Merge remote-tracking branch 'upstream/master'

2020-03-11 00:29:07 +03:00 · 2020-03-11 00:29:07 +03:00 · ad86cf1fd9
parent 790367ea5a cd7adacca3
commit ad86cf1fd9
3 changed files with 23 additions and 3 deletions
--- a/docs/administration.rst
+++ b/docs/administration.rst
@ -735,6 +735,12 @@ The following configuration properties are required to use the Digicert issuer p
            This is the default validity (in years), if no end date is specified. (Default: 1)


+.. data:: DIGICERT_MAX_VALIDITY
+    :noindex:
+
+            This is the maximum validity (in years). (Default: value of DIGICERT_DEFAULT_VALIDITY)
+
+
 .. data:: DIGICERT_PRIVATE
    :noindex:

@ -1008,6 +1014,18 @@ The following configuration properties are required to use the PowerDNS ACME Plu

            This is the number of times DNS Verification should be attempted (i.e. 20)

+
+.. data:: ACME_POWERDNS_VERIFY
+    :noindex:
+
+            This configures how TLS certificates on the PowerDNS API target are validated.  The PowerDNS Plugin depends on the PyPi requests library, which supports the following options for the verify parameter:
+
+            True: Verifies the TLS certificate was issued by a known publicly-trusted CA. (Default)
+
+            False: Disables certificate validation (Not Recommended)
+
+            File/Dir path to CA Bundle: Verifies the TLS certificate was issued by a Certificate Authority in the provided CA bundle.
+
 .. _CommandLineInterface:

 Command Line Interface
--- a/lemur/plugins/lemur_acme/powerdns.py
+++ b/lemur/plugins/lemur_acme/powerdns.py
@ -246,11 +246,12 @@ def _get_zone_name(domain, account_number):
 def _get(path, params=None):
    """ Execute a GET request on the given URL (base_uri + path) and return response as JSON object """
    base_uri = current_app.config.get("ACME_POWERDNS_DOMAIN")
+    verify_value = current_app.config.get("ACME_POWERDNS_VERIFY", True)
    resp = requests.get(
        f"{base_uri}{path}",
        headers=_generate_header(),
        params=params,
-        verify=True,
+        verify=verify_value
    )
    resp.raise_for_status()
    return resp.json()
@ -259,9 +260,11 @@ def _get(path, params=None):
 def _patch(path, payload):
    """ Execute a Patch request on the given URL (base_uri + path) with given payload """
    base_uri = current_app.config.get("ACME_POWERDNS_DOMAIN")
+    verify_value = current_app.config.get("ACME_POWERDNS_VERIFY", True)
    resp = requests.patch(
        f"{base_uri}{path}",
        data=json.dumps(payload),
-        headers=_generate_header()
+        headers=_generate_header(),
+        verify=verify_value
    )
    resp.raise_for_status()
--- a/lemur/static/app/angular/certificates/certificate/tracking.tpl.html
+++ b/lemur/static/app/angular/certificates/certificate/tracking.tpl.html
@ -140,7 +140,6 @@
        <select ng-model="certificate.validityYears" class="form-control">
          <option value="">-</option>
          <option value="1">1 year</option>
-          <option value="2">2 years</option>
        </select>
      </div>
      <span style="padding-top: 15px" class="text-center col-sm-1">