Marti Raudsepp
542e953919
Check that stored private keys match certificates
...
This is done in two places:
* Certificate import validator -- throws validation errors.
* Certificate model constructor -- to ensure integrity of Lemur's data
even when issuer plugins or other code paths have bugs.
2018-12-31 16:28:20 +02:00
sirferl
a50d80992c
updated query to ignore empty parameters
2018-12-12 12:45:48 +01:00
Curtis Castrapel
39b76d18dc
add countdown to async call
2018-11-28 14:41:56 -08:00
Curtis Castrapel
e074a14ee9
unit test
2018-11-28 14:27:03 -08:00
Curtis Castrapel
2381d0a4bb
Add async call to create pending cert when needed
2018-11-28 11:32:52 -08:00
Curtis Castrapel
3ce8abe46e
Left outer join on domains tables to avoid missing results
2018-11-13 14:33:17 -08:00
Curtis
29be647911
Merge branch 'master' into no_csr_reissue
2018-11-12 09:54:47 -08:00
Curtis Castrapel
a7a05e26bc
Do not re-use CSR during certificate reissuance; Update requirement; Add more logging to celery handler
2018-11-12 09:52:11 -08:00
Curtis Castrapel
1643650685
Changing essential part of query
2018-11-07 16:02:04 -08:00
Curtis Castrapel
08a2a2b0e5
Optimize certificate filtering by name
2018-11-07 15:34:25 -08:00
Curtis Castrapel
52e773230d
Add new gin index to optimize ILIKE queries
2018-11-05 10:29:11 -08:00
Curtis Castrapel
50761d9d3b
safer reissue, fix celery sync job
2018-10-29 13:22:50 -07:00
James Chuong
75069cd52a
Add CSR to certificiates
...
Add csr column to certificates field, as pending certificates have
exposed the CSR already. This is required as generating CSR from
existing certificate is will not include SANs due to OpenSSL bug:
https://github.com/openssl/openssl/issues/6481
Change-Id: I9ea86c4f87067ee6d791d77dc1cce8f469cb2a22
2018-10-23 17:46:04 -07:00
Curtis Castrapel
73ed5164cd
deps
2018-10-22 14:51:13 -07:00
Curtis Castrapel
cc18a68c00
Lemur LetsEncrypt Polling Support
2018-10-11 22:01:05 -07:00
Curtis Castrapel
e91d8ec81b
add indexes to domains and certificates tables to optimize load time
2018-10-11 11:36:50 -07:00
Non Sequitur
50919d85a8
Merge remote-tracking branch 'upstream/master' into improved_verify
2018-09-27 11:19:06 -04:00
Mike Culbertson
590fac4aa8
docstring update in verify.py
2018-09-27 10:11:13 -04:00
Mike Culbertson
652d7f65dd
flake8 tweak
2018-09-27 09:28:21 -04:00
Curtis Castrapel
563f0fb9b2
Celery refactoring, celery beat job in configuration
2018-09-17 10:52:12 -07:00
Curtis Castrapel
23382b2777
Celery integration
2018-09-13 10:35:54 -07:00
Curtis Castrapel
7d42e4ce67
Fix certificate import issues
2018-09-10 10:34:47 -07:00
Mike Culbertson
2815ddf6c8
Moved cert object to be passed to both ocsp/crl methods so we can report in better detail on the certs. Ensured proper returns of False (revoked) True (good) None (unknown) throughout the methods.
2018-08-31 13:34:55 -04:00
Mike Culbertson
34c88494b8
More specific exception catch for cert parsing. line shortening.
2018-08-31 12:19:55 -04:00
Mike Culbertson
7dbca821c3
Reducing the stacked exceptions plus a bit of pep8
2018-08-31 12:01:49 -04:00
Curtis Castrapel
1ad61b1550
allow null validity periods
2018-08-17 07:57:55 -07:00
Curtis Castrapel
bb026b8b59
Allow LetsEncrypt renewals and requesting certificates without specifying DNS provider
2018-08-13 14:22:59 -07:00
Marti Raudsepp
82158aece6
Fill in missing cert rotation_policy; don't ignore validation errors when re-issuing certs
...
CertificateInputSchema requires the rotation_policy field, but
certificates created before the field existed have set to NULL. Thus
saving such certificates failed and probably caused other errors.
Made cert re-issuing (get_certificate_primitives) more strict so such
errors are harder to miss in the future.
2018-08-03 20:06:21 +03:00
Mike Grima
d6b482755b
Proper flask_restful boolean parsing.
...
This is documented here: https://github.com/flask-restful/flask-restful/issues/488
2018-07-30 13:49:41 -07:00
Curtis Castrapel
f93e938cda
no bare except
2018-07-20 10:53:47 -07:00
Curtis Castrapel
5a01840784
Explicit capture exception during create failure
2018-07-20 10:47:19 -07:00
Steven Reiling
7f3454128d
Adds an optional interval variable to notification service's
...
create_default_expiration_notifications and introduces a new optional
configuration variable, LEMUR_SECURITY_TEAM_EMAIL_INTERVALS, to allow admins
control over the centralized email notification defaults.
2018-07-13 14:08:31 -07:00
Marti Raudsepp
0398c6e723
Clean up module imports
...
Example:
* import lemur.common.utils -> from lemur.common import utils
* import sqlalchemy.types as types -> from sqlalchemy import types
2018-07-07 23:56:23 +03:00
Marti Raudsepp
d690ea32bc
Cache parsed certificate instead of re-parsing for each field
...
Use @cached_property decorator to cache the results of parse_certificate().
This significantly cuts down on the number of times certs need to be
parsed for a list view.
2018-07-03 17:31:44 +03:00
Marti Raudsepp
50846eb682
Expose certificate dateCreated via API
2018-07-02 18:24:18 +03:00
Curtis Castrapel
544a02ca3f
Addressing comments. Updating copyrights. Added function to determine authorative name server
2018-05-29 10:23:01 -07:00
Curtis Castrapel
a9b9b27a0b
fix tests
2018-05-10 12:58:04 -07:00
Curtis Castrapel
52e7ff9919
Allow specification of dns provider name only
2018-05-10 12:58:04 -07:00
Curtis
f4a010e505
Merge branch 'master' into master
2018-05-09 07:52:07 -07:00
Curtis Castrapel
6500559f8e
Fix issue with automatically renewing acme certificates
2018-05-08 14:54:10 -07:00
kevgliss
c26ae16060
fixing docs ( #1231 )
2018-05-08 10:58:48 -07:00
Curtis Castrapel
e68b3d2cbd
0.7 release
2018-05-07 09:58:24 -07:00
Curtis Castrapel
1be3f8368f
dyn support
2018-05-04 15:01:01 -07:00
Curtis Castrapel
3e64dd4653
Additional work
2018-05-04 15:01:01 -07:00
Curtis Castrapel
532872b3c6
dns_provider ui
2018-04-27 11:18:51 -07:00
Curtis Castrapel
7704f51441
Working acme flow. Pending DNS providers UI
2018-04-24 09:38:57 -07:00
Curtis Castrapel
44e3b33aaa
More stuff. Will prioritize this more next week
2018-04-20 14:49:54 -07:00
Curtis Castrapel
2d6d2357b5
DNS Providers list returned
2018-04-13 15:50:55 -07:00
Curtis Castrapel
b2e6938815
WIP: Add support for Acme/LetsEncrypt with DNS Provider integration
2018-04-13 15:50:54 -07:00
Curtis Castrapel
f6fd262618
DNS Providers list returned
2018-04-11 15:56:00 -07:00