7cc7b74f1e
Add acme certificates for all configured hosts in ejabberd_pkix
2017-08-19 12:50:40 +03:00
ddfe8742c7
Add behaviour ejabberd_config in ejabberd_acme in order to validate the config
2017-08-19 11:35:15 +03:00
051e2c639c
Change some specs
2017-08-12 18:00:46 +03:00
a72a7f830a
Add support to revoke a certificate by providing the pem
...
This is important so that a user can revoke a certificate that is not acquired or logged from our acme client
2017-08-12 17:14:23 +03:00
73f0b6707a
Move the ca_url to the config file
2017-08-12 15:59:54 +03:00
1aadb797b3
Remove the new account option from get certificate. There is no reason for having this
2017-08-11 14:10:55 +03:00
7140c8d844
Format expired certificates differently in list_certificates
2017-08-11 13:28:17 +03:00
2b1fea01cd
Renew certificate now renews all saved certificates that are close to expire
...
Before this commit renew_certificate only checked the hosts in the config file and renewd the certificates for those. However the user can request certificates apart from the hosts in the config file so he should be able to also renew them.
2017-08-10 18:54:26 +03:00
c20bfb3422
Revoke Certificate: Jose Private Key
...
Instead of signing the jose object with the account private key, it now signs the object using the certificate private key. This is useful in case the user wants to revoke a old certificate whose account key doesn't exist anymore.
2017-08-10 17:23:13 +03:00
011b7ac3f2
Support getting certificates for domains not specified in the configuration file
2017-08-10 15:26:35 +03:00
97a4d57f2e
Remove some debugging functions
2017-08-08 18:00:37 +03:00
9756b452d6
Implement renew_certificate command
...
This command renews the certificates for all domains that already have a certificate that has expired or is close to expiring. It is meant to be run automatically more often than the renewal process because if the certificates are valid nothing happens
2017-08-08 16:38:19 +03:00
7fa9a387ae
Try catch when formatting certificates
2017-08-08 12:45:57 +03:00
48254a1e10
Change certificate notAfter to 90 days
...
As stated in Let's Encrypt FAQ: https://letsencrypt.org/docs/faq/
2017-08-08 12:23:13 +03:00
e6e8e64f84
Improve return format of get_certificates command
2017-08-02 21:10:49 +03:00
ac7105d39e
Implement verbose list_certificates option
2017-08-02 19:36:11 +03:00
3abe3aeeec
Finish revoke_certificate and add specs
...
1. Add a try catch in the final revoke_certificate function
2. Also delete the certificate from persistent memory when it is done revoked
2017-07-29 19:10:06 +03:00
cc6f4b90fb
Support certificate revocation
2017-07-27 18:25:44 +03:00
92e38190aa
Encode strings using a library function and not my custom made
2017-07-25 14:13:40 +03:00
09918b5912
Add a try catch arounf list certificates
2017-07-23 21:47:22 +03:00
9ce1f12b66
Pretty print list-certificates
2017-07-18 13:28:44 +03:00
2e18122cd9
Print validity in list-certificates
2017-07-17 13:40:53 +03:00
8fe551cc68
Add a stub for the list-certificates command
2017-07-17 11:39:27 +03:00
09c3496ff1
Remove httpdir from some function arguments as we now use the built in ejabberd http server for authorizations
2017-07-17 10:48:57 +03:00
fa3108e6e2
Save acquired certificates in persistent storage
2017-07-17 10:42:09 +03:00
9cf596c67b
Change the persistent data structure from a record to a proplist
...
This is done so that possible future updates to the data structure don't break existing code.
With this change it will be possible to update the data structure and keep the same old persistent data file, which will still have the expected list format but with more properties
2017-07-17 09:59:38 +03:00
478a12637d
Separate the persistent data structure functions
2017-07-17 09:40:36 +03:00
4d977535f2
Make some persistent data wrapper functions
2017-07-17 09:35:37 +03:00
77a96b0ec6
Solve acme challenges using built in http server
2017-07-12 19:23:52 +03:00
5199ede4a2
Changle acme file permissions
...
Also changed some specs
2017-07-11 11:11:00 +03:00
c50f6c218f
Clean up code by adding throws instead of passing the error value
2017-07-07 18:32:07 +03:00
5866124138
Clean up get_certificate code
2017-07-07 17:37:44 +03:00
56fc0efbc8
Split ACME module into two
...
1. A communications module that handles all requets/responses and other low level stuff that have to do with the ACME CA
2. A head module that will do all the useful stuff
2017-07-04 11:44:22 +03:00
d3c477646f
Add support for command get_certificates, very crude
2017-07-03 13:37:32 +03:00
637d9b054b
Support get-cert, revoke-cert. Also cleaned some typespecs
2017-06-26 19:03:21 +03:00
330456bcf0
Indent using Emacs
2017-06-22 14:47:56 +03:00
396bd5eb3d
Removed some ?INFO_MSG
2017-06-22 11:38:40 +03:00
dd79dea81d
Support new_cert, make certificate request
2017-06-22 11:31:50 +03:00
dc4c00a78c
Add support for solving http-01 challenge
2017-06-18 13:20:47 +03:00
1d1250b056
Cleanup acme_challenge.erl, move types and records in ejabberd_acme.hrl
2017-06-17 19:06:39 +03:00
133d2ae6d5
Derive the alg field of the JWS object using a erlang-jose library function rather than hardcoding
2017-06-15 11:47:29 +03:00
032ce9e53c
Refactor get requests, Implement authorization handling functions
2017-06-14 12:12:43 +03:00
4b1c59e199
Major Refactoring, Separated Logic from Requests
2017-06-12 21:35:43 +03:00
c25aa8378f
Add new-authz, refactor the http requests that all used the same code
2017-06-12 15:31:48 +03:00
911b8188d2
Refactor the http response handlers.
...
Encapsulate some dangerous calls with try catch.
2017-06-09 19:47:50 +03:00
167edacb5f
Make Stylistic Changes in order to conform to guidelines:
...
1. Remove trailing whitespace
2. Remove Macros
3. Handle all erroneous response codes the same way
4. Add specs
Also don't return nonces anymore when the http response is negative.
2017-06-09 18:53:54 +03:00
53d47483c8
Implement some basic account handling functions
2017-06-09 15:49:27 +03:00
Konstantinos Kallas