[vhffs-dev] [GIT] vhffs4/vhffs.git branch, master, updated. 58f071982641fd9f72c6dc405fa44f6b43556116 |
[ Thread Index |
Date Index
| More vhffs.org/vhffs-dev Archives
]
- To: vhffs-dev@xxxxxxxxx
- Subject: [vhffs-dev] [GIT] vhffs4/vhffs.git branch, master, updated. 58f071982641fd9f72c6dc405fa44f6b43556116
- From: git@xxxxxxxxxxxxx
- Date: Thu, 25 Feb 2016 20:51:47 +0100
This is an automated email from git. It was enerated because a ref
change was pushed to the repository "vhffs4/vhffs.git".
The branch, master has been updated
via 58f071982641fd9f72c6dc405fa44f6b43556116 (commit)
via 0369402181195986a3385e876ddde1eca4c60283 (commit)
via 00bafea5f73ee96470cbb70d2d70c7fda2b40cd3 (commit)
via d625b475ed3cafae41350d4f14b9cbd930277a6b (commit)
via ab49af721c2d624928d5ba13c8da164e4a1cc12a (commit)
via acf60c6be0bd9abc8064d1e5cedb74708564679b (commit)
via 4b3974c5d5c362ca3dc41a1b7c5fb55c7b6f34da (commit)
via 341fc345cf530398cf396465d4a860a8df534437 (commit)
via 1b9e2b04c5fcab8368c2e63328dbf4bdcd344884 (commit)
via fd6c7bbe268d14ae0a16ce4469922161c6146758 (commit)
via 83efb894b7197d976ab77042c8ee8b884308c471 (commit)
via 3c03a401f4ba4f320716c6331be3a6427636caf1 (commit)
via c691d067d78c5029345301763ca91c2216676ce7 (commit)
via 13e1ee6974e1830eb6a767000ebfa65a193765fa (commit)
via c67269aa5ef3ec9c8df1f50ef0da7acea4e03717 (commit)
via 934ce996092920089ee83f0cdc65d39ea9bef10e (commit)
via d846445358d86556f0999e0377c8b973f3bf14f4 (commit)
via 326d4febe37413ee0b2dfc781145ac3ca08a4a8b (commit)
via c97a127d84580951d8633e9f6bca8b1c8d37fdf8 (commit)
via 0c4e1e475bea9546f4e54c224b31a1278b056191 (commit)
from 0bba71aa0b6db247ff5cfd018d638d258715f000 (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
commit 58f071982641fd9f72c6dc405fa44f6b43556116
Author: Sylvain Rochet <gradator@xxxxxxxxxxxx>
Date: Thu Feb 25 09:44:23 2016 +0000
tls: robot: push openssl/letsencrypt process output into database in case of failure
When we failed to generate a certificate for some reason, push the
failure reason into database in order to ease finding out why it
failed.
commit 0369402181195986a3385e876ddde1eca4c60283
Author: Sylvain Rochet <gradator@xxxxxxxxxxxx>
Date: Thu Feb 25 09:17:44 2016 +0000
tls: add output text column to vhffs_tls
We are willing to provide the output message from Let's Encrypt (or
anything else) in case of errors, to help diagnose why the certificate
failed to be generated. Add an output text column to vhffs_tls so
we can write it there.
commit 00bafea5f73ee96470cbb70d2d70c7fda2b40cd3
Author: Sylvain Rochet <gradator@xxxxxxxxxxxx>
Date: Thu Feb 25 09:03:02 2016 +0000
tls: add missing index on vhffs_tls(valid)
commit d625b475ed3cafae41350d4f14b9cbd930277a6b
Author: Sylvain Rochet <gradator@xxxxxxxxxxxx>
Date: Wed Feb 24 23:31:18 2016 +0000
tls: robot: sort domain names by alphabetical order in log output
Sort domain names by alphabetical order in log output, that's easier
to read and grep from logs.
commit ab49af721c2d624928d5ba13c8da164e4a1cc12a
Author: Sylvain Rochet <gradator@xxxxxxxxxxxx>
Date: Wed Feb 24 23:28:11 2016 +0000
tls: robot: display faulty domain names from partial certificates in log
Append a (F) to domain names which were removed from certificate
while generating a partial certificate.
commit acf60c6be0bd9abc8064d1e5cedb74708564679b
Author: Sylvain Rochet <gradator@xxxxxxxxxxxx>
Date: Wed Feb 24 23:17:43 2016 +0000
tls: robot: capture output from child processes
Whenever we can, capture the output from the called process. We might
need it.
commit 4b3974c5d5c362ca3dc41a1b7c5fb55c7b6f34da
Author: Sylvain Rochet <gradator@xxxxxxxxxxxx>
Date: Wed Feb 24 22:55:11 2016 +0000
tls: robot: only include valid domain name
Remove domain name that failed to be added to certificates.
commit 341fc345cf530398cf396465d4a860a8df534437
Author: Sylvain Rochet <gradator@xxxxxxxxxxxx>
Date: Wed Feb 24 22:47:55 2016 +0000
tls: robot: store correct domain valid bool for partial TLS certificate
Partial TLS certificate support might generate a domain with a partial
list of domains. Properly set the boolean we have in the vhffs_tls_domain
table to notify about this condition.
commit 1b9e2b04c5fcab8368c2e63328dbf4bdcd344884
Author: Sylvain Rochet <gradator@xxxxxxxxxxxx>
Date: Wed Feb 24 21:57:35 2016 +0000
tls: get_domains now returns a hashref of Vhffs::Tls::Domain
We need to call Vhffs::Tls::Domain sub in Vhffs::Robots::Tls,
change Vhffs::Tls get_domains API to returns an hashref of
Vhffs::Tls::Domain objects instead of returning a array
of domains name.
commit fd6c7bbe268d14ae0a16ce4469922161c6146758
Author: Sylvain Rochet <gradator@xxxxxxxxxxxx>
Date: Wed Feb 24 21:53:37 2016 +0000
tls: add Vhffs:Tls::Domain class
Add Vhffs:Tls::Domain class for vhffs_tls_domain database objects,
we need to change the vhffs_tls_domain.valid value and its very
nice this way.
commit 83efb894b7197d976ab77042c8ee8b884308c471
Author: Sylvain Rochet <gradator@xxxxxxxxxxxx>
Date: Wed Feb 24 20:02:13 2016 +0000
tls: robot: add support for partial certificate
If all requested domains name failed, try to generate a partial
certificate by checking each domain individually then generate a partial
certificate. This is quite ressource intensive but it should not happen
very often.
commit 3c03a401f4ba4f320716c6331be3a6427636caf1
Author: Sylvain Rochet <gradator@xxxxxxxxxxxx>
Date: Wed Feb 24 19:14:31 2016 +0000
tls: robot: rework _gencsr to use a domain list
In order to do subset tries in order to generate partial certificates
we need to be able to generate and check generation over a subset of
domain name. Change _gencsr to accept a domain list.
commit c691d067d78c5029345301763ca91c2216676ce7
Author: Sylvain Rochet <gradator@xxxxxxxxxxxx>
Date: Wed Feb 24 19:03:40 2016 +0000
tls: robot: cosmetic changes
commit 13e1ee6974e1830eb6a767000ebfa65a193765fa
Author: Sylvain Rochet <gradator@xxxxxxxxxxxx>
Date: Tue Feb 23 23:22:08 2016 +0000
tls: robot: move Let's Encrypt dry-run try into its own sub
commit c67269aa5ef3ec9c8df1f50ef0da7acea4e03717
Author: Sylvain Rochet <gradator@xxxxxxxxxxxx>
Date: Tue Feb 23 23:13:12 2016 +0000
tls: robot: move existing CSR generation code into its own sub
commit 934ce996092920089ee83f0cdc65d39ea9bef10e
Author: Sylvain Rochet <gradator@xxxxxxxxxxxx>
Date: Tue Feb 23 22:49:45 2016 +0000
tls: robot: reworked _create sub to pass error message to caller
We are going to need much more sub to handle partial certificate
support. Prepare previously used sub to a more generic error
passing.
commit d846445358d86556f0999e0377c8b973f3bf14f4
Author: Sylvain Rochet <gradator@xxxxxxxxxxxx>
Date: Tue Feb 23 22:31:54 2016 +0000
tls: robot: fix theoretically possible temporary file leak
commit 326d4febe37413ee0b2dfc781145ac3ca08a4a8b
Author: Sylvain Rochet <gradator@xxxxxxxxxxxx>
Date: Tue Feb 23 22:22:14 2016 +0000
tls: robot: code cleaning
Moved delete function at the end to easy module readability.
commit c97a127d84580951d8633e9f6bca8b1c8d37fdf8
Author: Sylvain Rochet <gradator@xxxxxxxxxxxx>
Date: Tue Feb 23 22:18:01 2016 +0000
tls: robot: move CSR creation inside Let's Encrypt block
Prepare for partial certificates, move CSR creation inside Let's Encrypt block,
we will need to create CSR until it works.
commit 0c4e1e475bea9546f4e54c224b31a1278b056191
Author: Sylvain Rochet <gradator@xxxxxxxxxxxx>
Date: Tue Feb 23 21:48:59 2016 +0000
tls: add valid boolean column to vhffs_tls_domain
Prepare for partial certificate support, were we will try to request
a certificate for each domain separately if the full domain certificate
failed for some reason. This way, we would be able to support
certificates that do not contain all requested domains. Add a table
field to be able to report this condition to user.
We need to do that because the web area service is asking for
domain and www.domain, it works well with domain.tld and www.domain.tld
but it doesn't work well with patterns such as blog.domain.tld were
we are requesting blog.domain.tld and www.blog.domain.tld.
-----------------------------------------------------------------------
Summary of changes:
vhffs-api/src/Vhffs/Robots/Tls.pm | 359 ++++++++++++++++++++++-----------
vhffs-api/src/Vhffs/Tls.pm | 160 +++++++++++++--
vhffs-backend/src/pgsql/initdb.sql.in | 7 +-
vhffs-compat/from-4.5-to-4.6.sql | 12 ++
4 files changed, 402 insertions(+), 136 deletions(-)
hooks/post-receive
--
vhffs4/vhffs.git