Commit Graph

22 Commits

Author SHA1 Message Date
Aldo Cortesi d05c20d8fa Domain checks for persistent cert store is now irrelevant.
We no longer store these on disk, so we don't care about path
components.
2013-12-08 13:15:08 +13:00
Aldo Cortesi af8f98d493 Merge pull request #22 from fictivekin/custom-o-cn
allow specification of o, cn, expiry
2013-12-07 15:42:54 -08:00
Sean Coates 642b3f002e remove tempfile and shutil imports because they're not actually used 2013-10-07 16:55:35 -04:00
Sean Coates 53b7c5abdd allow specification of o, cn, expiry 2013-10-07 16:48:30 -04:00
Paul 98f765f693 Don't create a certificate request when creating a dummy cert 2013-09-24 21:18:41 +02:00
Aldo Cortesi 62edceee09 Revamp dummy cert generation.
We no longer use on-disk storage - we just keep the certs in memory.
2013-08-12 16:03:29 +12:00
Maximilian Hils c9ab1c60b5 always read files in binary mode 2013-06-16 00:28:21 +02:00
Aldo Cortesi 7f0aa415e1 Add a request_client_cert argument to server SSL conversion.
By default, we now do not request the client cert. We're supposed to be able to
do this with no negative effects - if the client has no cert to present, we're
notified and proceed as usual.  Unfortunately, Android seems to have a bug
(tested on 4.2.2) - when an Android client is asked to present a certificate it
does not have, it hangs up, which is frankly bogus.  Some time down the track
we may be able to make the proper behaviour the default again, but until then
we're conservative.
2013-05-13 08:48:21 +12:00
Tim Becker 241465c368 extensions aren't supported in v1, set to v3 (value=2) if using them. 2013-04-19 15:37:14 +02:00
Aldo Cortesi 97e11a219f Housekeeping and cleanup, some minor argument name changes. 2013-02-24 15:36:15 +13:00
Aldo Cortesi c6f9a2d74d More accurate description of an HTTP read error, make pyflakes happy. 2013-02-24 11:08:43 +13:00
Aldo Cortesi 00d20abdd4 Beef up client certificate handling substantially. 2013-01-20 22:13:38 +13:00
Aldo Cortesi e4acace8ea Sanity-check certstore common names. 2013-01-06 01:34:39 +13:00
Aldo Cortesi 91834ea78f Generate certificates with a commencement date an hour in the past.
This helps smooth over small discrepancies in client and server times, where
it's possible for a certificate to seem to be "in the future" to the client.
2013-01-06 01:16:58 +13:00
Aldo Cortesi 72032d7fe7 Basic certificate store implementation and cert utils API cleanup. 2013-01-06 01:16:25 +13:00
Aldo Cortesi 728ef107a0 Ignore SAN entries that we don't understand. 2012-07-24 14:55:54 +12:00
Aldo Cortesi a1a1663c0f Fix cert path. 2012-07-20 14:45:58 +12:00
Maximilian Hils 9ab7842c81 fix relative certdir 2012-07-11 11:09:41 +02:00
Aldo Cortesi 7480f87cd7 Add utility function for converstion to PEM. 2012-06-28 14:56:21 +12:00
Aldo Cortesi a1491a6ae0 Add a get_remote_cert method to tcp client. 2012-06-28 08:15:55 +12:00
Aldo Cortesi b0ef9ad07b Refactor certutils.SSLCert API. 2012-06-27 22:11:58 +12:00
Aldo Cortesi f7fcb1c80b Add certutils to netlib. 2012-06-27 16:42:00 +12:00