weiguoqiang/cert-manager
1
0
Fork 0
Code Issues Pull Requests Actions 2 Packages Projects Releases Wiki Activity
827 Commits 45 Branches 0 Tags 96 MiB
b35343786e
Commit Graph

212 Commits

Author SHA1 Message Date
Vincent Desjardins
b35343786e Vault issuer support 
vault remove duration
 2018-05-02 00:45:55 +00:00
James Munnelly
944ed571fc Ensure challenge list gets updated after attempting authzs 2018-04-25 19:02:15 +01:00
James Munnelly
50a4bcfde2 Perform full validation flow for each challenge before checking next one 2018-04-25 19:02:15 +01:00
James Munnelly
d573e30878 Only perform one validation per identifier for a single order at a time 2018-04-25 19:02:15 +01:00
James Munnelly
4be42080eb Add ACMESolverConfigurationForAuthorization test 2018-04-25 18:17:01 +01:00
James Munnelly
c6e6b39fd2 Require asterisk denoted wildcard in acme solver config for wildcard certs 2018-04-25 17:34:21 +01:00
Tim
54067d5446
Add Key Encipherment bit to Key Usage extension 
Google Chrome rejects the certificate for SSL connections if the Key Usage extension does not include the keyEncipherment purpose.
 2018-04-17 16:25:10 -07:00
James Munnelly
5679f6257f Fix up self check failure error message 2018-04-12 19:31:29 +01:00
James Munnelly
611f1f3e0d Absorb HTTP client errors in acme http self check 2018-04-12 19:00:24 +01:00
James Munnelly
0a960d46b2 Fix bug in issue method preventing cert issuance 2018-04-12 16:50:03 +01:00
James Munnelly
70dde521a1 Set status conditions on validation success. Call WaitOrder instead of GetOrder in issue. 2018-04-11 23:30:54 +01:00
James Munnelly
336d01ac4a Update dns util tests 2018-04-11 19:39:36 +01:00
James Munnelly
ef51483cbc
Merge pull request #5 from redbaron/acmev2-upstream 
Fixes for ACME client http transport
 2018-04-11 14:30:28 +01:00
James Munnelly
4a79203633 Run gofmt 2018-04-11 13:22:10 +01:00
Maxim Ivanov
c44a7552ea Check challenge before presenting it 
With async challenge Check, it is often happens,
that solver.Check() fails on first run after solver.Present()

Cert-manager then tries again, but starts with solver.Present(),
which not being idempotent right now fails on certain DNS providers.

This change swaps order of solver.Check() and solver.Present().
Check is not returning error if propagation not happened, it then
allows Present() to run.

In the current form, Present() will be spamming with errors,
but this doesn't stop Check from happening on every attempt,
so eventually Challenge can be verified and accepted. In the future,
Present() should be made idempotent.
 2018-04-11 11:27:23 +01:00
James Munnelly
ce441d604f Enable DNS01 provider tests using cloudflare 2018-04-10 00:27:52 +01:00
James Munnelly
857420fbd3 Use adler32 hash for acme http01 resource labels 2018-04-09 23:27:16 +01:00
James Munnelly
c83b479b2f Remove extra CreateOrder event 2018-04-09 21:29:31 +01:00
James Munnelly
1d52cbeec7 Remove unused strings and standardise event reasons 2018-04-09 21:26:38 +01:00
James Munnelly
d197817fa7 Improve error reporting and use of status conditions 2018-04-09 21:17:51 +01:00
James Munnelly
e8e6785e9a Immediately create a new order if old one has expired 2018-04-09 20:08:18 +01:00
James Munnelly
1485546ed5 Clear ACME order URL if FinalizeOrder fails with 4xx error 2018-04-09 20:02:26 +01:00
James Munnelly
9aa3bb52a3 Fix invalid json tags 2018-04-09 19:44:16 +01:00
James Munnelly
801d882c4b Only manually remove challenges on successful validation 2018-04-09 19:29:02 +01:00
James Munnelly
8f2bab6f05 Fix infinite loop in logger middleware 2018-04-09 19:09:46 +01:00
James Munnelly
5a434865ad Add acme client logger middleware 2018-04-09 19:06:41 +01:00
James Munnelly
ae3b4836b5 Clean up successful validations. Fix up failed validation handling. 2018-04-09 18:16:02 +01:00
James Munnelly
99d7a7b99a Fix ACME DNS provider unit tests 2018-04-09 17:57:33 +01:00
Maxim Ivanov
bd84b7c29c Make acme client transport to be closer to DefaultTransport 
Helps with things such as HTTP_PROXY env var handling
 2018-04-09 17:46:29 +01:00
James Munnelly
b934852775 Merge branch 'master' into acmev2 2018-04-09 16:52:34 +01:00
James Munnelly
f1b3b4b962 Update CA issuer witih changes to UpdateStatusCondition 2018-04-09 15:43:26 +01:00
James Munnelly
4b361348ef Rewrite ACME issuer to use new ACMEOrderChallenge struct 2018-04-09 15:40:32 +01:00
James Munnelly
3bde815cf2 Update DNS and HTTP provider to use challenge structs 2018-04-09 15:38:43 +01:00
jetstack-bot
9021767cb7
Merge pull request #432 from euank/jetstack/user-agent 
Plumb a user-agent through pretty much everywhere
 2018-04-09 11:14:31 +01:00
Euan Kemp
4e5a2d1646 issuer/dns/route53: append our user-agent 2018-04-06 18:09:17 -07:00
Euan Kemp
4d9b0e836e issuer/dns/akamai: set user-agent 2018-04-06 18:09:17 -07:00
Euan Kemp
34391f0726 issuer/dns/cloudflare: set user-agent 2018-04-06 18:09:17 -07:00
Euan Kemp
f122c9c9c2 issuer/acme: add a timeout to the http client 2018-04-06 18:09:17 -07:00
Euan Kemp
7f12fb346c issuer/acme: move 'user-agent' logic to util 
This logic should be shared by things like the aws client as well.
 2018-04-06 18:09:11 -07:00
Louis Taylor
0961e24174
Remove namespace from more places 2018-04-06 11:20:24 +01:00
James Munnelly
76f9f14357 Add TODO about cleaning up old authorization attempts 2018-04-05 00:17:03 +01:00
James Munnelly
838be2f54d Add getOrCreateOrder tests 2018-04-04 23:41:14 +01:00
James Munnelly
178a3a5eea Fix up bugs in unit testing framework 2018-04-04 23:40:44 +01:00
James Munnelly
8d3c2f2b25 Create 'getOrCreateOrder' function 2018-04-04 23:39:34 +01:00
James Munnelly
fde0a0010c Add missing GetOrder function to FakeACME 2018-04-04 23:38:19 +01:00
James Munnelly
211c60b449 Fix panic when an error occurs while creating an order 2018-04-04 23:38:03 +01:00
James Munnelly
f2ddd1d111 Change DNSNames/CommonNameForCertificate function to not return an error 2018-04-04 23:37:37 +01:00
jetstack-bot
acfc2f78d1
Merge pull request #322 from yieldlab/akamai-support 
Add ACME DNS-01 provider for Akamai FastDNS
 2018-04-04 18:26:22 +01:00
James Munnelly
6f71a8de57 Update comments 2018-04-04 18:16:01 +01:00
James Munnelly
7e663971fd Fix typo 2018-04-04 17:39:11 +01:00