lauri
/
certidude
mirror of https://github.com/laurivosandi/certidude
1
0
Fork 0
Code Issues Activity
229 Commits 2 Branches 0 Tags 18 MiB
Commit Graph

171 Commits

Author SHA1 Message Date
Lauri Võsandi b57fbfa696 Fix typo 2017-04-14 11:08:26 +00:00
Lauri Võsandi b9ac55fe26 Configuration generation fixes for nchan 2017-04-14 11:06:09 +00:00
Lauri Võsandi d6265c10d6 Fix font family name for headings 2017-04-14 10:14:14 +00:00
Lauri Võsandi 91f8f09854 StrongSwan client setup fixes 2017-04-14 02:49:11 +03:00
Lauri Võsandi 8bf9ebfebb Merge branch 'master' of github.com:laurivosandi/certidude 2017-04-14 01:50:33 +03:00
Lauri Võsandi a3adba02a5 Fix CRL path for configuration generators 2017-04-14 01:50:04 +03:00
Lauri Võsandi 216af460cf Better system keytab checking for client 2017-04-14 01:49:32 +03:00
Lauri Võsandi bc43fdc402 Lazier evaluation for dependencies 2017-04-13 22:37:31 +00:00
Lauri Võsandi 1c5913ee3b Add dynamic package installation via decorators 2017-04-13 22:30:20 +00:00
Lauri Võsandi 6264846284 Add OpenSSL as dependency for P12 generation 2017-04-13 21:20:02 +00:00
Lauri Võsandi 721cce05ac Don't enforce dependency on ldap module 2017-04-13 21:03:26 +00:00
Lauri Võsandi 02b2f041cc Clean up dependencies and Travis 2017-04-13 20:52:09 +00:00
Lauri Võsandi 52d35012a4 Various fixes 2017-04-13 20:30:56 +00:00
Lauri Võsandi d91e12942d Tagging fixes 2017-04-13 15:42:38 +00:00
Lauri Võsandi 7a7f22c1a1 Add clock sync tolerance of 5min for signed certs 2017-04-13 15:35:08 +00:00
Lauri Võsandi 4a9abab362 Fix nginx configuration generation 2017-04-13 15:19:26 +00:00
Lauri Võsandi d7a2c7c193 Fix OpenVPN client configuration generation 2017-04-13 18:17:05 +03:00
Lauri Võsandi a22e1eb557 Fix server certificate extensions for StrongSwan 2017-04-13 15:12:56 +00:00
Lauri Võsandi 02482e8d79 Migrate to python-gssapi 2017-04-13 14:33:40 +00:00
Lauri Võsandi 51d7dffa9b Bugfixes 2017-04-12 13:56:29 +00:00
Lauri Võsandi 0201a84a64 Merge branch 'master' of github.com:laurivosandi/certidude 2017-04-12 13:22:21 +00:00
Lauri Võsandi 09724e04dc Add preliminary bootstrap API call 2017-04-12 13:21:49 +00:00
Lauri Võsandi e68829732d Merge branch 'master' of github.com:laurivosandi/certidude 2017-04-07 10:57:38 +03:00
Lauri Võsandi f477fb9ad8 cli: Add Yubikey enrollment command 2017-04-07 10:57:25 +03:00
Lauri Võsandi 848763160b Merge github.com:laurivosandi/certidude 2017-04-04 05:03:33 +00:00
Lauri Võsandi 90b663ce26 Add file based rotating log handler 2017-04-04 05:02:08 +00:00
Lauri Võsandi 5c6097cc40 Fix CSR listing command 2017-03-28 12:24:51 +03:00
Lauri Võsandi d5dcadc346 Remove dependency on pycountries 2017-03-26 20:47:45 +00:00
Lauri Võsandi 44b6f13669 Use random serial for CA certificate 2017-03-26 20:44:47 +00:00
Lauri Võsandi a663efd39e Create directories and set selinux context for `certidude request` 2017-03-26 17:40:39 +00:00
Lauri Võsandi 77db728294 Fix attribute API call whitelist handling 2017-03-26 16:58:29 +00:00
Lauri Võsandi 32356013fd Correct configuration file tagging section name 2017-03-26 10:12:08 +00:00
Lauri Võsandi f806545bee Use filesystem extended attribute user.xdg.tags for tags, move leases to user.lease namespace 2017-03-26 10:09:18 +00:00
Lauri Võsandi 1813056fc7 Move leases and tagging backend to filesystem extended attributes 2017-03-26 00:10:09 +00:00
Lauri Võsandi 79aa1e18c0 Add explicit renewal flag for `certiude request` 2017-03-13 19:47:58 +02:00
Lauri Võsandi 7b1dae0901 Renew certificate only when 25% of certificate lifetime remains 2017-03-13 19:42:21 +02:00
Lauri Võsandi 7eb8378562 Attempt to fix tests 2017-03-13 17:20:41 +02:00
Lauri Võsandi 06010ceaf3 Refactor 
* Remove PyOpenSSL based wrapper classes
* Remove unused API calls
* Add certificate renewal via X-Renewal-Signature header
* Remove (extended) key usage handling
* Clean up OpenVPN and nginx server setup code
* Use UDP port 51900 for OpenVPN by default
* Add basic auth fallback for iOS in addition to Android
* Reduce complexity
 2017-03-13 11:42:58 +00:00
Lauri Võsandi 4eed940a66 Clean up PKCS#12 generation 2017-02-09 17:02:33 +00:00
Lauri Võsandi dae282973e Passphraseless PKCS#12 doesn't play well with Firefox 2017-02-09 16:59:01 +00:00
Lauri Võsandi 94757cf25c Conform to RFC 5280, remove unused variable and a comment 2017-02-09 14:16:01 +00:00
Lauri Võsandi b0e7ad9540 Fix mailbox configuration in the web interface 2017-02-08 20:22:26 +00:00
Lauri Võsandi 2a8109704a Refactor 
* Remove given name and surname attributes because of issues with OpenVPN Connect
* Remove e-mail attribute because of no reliable method of deriving usable address
* Remove organizational unit attribute
* Don't overwrite Kerberos cronjob during certidude setup authority
* Enforce path_length=0 for disabling intermediate CA-s
* Remove SAN attributes
* Add configuration options for outbox sender name and address
* Use common name attribute to derive signature flags
* Use distinct pub/sub URL-s for long poll and event source
 2017-02-07 22:07:21 +00:00
Lauri Võsandi 703970c1d3 Add Mac device identifier string for bundles 2017-02-02 09:44:58 +00:00
Lauri Võsandi 9d29ff74be Add timeago plugin for fuzzy timestamps 2017-01-30 22:59:43 +00:00
Lauri Võsandi 6c1d0bfae9 More fixes to make client work on Mac OS X 2017-01-30 18:12:27 +00:00
Lauri Võsandi 34e8fb9c8c Make Kerberos keytab handling more universal 2017-01-30 17:48:30 +00:00
Lauri Võsandi 0bca61e61f Add preliminary LDAP fallback support for Kerberos protected API calls 2017-01-30 07:04:05 +00:00
Lauri Võsandi 4ae40c5d45 Add long poll support for CRL API call 2017-01-30 06:29:01 +00:00
Lauri Võsandi c979d73bec Fix typos for local time conversion 2017-01-30 06:27:12 +00:00