenVPN Connect
* Remove e-mail attribute because of no reliable method of deriving usable address
* Remove organizational unit attribute
* Don't overwrite Kerberos cronjob during certidude setup authority
* Enforce path_length=0 for disabling intermediate CA-s
* Remove SAN attributes
* Add configuration options for outbox sender name and address
* Use common name attribute to derive signature flags
* Use distinct pub/sub URL-s for long poll and event source
2017-02-07 22:07:21 +00:00
703970c1d3
Add Mac device identifier string for bundles
2017-02-02 09:44:58 +00:00
9d29ff74be
Add timeago plugin for fuzzy timestamps
2017-01-30 22:59:43 +00:00
6c1d0bfae9
More fixes to make client work on Mac OS X
2017-01-30 18:12:27 +00:00
34e8fb9c8c
Make Kerberos keytab handling more universal
2017-01-30 17:48:30 +00:00
9c80c7c2c3
Add OpenVPN client template
2017-01-30 16:36:22 +00:00
0bca61e61f
Add preliminary LDAP fallback support for Kerberos protected API calls
2017-01-30 07:04:05 +00:00
4ae40c5d45
Add long poll support for CRL API call
2017-01-30 06:29:01 +00:00
c979d73bec
Fix typos for local time conversion
2017-01-30 06:27:12 +00:00