]>
WPIA git - gigi.git/log
Lucas Werkmeister [Tue, 7 Feb 2017 23:36:51 +0000 (00:36 +0100)]
Temporarily disable SystemCallFilter
systemd applies drop-ins in lexicographical order (to be documented by
systemd/systemd#5262), hence the Z- prefix.
Change-Id: I589b9a4fae5cd5dd107f58f734558bfa31517f4b
Felix Dörre [Tue, 7 Feb 2017 09:17:38 +0000 (10:17 +0100)]
upd: enhance "CSRF-missing" test case exception for better debuging
Change-Id: I3dce9fb7da31987044b23dcf8310af44f64855fb
Felix Dörre [Mon, 6 Feb 2017 22:46:29 +0000 (23:46 +0100)]
upd: move external keywords to own class
Change-Id: Iad887cf134103ed6d26aa32d1358c23de0eeebae
Felix Dörre [Mon, 6 Feb 2017 22:45:13 +0000 (23:45 +0100)]
fix: display verify information only when verification token is known.
Change-Id: I12ea06f13fddc3ad931751e9751f7d87fefd6c60
Felix Dörre [Thu, 19 Jan 2017 11:30:34 +0000 (12:30 +0100)]
fix: make the pinger daemon keep cool when missing database connection
Change-Id: Ic207edc3ab008ac765787146e9752bcd0f867f9b
Lucas Werkmeister [Fri, 27 Jan 2017 11:35:10 +0000 (12:35 +0100)]
fix: add ioctl to SystemCallFilter
Apparently Java needs this to read data from a socket, but only in some
circumstances (Felix says only HTTP domain check was broken, HTTPS check
worked fine).
Change-Id: Ia1b54ef364b282631b44a8313570dafae6b8c5d4
Lucas Werkmeister [Wed, 18 Jan 2017 13:06:39 +0000 (14:06 +0100)]
upd: add more sandboxing directives to gigi-proxy.service
Most notably, the set of permitted syscalls excludes fork and many file
system commands like unlink or rmdir.
Change-Id: I87827f6ed0025570288611cf257c6e3a01769593
Felix Dörre [Tue, 10 Jan 2017 21:44:36 +0000 (22:44 +0100)]
add: fix own host name on certificate issue page
Change-Id: I7fa0e2df8afbe78017067ef8e80c9ecf3a07ca68
Felix Dörre [Tue, 3 Jan 2017 10:35:19 +0000 (11:35 +0100)]
add: detect a quiz-admin directly in gigi
Change-Id: I21854cbafae2a676db624b46975624f31a49d549
Felix Dörre [Fri, 30 Dec 2016 12:01:43 +0000 (13:01 +0100)]
fix: restrict access to CATS-API even more
Change-Id: Idb32bf7e12e0f2704541108afb9a5fcc3e0762a7
Felix Dörre [Fri, 23 Dec 2016 10:45:21 +0000 (11:45 +0100)]
fix: greatly improve performance of often-executed ping-fetch-query
Change-Id: Ic574b193f65f1fd362bf7451fe343e0caa788910
Felix Dörre [Fri, 30 Dec 2016 10:13:37 +0000 (11:13 +0100)]
add: yet another nucleus test
Change-Id: I83cb4a944f8d9e26447535b0672f87a4344458e5
Felix Dörre [Fri, 30 Dec 2016 09:44:06 +0000 (10:44 +0100)]
fix: counting of nucleus verifications
Change-Id: I4a76e579049d822d3280ffc4570f5f2248cac9a4
Felix Dörre [Thu, 29 Dec 2016 16:50:51 +0000 (17:50 +0100)]
fix: send password reset emails to the correct user
Change-Id: I6e88d9fd742255a30a9572f446a3d2b35fb0fcf0
Felix Dörre [Fri, 23 Dec 2016 10:46:53 +0000 (11:46 +0100)]
add: Implement use of Cisco Umbrella 1 Million domain list
as source for high-financial-value-domains
Information about the list is available here:
http://s3-us-west-1.amazonaws.com/umbrella-static/index.html
Blogpost about it:
https://blog.opendns.com/2016/12/14/cisco-umbrella-1-million/
Change-Id: I5d8183f5dd09e3b033301cec59b3fa1e820f236c
Felix Dörre [Thu, 15 Dec 2016 09:20:39 +0000 (10:20 +0100)]
fix: Exception when using TestManager functionality
a constant date gets older than two years at some point in time
Change-Id: I804b06258d27f535a7e9af2dd75223f099170fd0
Felix Dörre [Thu, 8 Dec 2016 15:53:28 +0000 (16:53 +0100)]
fix: generate correct urls to static resources
Change-Id: Ibd337a102b6362fa601fc38aed68031677d3ad5d
Felix Dörre [Sun, 27 Nov 2016 15:10:34 +0000 (16:10 +0100)]
upd: enforce serverAuth EKU for SSL-pings
Change-Id: Ia98447b476eb1e6b60c7471208c7cf965e482aea
Felix Dörre [Sun, 27 Nov 2016 15:14:38 +0000 (16:14 +0100)]
upd: in SSLPinger move serverAuth EKU OID to a constant
Change-Id: Ic4714e6af8a00cc58e69de2def7e9dc1bbbaff05
Felix Dörre [Sun, 27 Nov 2016 00:06:41 +0000 (01:06 +0100)]
fix: allow SSLPinger to process certs without EKU
Change-Id: Ic4c8de9e4cf5ce617dcd5613296c473678596392
Felix Dörre [Tue, 22 Nov 2016 08:30:21 +0000 (09:30 +0100)]
fix: send unsigned mail correctly
Change-Id: I12c008ceab2e0bb7b97eb329141ef2ec82dc71f4
Felix Dörre [Mon, 31 Oct 2016 09:52:52 +0000 (10:52 +0100)]
upd: use try-with-resources to protect JDBC-Statement
Change-Id: I5084448dc134d47da6aaa0dd6ed53b4aacb1c994
Felix Dörre [Tue, 25 Oct 2016 10:26:12 +0000 (12:26 +0200)]
fix: correct SQL query for issuing repings.
Change-Id: Ibabc4851514b1ebe353c6feb1e369353728f6bae
Felix Dörre [Thu, 10 Nov 2016 11:36:36 +0000 (12:36 +0100)]
upd: use "PartOf" relation in gigi-proxy.service
This enables puppet to simply manage gigi-proxy.socket
by ensuring that a restart of gigi-proxy.socket will
also restart gigi-proxy.service.
Change-Id: I96a51f38cfb4c0f5d6b5efd7a8425d90a17534b6
Felix Dörre [Thu, 10 Nov 2016 17:59:15 +0000 (18:59 +0100)]
fix: fixed date in testcases
Change-Id: I29fbf97a27309a54ed4d36463799b92ccf8a6edd
Lucas Werkmeister [Sun, 16 Oct 2016 16:22:30 +0000 (18:22 +0200)]
Merge "fix: resource leak in template fast-debug code"
Benny Baumann [Sun, 16 Oct 2016 16:22:28 +0000 (18:22 +0200)]
Merge "add: email-management-api"
Lucas Werkmeister [Sun, 16 Oct 2016 16:20:53 +0000 (18:20 +0200)]
Merge "upd: more realistic content-type for cert-downloads from API"
Felix Dörre [Fri, 7 Oct 2016 22:19:04 +0000 (00:19 +0200)]
fix: resource leak in template fast-debug code
Change-Id: I570f997bb3e61d916ccc2dfd0ad23c8225ee9020
Felix Dörre [Mon, 3 Oct 2016 12:03:38 +0000 (14:03 +0200)]
add: email-management-api
Change-Id: I4f7ca7b68e9222520738fb329ba390b07fd74b10
Felix Dörre [Mon, 3 Oct 2016 12:03:27 +0000 (14:03 +0200)]
upd: more realistic content-type for cert-downloads from API
Change-Id: I4ad6ee5c27d680cbf4750fe9d8c3a754c9a58590
Benny Baumann [Sun, 9 Oct 2016 16:20:16 +0000 (18:20 +0200)]
Merge "upd: improve digest explanation and make SHA512 default"
Lucas Werkmeister [Mon, 3 Oct 2016 16:15:22 +0000 (18:15 +0200)]
upd: improve digest explanation and make SHA512 default
See #119.
Change-Id: Ia481947c3dff9b6a9770462185c5a12f0f1d996b
Felix Dörre [Mon, 3 Oct 2016 12:02:01 +0000 (14:02 +0200)]
upd: use same-protocol-prefixes for static-links
Change-Id: I0e556b4dde914e0c8eeaccb9c6e5c703225a46ff
Felix Dörre [Thu, 29 Sep 2016 21:05:51 +0000 (23:05 +0200)]
upd: change mail footer so it is recognized by at least thunderbird.
note: significant whitespace at the end of line 5. This whitespace is
required for thunderbird to recognize the footer.
Change-Id: I3eff5903146a5b11ef522f0cb4dba1696dca2c9e
Felix Dörre [Tue, 4 Oct 2016 08:07:55 +0000 (10:07 +0200)]
Merge "fix: #112 use term “country”, not “state”"
Lucas Werkmeister [Tue, 27 Sep 2016 10:09:28 +0000 (12:09 +0200)]
fix: #112 use term “country”, not “state”
Continuation of
a1618d1 .
CertificateOwner.getById() has to be updated because users.country and
organisations.country now clash.
The User constructor is updated for consistency with the Organisation
constructor.
Change-Id: I0aeaf47fa8627ba5c4a5b35f15804e283e4a55b3
Lucas Werkmeister [Mon, 3 Oct 2016 12:35:15 +0000 (14:35 +0200)]
upd: add Also= directive to gigi-proxy.service
When the service is installed/deinstalled, install/deinstall the
accompanying socket as well. (But not the other way around: you can
install the socket alone, so that the service will only be started
on-demand.)
See systemd.unit(5).
Change-Id: I3fd4af0617e1191c96af82ae1c6491feb9dfc654
Felix Dörre [Fri, 23 Sep 2016 16:57:16 +0000 (18:57 +0200)]
upd: make output of Find-Agent-info JSON-formatted
Change-Id: I773aaff596314e83b63e8555ff8e85fce1c2cf55
Felix Dörre [Tue, 27 Sep 2016 23:21:32 +0000 (01:21 +0200)]
Merge branch 'libs/json/local'
Change-Id: Ie68cd2871a8abba4386d089f25da628ba69335cc
Felix Dörre [Tue, 27 Sep 2016 23:15:10 +0000 (01:15 +0200)]
upd: remove json-pointer feature
Change-Id: I7c19cbfbf4de25ca7545ae93f574d597b7d723dd
Felix Dörre [Tue, 27 Sep 2016 14:12:24 +0000 (16:12 +0200)]
add: import org.json
Change-Id: Ia39786f4396e70551aac44ce99ebc664366b4b0a
Felix Dörre [Tue, 27 Sep 2016 14:08:26 +0000 (16:08 +0200)]
add: import script for json.org
Change-Id: I2d67e7ce167e2ddc5a4a5d439835a0bc33861a30
Benny Baumann [Tue, 27 Sep 2016 18:21:21 +0000 (20:21 +0200)]
Merge "Fix error message"
Lucas Werkmeister [Tue, 27 Sep 2016 14:27:53 +0000 (16:27 +0200)]
Fix error message
Change-Id: Ice3d62d7f75165df86c6dce60dbc6d3e9c769918
Felix Dörre [Thu, 22 Sep 2016 21:49:48 +0000 (23:49 +0200)]
upd: make verification processes more consistent on failure
Change-Id: I0a1dfd77fea5f9b365cc166196d0068607cc2b5d
Felix Dörre [Thu, 22 Sep 2016 21:47:58 +0000 (23:47 +0200)]
fix: content of mail footer
Change-Id: I866901be3862c3646ff7911ee698c1ad23f934a6
Felix Dörre [Wed, 21 Sep 2016 11:22:21 +0000 (13:22 +0200)]
fix: S/MIME signature
See https://tools.ietf.org/html/rfc5751#section-3.1.1 for reference.
Change-Id: I9fcd558182395ec83cadb42c0d2bc5c785d49864
Benny Baumann [Tue, 20 Sep 2016 19:23:41 +0000 (21:23 +0200)]
Merge "add: support configuring SetUID behavior"
Lucas Werkmeister [Wed, 7 Sep 2016 13:03:47 +0000 (15:03 +0200)]
add: support configuring SetUID behavior
- It is now possible to skip the setuid step altogether by setting both
UID and GID to the special value -1.
- The Java code now verifies that the values are in range for an
unsigned 16-bit ID.
- The C code now verifies that the cast from jint to uid_t/gid_t does
not overflow.
- The C code now skips setuid() or setgid() if the real and effective ID
are already the desired ID.
The 16-bit limit is somewhat arbitrary. Some old UNIX systems, such as
PWB/UNIX, supported only 8-bit IDs (see for example
/usr/man/man2/getuid.2 in Henry Spencer’s tarball); Wikipedia claims
that some other UNIX systems used 15-bit values, but does not specify
which systems; Linux originally supported 16-bit IDs but then added
support for 32-bit IDs with new syscalls in Linux 2.4. On Debian
systems, the nobody user (default setuid target) is 65534, so we need to
allow at least 16-bit IDs, otherwise the default value is invalid.
Change-Id: I66600572016b18d5ff550560048cdf691dec85e8
Felix Dörre [Sat, 17 Sep 2016 20:49:13 +0000 (22:49 +0200)]
add: javadoc to "Certificate"'s constructor
Change-Id: I7f35343fde31b7eb3edf41a133d3600dd56338d9
Felix Dörre [Fri, 16 Sep 2016 12:58:05 +0000 (14:58 +0200)]
upd: factor out default client certificate profile
Change-Id: Ief1459b17cd820d0d635e89230904d2c46cd69b2
Felix Dörre [Fri, 16 Sep 2016 11:05:18 +0000 (13:05 +0200)]
add: constant for "secure." server name
Change-Id: I7cfac77e65cf965d9d7f04622e6c6322880b506e
Felix Dörre [Thu, 15 Sep 2016 18:34:49 +0000 (20:34 +0200)]
add: test redirect after login
Change-Id: I3caf0a1641a1673e13d68a5c8b9ec4885729811b
Felix Dörre [Thu, 15 Sep 2016 18:34:36 +0000 (20:34 +0200)]
fix: redirect-back after login
Change-Id: Ib416aed3f5c64909593172dcaa378fbcbd59c183
Felix Dörre [Thu, 15 Sep 2016 09:36:16 +0000 (11:36 +0200)]
add: testcase for successful certificate login
Change-Id: Ie6efe2d2a5ab6e14ca3eee95db9c5e99e498b2ce
Felix Dörre [Thu, 15 Sep 2016 07:50:53 +0000 (09:50 +0200)]
fix: deadlock possibility in "DatabaseConnection"
Change-Id: I987cd3d9a0940f1fe3cf9289ec7512b785eca5df
Felix Dörre [Thu, 15 Sep 2016 07:50:37 +0000 (09:50 +0200)]
fix: certlogin. There was a "toLower" needed instead of an "toUpper"
Change-Id: Ie233b6e920ec486a7e59d100681e86856bc7485c
INOPIAE [Thu, 15 Sep 2016 05:53:19 +0000 (07:53 +0200)]
fix: broken hyperlink formatting
Change-Id: I8209324d6fc9dbb8d5e1f0098155a3b3f3e60591
Felix Dörre [Wed, 14 Sep 2016 19:45:01 +0000 (21:45 +0200)]
Merge "upd: native Makefile improvements"
Felix Dörre [Wed, 14 Sep 2016 19:44:56 +0000 (21:44 +0200)]
Merge "upd: modified text displayed during certificate creation process"
Felix Dörre [Sat, 10 Sep 2016 14:18:48 +0000 (16:18 +0200)]
add: js-managed default values for certificate-issue-form
Change-Id: I73713d708f5fdbd505f408b6b19a7a0f7fab813b
INOPIAE [Sat, 10 Sep 2016 11:11:15 +0000 (13:11 +0200)]
upd: modified text displayed during certificate creation process
Change-Id: Ic3038b764e213e6d904ff25c115818d9b4496f7a
Felix Dörre [Sun, 11 Sep 2016 18:44:25 +0000 (20:44 +0200)]
fix: translation strings in "VerificationAgentEntered.templ"
no need to start a translation string when there is nothing
to translate
Change-Id: I2922810f617f1d9e3ec451574134dbb947c474a3
Felix Dörre [Sun, 11 Sep 2016 08:46:54 +0000 (10:46 +0200)]
upd: use serials lowercase-only
Change-Id: Ia30c803c25f6b593086df614ce1d711c1be84ebf
Felix Dörre [Sat, 10 Sep 2016 14:22:37 +0000 (16:22 +0200)]
fix: postgres conditional expression in SimpleSigner error query.
Change-Id: Ia55d3c3c5baf251c7f748153dc727a131502fe87
Felix Dörre [Sat, 10 Sep 2016 14:02:10 +0000 (16:02 +0200)]
fix: simple signer correctly parse profile-EKUs
Change-Id: Iec644be800d86fe687acccf779383e90a68bd780
Felix Dörre [Fri, 9 Sep 2016 23:37:33 +0000 (01:37 +0200)]
upd: enforce a more strict Form call pattern.
form management is now split into:
- initial generation (typically in doGet)
- actual submitting (typically in beforePost) resulting in
- an error (permament or non-permament)
- a submission result
- redirect
- success message
- custom
- re-emitting if needed (typically in doPost)
Change-Id: Ic226bb886a513b6dfbd844294d2092b653c5df5b
Lucas Werkmeister [Fri, 9 Sep 2016 20:19:31 +0000 (22:19 +0200)]
upd: native Makefile improvements
- Remove optimization. We don't need it, and -O3 in particular can
introduce bugs.
- Move -I directives to preprocessor flags.
- Add a separate goal for the header file instead of using shell &&.
- Use the special variable $(RM) to remove files, and ignore failures if
some files don't exist.
Change-Id: Icb7bd684bae6bdb860712a4e24d880b265db292a
Felix Dörre [Mon, 5 Sep 2016 17:05:17 +0000 (19:05 +0200)]
upd: use a more strict pattern for handling forms
Change-Id: I55e1087868820e652fccc7454c9ae290b6947119
Felix Dörre [Fri, 9 Sep 2016 12:07:05 +0000 (14:07 +0200)]
fix: make simple signer select CA certificate better.
Change-Id: I51d3a7849c1d5899a80c93c7222a2e97a3ff5dba
Lucas Werkmeister [Fri, 9 Sep 2016 12:47:57 +0000 (14:47 +0200)]
fix: add CAP_SETGID to gigi-standalone bounding set
I thought CAP_SETUID included CAP_SETGID, but that’s not the case, and
we need both.
Change-Id: I83adef1bec4baea2a4bd28aafe8c1686f2932014
INOPIAE [Mon, 22 Aug 2016 08:24:15 +0000 (10:24 +0200)]
add: test case for user opt-in notification for RA Agents
Change-Id: I896cb3d9f6c6f894001cb8d26f6a84f8b3fc8e6c
INOPIAE [Fri, 19 Aug 2016 13:22:27 +0000 (15:22 +0200)]
add: implement opt-in for notification of RA Agent
Sets the opt-in value for an RA Agent to receive a notification for
every Verification he enters and sends notification if value is given.
fixes issue #95
Change-Id: I4a544712831aa45b9b5ec252c79834c1f10fb179
Felix Dörre [Wed, 7 Sep 2016 20:58:55 +0000 (22:58 +0200)]
Merge changes Ia0c9d6da,I9e50cc2d
* changes:
add: tests for EditDistance
add: improvement of template parsing
Johannes Bechberger [Mon, 5 Sep 2016 20:38:18 +0000 (22:38 +0200)]
add: tests for EditDistance
Change-Id: Ia0c9d6da088cc4060ebd6b24d1d8a34eb99c4e6d
Johannes Bechberger [Mon, 5 Sep 2016 18:01:39 +0000 (20:01 +0200)]
add: improvement of template parsing
Change-Id: I9e50cc2d8d30b7b795dedb9dee02ade4d090d891
INOPIAE [Fri, 2 Sep 2016 03:52:39 +0000 (05:52 +0200)]
chg: replace CAcert Wot User by SomeCA User when creating certificates
Change-Id: I71bfb43f10ec7e4d39a4ccbb27305afb708df4e3
Felix Dörre [Sun, 4 Sep 2016 11:53:10 +0000 (13:53 +0200)]
fix: print error messages for translation extraction to stderr
Change-Id: I26c6294d93463575ce02a5a0752a37814eb47a0d
Felix Dörre [Sat, 3 Sep 2016 13:05:30 +0000 (15:05 +0200)]
add: fail build when translation extraction has a problem.
Change-Id: Ibeeb1f674ce09a131cac21fa6a5df3516b586e60
Felix Dörre [Sat, 3 Sep 2016 15:07:57 +0000 (17:07 +0200)]
upd: cleanup SQL statements to make them statically verifiable.
Change-Id: I4e7b773bf13a1c5a9b979a995bf72fe5ba45f9d0
Benny Baumann [Tue, 6 Sep 2016 06:55:10 +0000 (08:55 +0200)]
Merge "fix: language detection pattern for Group description"
Felix Dörre [Sun, 4 Sep 2016 11:47:56 +0000 (13:47 +0200)]
fix: language detection pattern for Group description
Change-Id: I15ead19d4a218b527eb25430659355d5e47029ad
Felix Dörre [Sat, 3 Sep 2016 14:12:57 +0000 (16:12 +0200)]
fix: SQL query was wrong
Change-Id: I3637c59944fdd5fc2e61a991b51781b3b9d746db
Felix Dörre [Sat, 3 Sep 2016 15:24:24 +0000 (17:24 +0200)]
Merge "Replace init scripts with systemd unit files"
Lucas Werkmeister [Tue, 30 Aug 2016 12:35:05 +0000 (14:35 +0200)]
Replace init scripts with systemd unit files
The package installs four unit files. gigi-standalone.service works just
like the old cacert-gigi service: gigi will start as root, manage its
own ports, then drop privileges. gigi-proxy.service and .socket let
systemd manage the port and start gigi as its dedicated user. These
services need different configuration for gigi: for the proxy version,
the configuration must contain proxy=true and http.bindPort=stdin, while
for the standalone version the configuration must have proxy=false and
specify real ports. For this reason, we also disable Debian's policy to
automatically start services upon package installation.
(gigi-simple-signer.service is a direct conversion of
cacert-gigi-signer.init.)
Very simple init scripts for gigi-standalone and gigi-simple-signer are
provided, so that running /etc/init.d/gigi-standalone start will still
work. The scripts simply redirect to systemctl; the LSB header is not
included, since the scripts are useless on their own.
Change-Id: I53f0c825880d1b8c082496106a018957d6128392
Lucas Werkmeister [Tue, 30 Aug 2016 17:43:05 +0000 (19:43 +0200)]
Merge changes I343e1e25,I8bf03317
* changes:
Support socket activation
Support reading configuration from file
Lucas Werkmeister [Mon, 29 Aug 2016 12:10:09 +0000 (14:10 +0200)]
Support socket activation
There are now separate properties for the port that is "displayed" (e.g.
when issuing redirects) and the port that is actually bound. The bind
ports may also be set to "stdin", in which case System.inheritedChannel
is used (expects a socket as file descriptor 0). This allows gigi to
inherit a socket from the system manager ((x)inetd, systemd), which in
turn allows one to run gigi as any user on root ports (e.g. port 80).
Change-Id: I343e1e25daae94aae67db1dd6f25fcfb6241d0fc
Lucas Werkmeister [Mon, 29 Aug 2016 14:00:47 +0000 (16:00 +0200)]
Support reading configuration from file
This is necessary to support socket activation (Java only supports a
single "inherited channel", which must be file descriptor 0), and also
makes it simpler to run gigi when the configuration is just a regular
file.
It also simplifies the DevelLauncher a bit.
Change-Id: I8bf03317ea549bd17f5b61e50808f48314a06803
Felix Dörre [Fri, 26 Aug 2016 08:08:24 +0000 (10:08 +0200)]
add: prevent supporters from modifying their own accounts via support
Change-Id: Ie759b769074e5f7c25787cee7f5661fd8b1471a5
Felix Dörre [Mon, 29 Aug 2016 11:32:35 +0000 (13:32 +0200)]
Merge "fix: only run fetch-locales in postinst configure"
INOPIAE [Sun, 28 Aug 2016 06:05:10 +0000 (08:05 +0200)]
add: notify board if a support role is granted or removed
The board mailing address needs to be defined in the future to the email
address for the recipient defined.
Change-Id: Id19ac9023aa199981f91cdcb25a63d26f5af5173
Lucas Werkmeister [Sat, 27 Aug 2016 11:56:51 +0000 (13:56 +0200)]
fix: only run fetch-locales in postinst configure
I believe we’re not supposed to run that in other postinst phases.
Change-Id: I180aa9fe1b58a33e61b6e6e8b18e944a41d81c22
Felix Dörre [Fri, 26 Aug 2016 15:18:05 +0000 (17:18 +0200)]
fix: stop checking CAA on public suffix (and report error better)
Change-Id: Ifb7000db540e6e89c5b8e7c2bdccb6656c5ebe50
Felix Dörre [Fri, 26 Aug 2016 19:31:31 +0000 (21:31 +0200)]
add: make inclusion of leaf certificate optional
Change-Id: Ie7c9b18bcb698fb4b9fd688e68f16d8ffb2157cb
Felix Dörre [Thu, 25 Aug 2016 23:08:49 +0000 (01:08 +0200)]
fix: message to user on single-certificate-revoke
Change-Id: I0e49c575e7e421922ed3120572480ad263506893
Felix Dörre [Thu, 25 Aug 2016 22:01:15 +0000 (00:01 +0200)]
fix: turn NPE in better error message.
Change-Id: I2a45b7dd043d4a4d9c73a19ea4bcf1c4433b391d
Felix Dörre [Thu, 25 Aug 2016 22:00:19 +0000 (00:00 +0200)]
upd: constrain API around Supported User.
Change-Id: I75c60ce9a3881d4ddf9153a8b7da9eb811045c96
Benny Baumann [Thu, 25 Aug 2016 19:41:08 +0000 (21:41 +0200)]
Merge "Fix typo and spelling"
Felix Dörre [Thu, 25 Aug 2016 14:35:06 +0000 (16:35 +0200)]
upd: make simple Signer more intelligent in choosing CA certificate
Change-Id: I24420cc7a5cd78b460e26dfc58203b4bb0fc0adb