* This is a fix for a potential security issue; the old code had edge
cases with unexpected behavior.
* LEMUR_RESTRICTED_DOMAINS is no more, instead LEMUR_WHITELISTED_DOMAINS
is a list of *allowed* domain name patterns. Per discussion in PR #600
* Domain restrictions are now checked everywhere: in domain name-like
CN (common name) values and SAN DNSNames, including raw CSR requests.
* Common name values that contain a space are exempt, since they cannot
be valid domain names.
You guys asked for one that worked... It took me a little while to tweak, esp. since I'm not a guru with python. The comment about needing mod_wsgi isn't true, unless you want to run lemur as a cgi program... I suspect that's from an older version that ran as cgi and not as a standalone webserver.
* added steps for loading custom plugin
added steps for loading a custom plugin into Lemur once the files have been put into place (/www/lemur/lemur/plugins/) and the setup.py file (/www/lemur/setup.py) has been modified.
* updated __init__.py section
except Exception as e:
This way IDEs can verify method overrides in subclasses, otherwise these
are flagged as erroneous.
Changed base classes to properly raise NotImplementedError; previously
they would cause "TypeError: exceptions must derive from BaseException"
Also fixed exception handling in sources.service.clean().
Mostly typos, grammar errors and inconsistent indentation in code
examples.
Some errors detected using Topy (https://github.com/intgr/topy), all
changes verified by hand.
* Enabling the specification of a default authority, if no default is found then the first available authority is selected
* PEP8
* Skipping tests relying on keytool
* Implement CFSSL issuer plugin
Implement a Lemur plugin for generating certificates from the open
source certificate authority CFSSL
(https://github.com/cloudflare/cfssl). The plugin interacts with CFSSL
through the CFSSL REST API. The CFSSL configuration is defined in the
lemur.conf.py property file using property names prefixed with "CFSSL_".
* Update documentation to include CFSSL plugin