Comments (6)
Another potential use case (from #177): checking which certificates have been revoked as a light-weight alternative to OCSP or trying to revoke the certificate again.
from pebble.
As discussed in #242, I would like to propose some basic spec around this feature.
I propose to expose every admin/test related stuff endpoint at the root context /
, listening to a port defined in a new adminPort
field in the Pebble JSON configuration file. The one proposed in the GIT repo will have the default value of 4000
. Not specifying this field in a given configuration will disable the interface. The protocol will be HTTPS, using the same certificate than on port 14000
for the ACME protocol, and so consumes the existing configuration fields on that matter.
What do you think of that @cpu @jsha?
from pebble.
@adferrand That sounds great 👍 I like the idea of putting it on a separate port and disabling the administrative interface outright if it isn't configured. Thanks for volunteering to spec this out/implement it!
The one proposed in the GIT repo will have the default value of 4000
This is totally a bike-shed comment but I think I'd prefer 15000 as the default port. We use :4000
for HTTP access to the legacy ACME v1 API in Boulder and I'd prefer to avoid confusing someone into thinking any part of this management interface relates to ACME v1.
from pebble.
I'm going to re-open this issue since while there is a separate HTTP(s) management interface thanks to @adferrand (:tada:) it doesn't yet let you inject test data, query expiration data, or otherwise affect validation. There is probably an argument to be made for splitting those into separate issues but for now we can use this one.
from pebble.
I guess it is a good idea to list all PRs here which add functionality to the new management interface.
#252 (recently merged) allows to retrieve certificate revocation status (and also the certificate itself) by the certificate's serial number.
from pebble.
I would appreciate the ability to trigger/untrigger pebble's responses so that:
-
the next order(s) will be considered:
[x] pending (current behavior)
[] invalid
[] ready
[] processing
[] valid -
the next authorizations(s) will be considered:
[x] pending (current behavior)
[] valid
[] invalid
[] deactivated
[] expired
[] revoked -
authorization challenges start as:
[x] pending (current behavior)
[] processing
[] valid
[] invalid
A use-case is that I would be able to use hooks in an ACME-client's test script to ensure the client is dealing with every situation/response appropriately. Most clients I have seen will only consider pending/valid in their logic, then bubble up exceptions for other situations; I'd like my client to run tests against pebble on every possible permutation of responses.
from pebble.
Related Issues (20)
- pebble-challtestsrv: allow defaultIPv4 to be a hostname HOT 1
- Golang, apk and zlib versions are outdated HOT 2
- Allow to force auth challenge HOT 1
- Implement the "dns-account-01" Challenge in Pebble HOT 9
- Full http logging HOT 1
- fix appveyor CI
- Support must-staple extension HOT 1
- Fix `golangci-lint` HOT 3
- Regression time limit exceeded / TimeoutError HOT 5
- Request for a new release HOT 6
- v2.5.0 docker push failed HOT 9
- ci: AppVeyor is broken HOT 1
- Remove DockerHub images of pebble and pebble-challtestsrv HOT 4
- Cannot set DNS server in Docker image HOT 6
- Docker: Use hostname instead of IP addresses HOT 7
- New Certificates aren't getting Ready HOT 2
- EAB with pebble 2.5.x HOT 12
- Pebble fails to start with externalAccountBinding test config
- The request specified an account that does not exist, [certbot and pebble] HOT 2
- The key authorization file from the server did not match this challenge HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from pebble.