Closed dholth closed 3 years ago
Merging #28 into master will increase coverage by
1.69%
. The diff coverage is96.83%
.
@@ Coverage Diff @@
## master #28 +/- ##
==========================================
+ Coverage 95% 96.69% +1.69%
==========================================
Files 6 7 +1
Lines 400 545 +145
Branches 28 45 +17
==========================================
+ Hits 380 527 +147
+ Misses 12 11 -1
+ Partials 8 7 -1
Impacted Files | Coverage Δ | |
---|---|---|
txsni/parser.py | 100% <100%> (ø) |
:arrow_up: |
txsni/test/certs/cert_builder.py | 97.97% <100%> (+0.68%) |
:arrow_up: |
txsni/certmaps.py | 91.66% <91.66%> (ø) |
|
txsni/snimap.py | 93.33% <92.3%> (+4.33%) |
:arrow_up: |
txsni/test/test_txsni.py | 98.26% <98.48%> (+0.04%) |
:arrow_up: |
txsni/only_noticed_pypi_pem_after_i_wrote_this.py | 93.54% <0%> (+6.45%) |
:arrow_up: |
Continue to review full report at Codecov.
Legend - Click here to learn more
Δ = absolute <relative> (impact)
,ø = not affected
,? = missing data
Powered by Codecov. Last update 5014c14...f016940. Read the comment docs.
Fixes #20, #25, #27
It might be helpful to think of this code as only doing the same job as http port 80 for the http-01 http://
txacme would build on top of txsni by pausing an incoming request, putting the special acme certificate in SNIMap.acme_mapping, having letsencrypt fetch that certificate, and on success install the new certificate to continue with the original request. Everything letsencrypt-related except the challenge is the same as what txacme does now.
I've tried to make the certificate loaders more generic. They probably work with more than just dehydrated. They are like HostDirectoryMap but they load the certificate from two files. Do they need to be underscored if HostDirectoryMap is not? It was not clear quite which code that comment was about.
I've improved the test coverage and lo and behold found bugs, like "empty dict is falsy".
It looks like the CI is using a pretty old version of pypy. Tests pass over here on python 2 and 3 versions of pypy 7.
Oops. I tried turning on codacy as an experiment, it's not supposed to be gating PRs like this.
Thanks for your responses!
What's the status of this branch?
I stopped working on it and explored other acme server implementations.
On Thu, Feb 27, 2020, at 10:55 AM, Tristan Seligmann wrote:
What's the status of this branch?
— You are receiving this because you authored the thread. Reply to this email directly, view it on GitHub https://github.com/glyph/txsni/pull/28?email_source=notifications&email_token=AABSZESJ6YFQ3HHPJMFJI6DRE7O55A5CNFSM4HAWH34KYY3PNVWWK3TUL52HS4DFVREXG43VMVBW63LNMVXHJKTDN5WW2ZLOORPWSZGOENE3KDI#issuecomment-592033037, or unsubscribe https://github.com/notifications/unsubscribe-auth/AABSZEUOOA73KHC3QGGE7HDRE7O55ANCNFSM4HAWH34A.
This is the simplest possible acme-tls/1 responder for txsni.
To use, get the dehydrated shell script, configure ~/etc/dehydrated/ with config (set BASEDIR) and domains.txt (list of domains), run
authbind twist web --port acmesni:~/etc/dehydrated:tcp6:443
, and rundehydrated -c --force
in the ~/etc/dehydrated/ folder. For testing it's a good idea to use a separate-staging
directory and config to avoid running against letsencrypt rate limits.It also has a couple of unicode fixes.
Tested in pypy 3.6.1 version 7.0.0-alpha0