Aldo Cortesi
ac1a700fa1
Make certificate not-before time 48 hours.
...
Fixes #200
2014-01-08 14:46:55 +13:00
Aldo Cortesi
d05c20d8fa
Domain checks for persistent cert store is now irrelevant.
...
We no longer store these on disk, so we don't care about path
components.
2013-12-08 13:15:08 +13:00
Aldo Cortesi
af8f98d493
Merge pull request #22 from fictivekin/custom-o-cn
...
allow specification of o, cn, expiry
2013-12-07 15:42:54 -08:00
Sean Coates
642b3f002e
remove tempfile and shutil imports because they're not actually used
2013-10-07 16:55:35 -04:00
Sean Coates
53b7c5abdd
allow specification of o, cn, expiry
2013-10-07 16:48:30 -04:00
Paul
98f765f693
Don't create a certificate request when creating a dummy cert
2013-09-24 21:18:41 +02:00
Aldo Cortesi
62edceee09
Revamp dummy cert generation.
...
We no longer use on-disk storage - we just keep the certs in memory.
2013-08-12 16:03:29 +12:00
Maximilian Hils
c9ab1c60b5
always read files in binary mode
2013-06-16 00:28:21 +02:00
Aldo Cortesi
7f0aa415e1
Add a request_client_cert argument to server SSL conversion.
...
By default, we now do not request the client cert. We're supposed to be able to
do this with no negative effects - if the client has no cert to present, we're
notified and proceed as usual. Unfortunately, Android seems to have a bug
(tested on 4.2.2) - when an Android client is asked to present a certificate it
does not have, it hangs up, which is frankly bogus. Some time down the track
we may be able to make the proper behaviour the default again, but until then
we're conservative.
2013-05-13 08:48:21 +12:00
Tim Becker
241465c368
extensions aren't supported in v1, set to v3 (value=2) if using them.
2013-04-19 15:37:14 +02:00
Aldo Cortesi
97e11a219f
Housekeeping and cleanup, some minor argument name changes.
2013-02-24 15:36:15 +13:00
Aldo Cortesi
c6f9a2d74d
More accurate description of an HTTP read error, make pyflakes happy.
2013-02-24 11:08:43 +13:00
Aldo Cortesi
00d20abdd4
Beef up client certificate handling substantially.
2013-01-20 22:13:38 +13:00
Aldo Cortesi
e4acace8ea
Sanity-check certstore common names.
2013-01-06 01:34:39 +13:00
Aldo Cortesi
91834ea78f
Generate certificates with a commencement date an hour in the past.
...
This helps smooth over small discrepancies in client and server times, where
it's possible for a certificate to seem to be "in the future" to the client.
2013-01-06 01:16:58 +13:00
Aldo Cortesi
72032d7fe7
Basic certificate store implementation and cert utils API cleanup.
2013-01-06 01:16:25 +13:00
Aldo Cortesi
728ef107a0
Ignore SAN entries that we don't understand.
2012-07-24 14:55:54 +12:00
Aldo Cortesi
a1a1663c0f
Fix cert path.
2012-07-20 14:45:58 +12:00
Maximilian Hils
9ab7842c81
fix relative certdir
2012-07-11 11:09:41 +02:00
Aldo Cortesi
7480f87cd7
Add utility function for converstion to PEM.
2012-06-28 14:56:21 +12:00
Aldo Cortesi
a1491a6ae0
Add a get_remote_cert method to tcp client.
2012-06-28 08:15:55 +12:00
Aldo Cortesi
b0ef9ad07b
Refactor certutils.SSLCert API.
2012-06-27 22:11:58 +12:00
Aldo Cortesi
f7fcb1c80b
Add certutils to netlib.
2012-06-27 16:42:00 +12:00