1
0
mirror of https://github.com/laurivosandi/certidude synced 2024-12-22 08:15:18 +00:00
Commit Graph

131 Commits

Author SHA1 Message Date
b4d006227a Refactor codebase
* Replace PyOpenSSL with cryptography.io
* Rename constants to const
* Drop support for uwsgi
* Use systemd to launch certidude server
* Signer automatically spawned as part of server
* Update requirements.txt
* Clean up certidude client configuration handling
* Add automatic enroll with Kerberos machine cerdentials
2016-09-18 00:00:14 +03:00
15858083b3 Use UTC for log entries 2016-04-05 15:30:50 +03:00
c33da46f19 Push server fixes 2016-04-05 15:02:05 +03:00
7012f5b365 Make user certificate enrollment configurable 2016-04-01 01:55:51 +03:00
fa27253b50 Add 'certidude users' command for listing user accounts 2016-04-01 00:01:58 +03:00
816cf32353 Include robots.txt in MANIFEST.in 2016-04-01 00:00:24 +03:00
ff2e983711 ui: Update CRL fetching command example 2016-03-30 22:06:15 +03:00
ec2dea7a13 cli: Authority setup script fixes 2016-03-30 22:05:32 +03:00
456fe586c3 Add revocation list JSON serialization 2016-03-30 22:00:18 +03:00
5bdf986b47 cli: Send Accept: application/x-pem-file while downloading CRL 2016-03-29 23:39:19 +03:00
833fb82354 Upload 0.1.21 to PyPI 2016-03-29 22:19:55 +03:00
d2a259b887 Merge authority setup and production setup 2016-03-29 22:03:27 +03:00
a094db794b cli: Fix extended key usage flags for authority setup script 2016-03-29 19:43:50 +03:00
c644b065ef Migrate authority setup from PyOpenSSL to cryptography.io 2016-03-29 19:29:06 +03:00
af60fd8047 cli: Fix authority setup script 2016-03-29 18:37:28 +03:00
476a312b4e ui: Fix autosign subnets listing 2016-03-29 15:47:00 +03:00
09a67718ab Expose certificate and CRL lifetime via session API call 2016-03-29 15:43:34 +03:00
d8f1e36ecf Reduce default CRL lifetime to 20min 2016-03-29 15:17:44 +03:00
6de010a411 Make /api/revoked conform to RFC5280 2016-03-29 13:28:58 +03:00
1475828899 Fix CRL distriution points and add authority information access extensions 2016-03-29 12:29:15 +03:00
e721648328 Use common name instead of IP address as listening address for IPSec gateway 2016-03-29 12:28:10 +03:00
799b9e19c8 Use unicode literals for logging 2016-03-29 08:54:55 +03:00
acc0e29109 Add AKID and SKID 2016-03-29 08:47:43 +03:00
ff71ca42d7 Move GSSAPI credcache from authorization config section to accounts 2016-03-29 08:45:17 +03:00
22846327a0 Fix is_admin of PosixUserManager 2016-03-29 08:44:07 +03:00
de42d97b59 Add $ssl_client_s_dn_cn for nginx config template 2016-03-29 08:28:48 +03:00
f88a970e2a Attempt to fix CA test 2016-03-28 00:18:41 +03:00
8ca809b546 Remove dependency on particular version of configparser 2016-03-28 00:07:39 +03:00
9afafea833 Add sudo for Travis' apt-get 2016-03-28 00:04:03 +03:00
3d32de8cad Documentation fixes and attempt to fix Travis 2016-03-28 00:00:41 +03:00
925bc0ef9a Refactor users, add OpenVPN and mailing support
* Add abstraction for user objects
* Mail authority admins about pending, revoked and signed certificates
* Add NetworkManager's OpenVPN plugin support
* Improve CRL support
* Refactor CSRF protection
* Update documentation
2016-03-27 23:38:14 +03:00
811e6dbb08 Complete overhaul
* Switch to Python 2.x due to lack of decent LDAP support in Python 3.x
* Add LDAP backend for authentication/authorization
* Add PAM backend for authentication
* Add getent backend for authorization
* Add preliminary CSRF protection
* Update icons
* Update push server documentation, use nchan from now on
* Add P12 bundle generation
* Add thin wrapper around Python's SQL connectors
* Enable mailing subsystem
* Add Kerberos TGT renewal cronjob
* Add HTTPS server setup commands for nginx
2016-03-21 23:42:39 +02:00
ffdab4d36d Update strongSwan leftupdown script 2016-03-01 13:52:10 +02:00
d38a9a8103 Add preliminary PKCS#12 bundle generation 2016-03-01 11:01:53 +02:00
449dcea821 Add preliminary PAM authentication backend 2016-02-29 23:06:42 +02:00
4240d55fe4 Add preliminary Python 2.x support 2016-02-28 22:37:56 +02:00
5eed7cb6d9 ui: Add blue color for recently seen clients 2016-02-17 21:44:33 +02:00
489de4ec79 ui: Bundle template JavaScript 2016-02-17 16:16:00 +02:00
114e67ed6a api: Use nchan headers for pushing events 2016-02-17 16:15:06 +02:00
b830ce7671 api: Fix exception includes 2016-01-25 11:19:08 +02:00
661e7608ef ui: Precompile nunjucks templates 2016-01-25 11:18:19 +02:00
7cb9f04972 Add routes for NetworkManager only if they have been specified 2016-01-15 18:09:03 +02:00
6bfa1ccf9c cli: Fix typo 2016-01-15 13:50:45 +02:00
589a31eb3d Sanitize configuration file section names 2016-01-15 13:48:24 +02:00
704523626b Rename spawn commands 2016-01-15 11:18:27 +02:00
f2df17bb88 Refactor signature request submission
Certidude client now reads configuration from
/etc/certidude/client.conf, submits CSR-s and
once signed configures services based on
/etc/certidude/services.conf
2016-01-15 00:47:30 +02:00
d8abde3d53 Refactor request submission
API now properly distinguishes duplicate request from other requests with same common name.
2016-01-14 11:02:57 +02:00
aacf94bb28 Fix encoding error in duplicate request check 2016-01-14 10:44:26 +02:00
21c436ec88 Merge branch 'master' of https://github.com/laurivosandi/certidude
Conflicts:
	certidude/cli.py
2016-01-10 19:53:02 +02:00
de08ba759d Release version 0.1.20 2016-01-10 19:51:54 +02:00