* Allow to pass CSR to acme_certificate as csr_content.
* Make sure contents are bytes.
* No need to write CSR to disk.
* Forgot version_added.
* Fix documentation.
* Do not crash when PKCS#12 file contains no private key and/or main certificate.
* Add changelog fragment.
* Call getters only once each, check explicitly for None.
* Add test.
* Also 'parse' correctly PKCS#12 file with no private key.
* Increase # of bits for random serial numbers of certificates with PyOpenSSL backend.
* Adjust algorithm to return a random number between 1000 and 2^160-1.
* acme_account: add support for External Account Binding.
* Add changelog fragment.
* Error if externalAccountRequired is set in ACME directory meta, but external account data is not provided.
* Validate that EAB key is Base64URL encoded.
* Improve documentation.
* Add padding to Base64 encoded key if necessary.
* Make account creation idempotent with ZeroSSL.
This adds the parameter pkcs11_provider, which can be set to the name of
or path to a PKCS#11 library (e.g. libpkcs11.so). ssh-keygen will then
use this library to have the token make any required signatures.
If this is used, signing_key needs to be set to a file containing the
public key that matches the private key on the token.
* get_certificate - Add support of SNI
For python versions supporting `create_default_context` support SNI by using low-level
SSLContext.wrap_socket().getpeercert().
Add also more information in the error message
fixes#69
* Make sure default CA certificates are not loaded when ca_cert is specified.
* Refactor to combine common code.
* Update changelogs/fragments/get_certificate-add_support_for_SNI.yml
Co-authored-by: Felix Fontein <felix@fontein.de>
Co-authored-by: Felix Fontein <felix@fontein.de>
* Support otherName in subAltName in CSR for UTF8 strings
* Remove uneeded docs and added changelog fragment
* Missed a merge conflict
* Fix up sanity issues and added test expectation
* Rename function
Felix Fontein
Arnoways
s-hamann
Baptiste Mille-Mathias
Jordan Borean