Infra/lemur
5
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity
4,032 Commits 4 Branches 45 Tags
Commit Graph

1912 Commits

Author SHA1 Message Date
Hossein Shafagh
3c1d6998fb
Merge branch 'master' into pinning-to-cross-signed-LE-ICA 2020-07-24 10:25:11 -07:00
Raul Benencia
0fd83d13ae Fix intermediate CA creation on cryptography plugin 2020-07-23 13:58:32 -07:00
Hossein Shafagh
2317967802 lack of an empty config file was resulting into this error 
```
Traceback (most recent call last):
  File "/home/travis/build/Netflix/lemur/lemur/plugins/lemur_acme/tests/test_acme.py", line 159, in test_request_certificate
    self.acme.request_certificate(mock_acme, [], mock_order)
  File "/home/travis/build/Netflix/lemur/lemur/plugins/lemur_acme/plugin.py", line 211, in request_certificate
    current_app.config.get("IDENTRUST_CROSS_SIGNED_LE_ICA_EXPIRATION_DATE", "17/03/21"), '%d/%m/%y'):
TypeError: strptime() argument 1 must be str, not MagicMock
```
 2020-07-15 17:04:49 -07:00
Hossein Shafagh
d5ae45a0d0 Let's Encrypt has been using a cross-signed intermediate CA by DST Root CA X3, which is included in any older devices' TrustStore. 
https://letsencrypt.org/certificates/

Let's Encrypt is transitioning to use the intermediate CA issued by their own root (ISRG X1) starting from September 29th 2020. This is in preparation of concluding the initial bootstrapping of their CA, by having it cross-signed by an older CA.
https://letsencrypt.org/2019/04/15/transitioning-to-isrg-root.html

This PR allows Lemur to pin to the cross-signed ICA (same public/private key pair as the ICA signed by ISRG X1). This will prolong support for incompatible systems.
 2020-07-14 17:35:13 -07:00
Hossein Shafagh
e0c2f4274e
Merge branch 'master' into patch-1 2020-07-02 10:16:02 -07:00
Javier Ramos
aa11088944
Remove f from non-f string 2020-07-02 16:48:41 +02:00
Javier Ramos
1f598e3752
Fix unmatched field in Authorization 
The field in the formatted string was not matching the args
 2020-07-02 16:41:19 +02:00
Javier Ramos
7a5a5531cc
Raise ValidationError if CSR contains invalid CN 
If we supply a CSR that contains an empty field in the Subject, Lemur will crash with an error 500 as the ValueError exception is not captured. This change captures the exception and raises a ValidationError which in this case is a 400 sent back to client. Example to reproduce:

    Subject: C=ZZ, ST=Something, L=, O=My_Org, OU=My_Dept, CN=www.booking.com

The empty L= causes a ValueError which needs to be captured.
 2020-07-01 15:44:06 +02:00
Hossein Shafagh
4985744bd8 fixing UnboundLocalError bug 2020-06-11 16:47:37 -07:00
csine-nflx
a7a309136f fixing whitespace and imports 2020-06-11 14:15:40 -07:00
csine-nflx
f834d10f9a moving ultradns tests to separate file 2020-06-11 14:04:17 -07:00
Hossein Shafagh
c40d297735
Merge branch 'master' into ilabun/optimize-certificates-sql 2020-06-09 14:20:31 -07:00
Hossein Shafagh
fd3ea2cf46
Merge branch 'master' into json-logging-rotate 2020-06-09 10:58:53 -07:00
Hossein Shafagh
099ebee409
Merge branch 'master' into check-revoke-revised 2020-06-09 10:47:24 -07:00
Hossein Shafagh
62469e518f
Merge branch 'master' into json-logging-rotate 2020-06-09 10:45:57 -07:00
Hossein Shafagh
c3b36d697f clarification 2020-06-08 15:17:45 -07:00
Hossein Shafagh
5215a71a6d
Merge branch 'master' into check-revoke-revised 2020-06-04 15:51:48 -07:00
Hossein Shafagh
704e61dd53
Merge branch 'master' into json-logging-rotate 2020-06-04 15:51:24 -07:00
Hossein Shafagh
e06c3ea192
Merge branch 'master' into improve-expiry-email 2020-06-04 15:51:17 -07:00
alwaysjolley
1bcc9d5d0d allowing for _ in domains 2020-06-03 13:20:23 -04:00
alwaysjolley
1b8507636b fixing quotes, no escape characters in tests, fixed anchors 2020-06-03 12:49:55 -04:00
alwaysjolley
3ce7cd6c50 fixing escaped string on domain test 2020-06-03 11:34:14 -04:00
alwaysjolley
8658ac531e fixing unittests and allowing for single character domains 2020-06-03 08:08:49 -04:00
alwaysjolley
2a1751ec30 fixing domain validation to account for 2-63 character length and correct character set 2020-06-03 04:56:38 -04:00
Hossein Shafagh
50091cca1d
Merge branch 'master' into ilabun/optimize-certificates-sql 2020-05-27 15:29:47 -07:00
Hossein Shafagh
d8948a12d3
Merge branch 'master' into check-revoke-revised 2020-05-27 15:29:19 -07:00
Hossein Shafagh
86c3771044
Merge branch 'master' into json-logging-rotate 2020-05-27 15:28:48 -07:00
Hossein Shafagh
904bc9d8b6
Merge branch 'master' into improve-expiry-email 2020-05-27 15:28:41 -07:00
Hossein Shafagh
d95f02d234
Merge branch 'master' into master 2020-05-27 14:25:07 -07:00
Hossein Shafagh
8861cc70cb rewordin 2020-05-26 17:12:47 -07:00
Hossein Shafagh
34e3f7c049 improved messaging 2020-05-26 16:38:12 -07:00
Hossein Shafagh
4eeab91d73 making lint happy 2020-05-22 18:36:39 -07:00
Hossein Shafagh
10dfedee36 making lint happy 2020-05-22 18:33:43 -07:00
Hossein Shafagh
86310ff02d
Merge branch 'master' into check-revoke-revised 2020-05-22 18:25:00 -07:00
Hossein Shafagh
87a53557cd
Merge branch 'master' into json-logging-rotate 2020-05-22 18:24:53 -07:00
Hossein Shafagh
8f16688b0a
Merge branch 'master' into check-revoke-revised 2020-05-22 17:45:50 -07:00
Hossein Shafagh
49a8b80df2 better exception handling when OCSP or CRL or not implemented 2020-05-22 17:36:34 -07:00
Hossein Shafagh
c9767b3172 adding logging for revoked certs 2020-05-22 17:32:44 -07:00
Hossein Shafagh
49c4a9c3b2 making the revocation to be scoped based on the authority plugin name 2020-05-22 17:29:30 -07:00
Hossein Shafagh
4923bbf8a7 adding json formatted logging 2020-05-22 16:22:12 -07:00
Hossein Shafagh
09016fd2ee cleaning up the code after more local testing 2020-05-22 16:04:39 -07:00
e11it
f83e3f764e
always assign csr_sans to name 2020-05-22 21:52:43 +03:00
Hossein Shafagh
97145b6dee
Merge branch 'master' into ilabun/optimize-certificates-sql 2020-05-22 10:29:28 -07:00
Hossein Shafagh
cc4fc66c93
Merge branch 'master' into master 2020-05-22 09:57:46 -07:00
Hossein Shafagh
748268ecd5
Merge branch 'master' into cert-rotation-region-by-region 2020-05-22 09:57:06 -07:00
Hossein Shafagh
2582086d39
Merge branch 'master' into ilabun/optimize-certificates-sql 2020-05-21 15:39:58 -07:00
Hossein Shafagh
fd444403bb improved logging. 
- adding destination name, fixing broken metric.
 2020-05-21 15:32:38 -07:00
Hossein Shafagh
70985f4ff5 revised system arch 2020-05-14 22:37:30 -07:00
Hossein Shafagh
cdd9137f4e
Merge branch 'master' into cert-rotation-region-by-region 2020-05-08 15:32:49 -07:00
Hossein Shafagh
529ee04ae7 removing duplicate line 2020-05-08 09:16:46 -07:00