./security/py-acme, ACME protocol implementation in Python

[ CVSweb ] [ Homepage ] [ RSS ] [ Required by ] [ Add to tracker ]


Branch: CURRENT, Version: 0.20.0, Package name: py27-acme-0.20.0, Maintainer: filip

ACME (Automated Certificate Management Environment) protocol
implementation in Python.


Required to run:
[security/py-OpenSSL] [devel/py-setuptools] [time/py-pytz] [devel/py-mock] [lang/python27] [devel/py-requests] [lang/py-six] [time/py-rfc3339]

Required to build:
[devel/py-pbr] [pkgtools/cwrappers]

Master sites:

SHA1: dc61e4acdf47941997f8904e0288a219136fac6c
RMD160: b4b776d559c6ac0d36fbed606d1d52c829462b39
Filesize: 1082.167 KB

Version history: (Expand)


CVS history: (Expand)


   2017-12-09 17:39:04 by Filip Hajny | Files touched by this commit (4) | Package updated
Log message:
Update security/py-{acme,certbot} to 0.20.0.

0.20.0 - 2017-12-06

- Certbot's ACME library now recognizes URL fields in challenge
  objects in preparation for Let's Encrypt's new ACME endpoint.
- The Apache plugin now parses some distro specific Apache
  configuration files on non-Debian systems allowing it to get a
  clearer picture on the running configuration.
- Certbot better reports network failures by removing information
  about connection retries from the error output.
- An unnecessary question when using Certbot's webroot plugin
  interactively has been removed.
- Certbot's NGINX plugin no longer sometimes incorrectly reports that
  it was unable to deploy a HTTP->HTTPS redirect when requesting
  Certbot to enable a redirect for multiple domains.
- Problems where the Apache plugin was failing to find directives and
  duplicating existing directives on openSUSE have been resolved.
- An issue running the test shipped with Certbot and some our DNS
  plugins with older versions of mock have been resolved.
- On some systems, users reported strangely interleaved output
  depending on when stdout and stderr were flushed.

0.19.0 - 2017-10-04

- Certbot now has renewal hook directories where executable files can
  be placed for Certbot to run with the renew subcommand.
- After revoking a certificate with the revoke subcommand, Certbot
  will offer to delete the lineage associated with the certificate.
- When using Certbot's Google Cloud DNS plugin on Google Compute
  Engine, you no longer have to provide a credential file to Certbot
  if you have configured sufficient permissions for the instance which
  Certbot can automatically obtain using Google's metadata service.
- When deleting certificates interactively using the delete
  subcommand, Certbot will now allow you to select multiple lineages
  to be deleted at once.
- Certbot's Apache plugin no longer always parses Apache's
  sites-available on Debian based systems and instead only parses
  virtual hosts included in your Apache configuration.
- The plugins subcommand can now be run without root access.
- certbot-auto now includes a timeout when updating itself so it no
  longer hangs indefinitely when it is unable to connect to the
  external server.
- An issue where Certbot's Apache plugin would sometimes fail to
  deploy a certificate on Debian based systems if mod_ssl wasn't
  already enabled has been resolved.
- A bug in our Docker image where the certificates subcommand could
  not report if certificates maintained by Certbot had been revoked
  has been fixed.
- Certbot's RFC 2136 DNS plugin (for use with software like BIND) now
  properly performs DNS challenges when the domain being verified
  contains a CNAME record.
   2017-08-04 00:12:17 by Filip Hajny | Files touched by this commit (3) | Package updated
Log message:
Update security/py-certbot and security/py-acme to 0.17.0.

### Added

- Support in our nginx plugin for modifying SSL server blocks that do
  not contain certificate or key directives.
- A `--max-log-backups` flag to allow users to configure or even completely
  disable Certbot's built in log rotation.
- A `--user-agent-comment` flag to allow people who build tools around Certbot
  to differentiate their user agent string by adding a comment to its default
  value.

### Changed

- Due to some awesome work by cryptography project, compilation can now be
  avoided on most systems when using certbot-auto.
- The `--renew-hook` flag has been hidden in favor of `--deploy-hook`.
- We have started printing deprecation warnings in certbot-auto for
  experimentally supported systems with OS packages available.
- A certificate lineage's name is included in error messages during renewal.

### Fixed

- Encoding errors that could occur when parsing error messages from the ACME
  server containing Unicode have been resolved.
- certbot-auto no longer prints misleading messages about there being a newer
  pip version available when installation fails.
- Certbot's ACME library now properly extracts domains from critical SAN
  extensions.
   2017-05-11 10:23:35 by Filip Hajny | Files touched by this commit (8) | Package updated
Log message:
Update py-certbot and py-acme to 0.14.0.
Use ALTERNATIVES to handle different Python versions better.

0.14.0 - 2017-05-04

Added

- Python 3.3+ support for all Certbot packages. certbot-auto still
  currently only supports Python 2, but the acme, certbot,
  certbot-apache, and certbot-nginx packages on PyPI now fully support
  Python 2.6, 2.7, and 3.3+.
- Certbot's Apache plugin now handles multiple virtual hosts per file.
- Lockfiles to prevent multiple versions of Certbot running
  simultaneously.

Changed

- When converting an HTTP virtual host to HTTPS in Apache, Certbot
  only copies the virtual host rather than the entire contents of the
  file it's contained in.
- The Nginx plugin now includes SSL/TLS directives in a separate file
  located in Certbot's configuration directory rather than copying the
  contents of the file into every modified server block.

Fixed

- Ensure logging is configured before parts of Certbot attempt to log
  any messages.
- Support for the --quiet flag in certbot-auto.
- Reverted a change made in a previous release to make the acme and
  certbot packages always depend on argparse. This dependency is
  conditional again on the user's Python version.
- Small bugs in the Nginx plugin such as properly handling empty
  server blocks and setting server_names_hash_bucket_size during
  challenges.
   2017-04-11 08:32:32 by Filip Hajny | Files touched by this commit (1)
Log message:
Fix py-requests dependency version
   2017-04-10 12:29:38 by Filip Hajny | Files touched by this commit (2)
Log message:
Fix stale and missing dependencies in py-acme and py-certbot. PKGREVISION++
   2017-02-07 15:03:14 by Thomas Klausner | Files touched by this commit (1) | Package updated
Log message:
Updated py-acme to 0.11.1.

No concise changelog found. ~30 bugs/issues fixed.
   2017-01-25 13:34:07 by Thomas Klausner | Files touched by this commit (3) | Package updated
Log message:
Update py-acme and py-certbot to 0.10.1.

All py-certbot self tests pass.
39 self test failures in py-acme (running py.test), one core dump
in openssl (running make test).

Changes:
Test bug fixes
   2017-01-12 17:02:44 by Filip Hajny | Files touched by this commit (6) | Package updated
Log message:
Update security/py-{acme,certbot} to 0.10.0.

No changelog released, commits closed for 0.10.0:
- Stop IDisplay AssertionErrors
- Add update_symlinks to "--help manage"
- Hide rename command for 0.10.0
- Disable rename command for 0.10.0
- Break on failure to deploy cert
- Incorrect success condition in nginx
- certbot delete and rename evoke IDisplay
- Put update_symlinks in certbot --help manage
- Fix Error Message for invalid FQDNs
- pyopenssl inject workaround
- pyparsing.restOfLine is not a function, don't call it
- Add information on updating [certbot|letsencrypt]-auto
- Remove quotes so tilde is expanded
- Correctly report when we skip hooks during renewal
- Add line number to Augeas syntax error message
- Mention line in (Apache) conf file in case of Augeas parse/syntax
  error
- Fixes #3954 and adds a test to prevent regressions
- Further OCSP improvements
- `-n` doesn't like `force_interactive`?
- Save allow_subset_of_names in renewal conf files
- I promise checklists are OK (fixes #3934)
- Return domains for _find_domains_or_certname
- --cert-name causes explosions when trying to use "run" as an installer
- Interactivity glitch in git master
- Document some particularities of the revoke subcommand
- test using os.path.sep not hardcoded /
- Save --pre and --post hooks in renewal conf files, and run them in a
  sophisticated way
- Don't add ServerAlias directives when the domain is already covered by
  a wildcard
- Mitigate problems for people who run without -n
- Use relative paths for livedir symlinks
- Implement delete command
- Use isatty checks before asking new questions
- Ensure apt-cache is always running in English if we're going to grep
- Sort the names by domain (then subdomain) before showing them
- Merge the manual and script plugins
- --allow-subset-of-names should probably be a renewalparam
- Fix certbox-nginx address equality check
- Implement our fancy new --help output
- Make renew command respect the --cert-name flag
- Error when using non-english locale on Debian
- Document defaults
- Improve simple --help output
- Add pyasn1 back to le-auto
- Mark Nginx vhosts as ssl when any vhost is on ssl at that address
- Fully check for Nginx address equality
- Preserve --must-staple in configuration for renewal (#3844)
- Git master certbot is making executable renewal conf files?
- Improve the "certbot certificates" output
- Renewal: Preserve 'OCSP Must Staple' (option --must-staple)
- Security enhancement cleanup
- Parallalelise nosetests from tox
- "certbot certificates" is API-like, so make it future-proof
- Fix LE_AUTO_SUDO usage
- Remove the sphinxcontrib.programout [docs]dependency
- No more relative path connection from live-crt to archive-crt files
- Ensure tests pass with openssl 1.1
- Output success message for revoke command
- acme module fails tests with openssl 1.1
- Pin pyopenssl 16.2.0 in certbot-auto
- Fixed output of `certbot-auto --version`(#3637).
- Take advantage of urllib3 pyopenssl rewrite
- Busybox support
- Fix --http-01-port typo at source
- Implement the --cert-name flag to select a lineage by its name.
- Fix reinstall message
- Changed plugin interface return types (#3748).
- Remove letshelp-letsencrypt
- Bump pyopenssl version
- Bump python-cryptography to 1.5.3
- Remove get_all_certs_keys() from Apache and Nginx
- Further merge --script-* with --*-hook
- Certbot opens curses sessions for informational notices, breaking
  automation
- Fix writing pem files with Python3
- Strange reinstallation errors
- Don't re-add redirects if one exists
- Use subprocess.Popen.terminate instead of os.killpg
- Generalize return types for plugin interfaces
- Don't re-append Nginx redirect directive
- Cli help is sometimes wrong about what the default for something is
- [certbot-auto] Bump cryptography version to 1.5.2
- python-cryptography build failure on sid
- Remove sphinxcontrib-programoutput dependency?
- Allow notification interface to not wrap text
- Fix non-ASCII domain check.
- Add renew_hook to options stored in the renewal config, #3394
- Where oh where has sphinxcontrib-programoutput gone?
- Remove some domain name checks.
- Allowing modification check to run using "tox"
- How to modify *-auto
- Don't crash when U-label IDN provided on command line
- Add README file to each live directory explaining its contents.
- Allow user to select all domains by typing empty string at checklist
- Fix issue with suggest_unsafe undeclared
- Update docs/contributing.rst to match display behavior during release.
- Referencing unbound variable in certbot.display.ops.get_email
- Add list-certs command
- Remove the curses dialog, thereby deprecating the --help and --dialog
  command line options
- Remove the curses dialog, thereby deprecating the --help and --dialog
  command line options
- Specify archive directory in renewal configuration file
- 0.9.1 fails in non-interactive use (pythondialog, error opening
  terminal)
- Allow certbot to get a cert for default_servers
- [nginx] Cert for two domains in one virtaulhost fails
- [nginx] --hsts and --uir flags not working?
- `certbot-auto --version` still says `letsencrypt 0.9.3` (should say
  `certbot 0.9.3`?)
- Add a cli option for "all domains my installer sees"
- Stop rejecting punycode domain names
- Standalone vs. Apache for available ports
- nginx-compatibility-weirdness
- Support requesting IDNA2008 Punycode domains
- Cert Management Improvement Project (C-MIP)
- Add --lineage command line option for nicer SAN management.
- Fix requirements.txt surgery in response to shipping certbot-nginx
- Use correct Content-Types in headers.
- Missing Content-Type 'application/json' in POST requests
- Script plugin
- Inconsistent error placement
- Server alias [revision requested]
- When getopts is called multiple time we need to reset OPTIND.
- certbot-auto: Print link to doc on debugging pip install error
  [revision requested]
- Update ACME error namespace to match the new draft.
- Update errors to match latest ACME version.
- Testing the output of build.py against lea-source/lea
- Make return type of certbot.interfaces.IInstaller.get_all_keys_certs()
  an iterator
- Fix requirements file surgery for 0.10.0 release
- Update Where Are My Certs section.
- Hooks do not get stored in renewal config file
- Multiple vhosts
- Bind to IPv6, fix the problem of ipv6 site cannot generate / renew
  certificate [revision requested]
- Warning message for low memory servers
- Run simple certbot-auto tests with `tox`
- letsencrypt-auto-source/letsencrypt-auto should be the output of
  build.py
- DialogError should come with --text instructions
- Support correct error namespace
- Verification URL after successful certificate configuration can't be
  opened from terminal
- Use appropriate caution when handling configurations that have complex
  rewrite logic
- `revoke` doesn't output any status
- adding -delete option to remove the cert files
- Stop using simple_verify in manual plugin
- Ways of specifying what to renew
- Allow removing SAN from multidomain certificate when renewing
- Dialog is sometimes ugly
- Allow user to override sudo as root authorization method [minor
  revision requested]
- Add a README file to each live directory explaining its contents
- ExecutableNotFound