{
"info": {
"author": "Felix Fontein",
"author_email": "felix@fontein.de",
"bugtrack_url": null,
"classifiers": [
"Development Status :: 4 - Beta",
"Intended Audience :: System Administrators",
"License :: OSI Approved :: MIT License",
"Programming Language :: Python :: 2",
"Programming Language :: Python :: 2.7",
"Programming Language :: Python :: 3",
"Programming Language :: Python :: 3.3",
"Programming Language :: Python :: 3.4",
"Programming Language :: Python :: 3.5",
"Programming Language :: Python :: 3.6",
"Programming Language :: Python :: 3.7",
"Topic :: Internet :: WWW/HTTP :: Site Management",
"Topic :: Security",
"Topic :: Utilities"
],
"description": "OCSP Bot\n========\n\nThe OCSP Bot's job is to make sure up-to-date OCSP responses are kept\nfor a set of certificates.\n\nThe bot should be run as a cronjob regularly (like, once per hour) and\nwill attempt to obtain OCSP responses for certificates for which\n\n- no valid OCSP response is currently stored, and\n- the existing OCSP response is expiring soon enough.\n\nThe criteria for \u201cexpiring soon enough\u201d can be defined in the\nconfiguration.\n\nTo install, use ``pip install ocspbot``. If you want a one-file version,\nplease rename ``ocspbot/__main__.py`` to ``ocspbot.py`` and use that one.\n\n\nRequirements\n------------\n\nOCSP Bot needs `pyyaml `__ and `OpenSSL `__.\nIt has been tested with OpenSSL 1.0.x and 1.1.0, but not with OpenSSL 0.9.x.\n\n\nCommand Line Interface\n----------------------\n\nThe OCSP Bot can be invoked as follows::\n\n ocspbot.py [ ] [ -h | -help | --help ] [ -v | -version | --version ]\n\nIn case ``-h``, ``-help`` or ``--help`` is specified, a short help text\nwill be printed. In case ``-v``, ``-version`` or ``--version`` is specified,\nthe program's version will be printed.\n\nIf no configuration file name is specified, it will use ``ocspbot.yaml``.\nThe configuration file will be parsed and the certificates specified\ntherein will be processed.\n\nOCSP Bot returns 0 for success (without changes), a positive return value\nfor the number of OCSP responses renewed, and negative return values for\nerrors:\n\n+-------------+--------------------------------------------------------------------------------+\n| Return Code | Meaning |\n+=============+================================================================================+\n| -1 | An error occured while retrieving OCSP responses |\n+-------------+--------------------------------------------------------------------------------+\n| -2 | An error occured while parsing the configuration (parsing YAML, start logging) |\n+-------------+--------------------------------------------------------------------------------+\n| -3 | An error occured while parsing the configuration (interpreting configuration) |\n+-------------+--------------------------------------------------------------------------------+\n| -4 | Invalid command line arguments |\n+-------------+--------------------------------------------------------------------------------+\n\nNon-zero return values can be used to reload services which deliver the OCSP\nresponses. In case of negative return values, manual user invention might be\nneeded.\n\n\nConfiguration File Format\n-------------------------\n\nConfiguration files must be in `YAML format `__.\nThey can contain the following keys:\n\n- ``ocsp_folder``: ````\n\n The folder in which the OCSP responses are stored. All OCSP response paths\n will be interpreted relatively to this path.\n\n Default value is the empty string, i.e. the current directory.\n\n- ``minimum_validity``: ````\n\n If an OCSP response is newer than the described time interval, the program\n will try to renew it. The string is interpreted as a list of space separated\n tokens of the form::\n\n ? s, ? sec, ? second, ? seconds\n ? m, ? min, ? minute, ? minutes\n ? h, ? hour, ? hours\n ? d, ? day, ? days\n ? w, ? week, ? weeks\n\n Examples:\n\n - 2 hours 5 minutes 10 seconds\n - 1w 3d 5h\n\n- ``minimum_validity_percentage``: ````\n\n Specifies a percentage (between ``0`` and ``100``). If this percentage of the\n OCSP response's lifespan has elapsed, the response is renewed.\n\n- ``parallel_threads``: ````\n\n An integer specifying how many threads should be run in parallel.\n Default value is ``1``.\n\n- ``stop_on_error``: ````\n\n Specifies whether to stop on the first error found when processing OCSP\n responses, or whether to try to renew all.\n\n- ``make_backups``: ````\n\n If set to True, new OCSP responses are also copied in the ``ocsp_folder``\n directory to ``-`` as a backup (to keep track which\n OCSP response was used when). Default value is ``False``.\n\n- ``openssl_executable``: ````\n\n The OpenSSL executable to use. Default is ``openssl``.\n\n- ``domains``: ````\n\n The dictionary maps a domain identifier to a dictionary with the\n following entries:\n\n - ``cert``: ````\n\n The path to the certificate file. Will be interpreted relative\n to the current working directory. Must always be specified.\n - ``chain``: ````\n\n The path to the certificate's chain file. The chain must neither\n contain the certificate itself nor the root certificate. Will be\n interpreted relative to the current working directory. Must\n always be specified.\n - ``rootchain``: ````\n\n The path to the certificate's root chain file. The root chain\n must not include the certificate itself, but it must include\n the root certificate. Will be interpreted relative\n to the current working directory. Must always be specified.\n - ``ocsp``: ````\n\n The path to the OCSP response file. Will be interpreted relative\n to ``ocsp_folder``. Must always be specified.\n - ``ocsp_responder_uri``: ````\n\n The URI of the OCSP responder for this certificate. Can be left\n away or set to the special value ``certificate`` to extract the\n URL from the certificate.\n\n The domain identifier will only be used in the output messages.\n\n- ``scan_keys``: ````\n\n Every list entry must be a dictionary with the following entries:\n\n - ``folder``: ````\n\n Default: (empty string, i.e. current working directory)\n\n - ``recursive``: ````\n\n Default: ``True``\n\n - ``cert_mask``: ````\n\n Default: ``{domain}.pem``\n\n - ``chain_mask``: ````\n\n Default: ``{domain}-chain.pem``\n\n - ``rootchain_mask``: ````\n\n Default: ``{domain}-rootchain.pem``\n\n - ``ocsp_mask``: ````\n\n Default: ``{domain}.ocsp-resp``\n\n For each dictionary, the program searches for all triples of files\n (cert, chain, rootchain) in the specified folders (and its subfolders\n if ``recursive`` is ``True``) which match the masks for the domain\n identifier ``{domain}``; the corresponding OCSP response filename is\n chosen.\n\n When scanning recursively, and triples are found in subfolders, the\n relative path of the triple's files to the folder to scan is prepended\n to the OCSP response filename.\n\n- ``includes``: ````\n\n A list of folders which will be searched for YAML files with extensions\n ``.yml`` and ``.yaml``. All found YAML files will be parsed and\n ``domains`` and ``scan_keys`` entries processed as in the main\n configuration file.\n\n- ``output_log``: ````\n\n ``error_log``: ````\n\n Writes output respectively error output into log files and not to\n ``stdout`` resp. ``stderr``. The filenames will be formatted with\n the following replacements:\n\n - ``{year}``: the current year (four digits)\n - ``{month}``: the current month, 1 to 12 (two digits)\n - ``{day}``: the current day per month, 1 to 31 (two digits)\n - ``{hour}``: the current hour, 0 to 23 (two digits)\n - ``{minute}``: the current minute, 0 to 59 (two digits)\n - ``{second}``: the current second, 0 to 59 (two digits)\n\n\nExample Configuration File\n--------------------------\n\nThe following configuration file updates OCSP responses for ``example.com``\nand ``example.org`` so that the responses are valid at least for three days\nor 42.8% of their validity period. Backups will be created, and ``stdout``\noutput will be logged. The certificates are taken from\n``/var/www/tls/certs/``, and the responses will be written to\n``/var/www/ocsp/responses`` with backups.\n\nThe minimum validity parameters are tuned for\n`Let's Encrypt `__. When running the CERT Bot\nonce per hour for some time, ``/var/www/ocsp/responses`` might have the\nfollowing files::\n\n example.com.ocsp-resp\n example.com.ocsp-resp-20170415-060000\n example.com.ocsp-resp-20170418-060000\n example.com.ocsp-resp-20170421-060000\n example.org.ocsp-resp\n example.org.ocsp-resp-20170415-060000\n example.org.ocsp-resp-20170418-060000\n example.org.ocsp-resp-20170421-060000\n\nThe current valid OCSP responses will be ``example.com.ocsp-resp`` and\n``example.org.ocsp-resp``, with the last update having been on\nApril 21, 2017 at 06:00 am.\n\nThe configuration file:\n\n.. code:: yaml\n\n ---\n openssl_executable: openssl\n\n minimum_validity: 3d\n minimum_validity_percentage: 42.8\n\n ocsp_folder: /var/www/ocsp/responses\n\n parallel_threads: 1\n\n output_log: /var/www/ocsp/logs/example-{year}{month}{day}-{hour}{minute}{second}.log\n\n make_backups: True\n\n domains:\n example.com:\n cert: /var/www/tls/certs/example.com.pem\n chain: /var/www/tls/certs/example.com-chain.pem\n rootchain: /var/www/tls/certs/example.com-rootchain.pem\n ocsp: example.com.ocsp-resp\n example.org:\n cert: /var/www/tls/certs/example.org.pem\n chain: /var/www/tls/certs/example.org-chain.pem\n rootchain: /var/www/tls/certs/example.org-rootchain.pem\n ocsp: example.org.ocsp-resp\n\n\n",
"description_content_type": "",
"docs_url": null,
"download_url": "",
"downloads": {
"last_day": -1,
"last_month": -1,
"last_week": -1
},
"home_page": "https://github.com/felixfontein/ocspbot",
"keywords": "ocsp response update",
"license": "MIT",
"maintainer": "",
"maintainer_email": "",
"name": "ocspbot",
"package_url": "https://pypi.org/project/ocspbot/",
"platform": "",
"project_url": "https://pypi.org/project/ocspbot/",
"project_urls": {
"Homepage": "https://github.com/felixfontein/ocspbot"
},
"release_url": "https://pypi.org/project/ocspbot/0.9.3/",
"requires_dist": [
"setuptools (>=20.3)",
"pyyaml"
],
"requires_python": "",
"summary": "Ensure up-to-date OCSP responses for certificates are available.",
"version": "0.9.3"
},
"last_serial": 4276792,
"releases": {
"0.9.0": [
{
"comment_text": "",
"digests": {
"md5": "e7b03c1f31a995be3a01cb883c4c7c9b",
"sha256": "c7df2fb31fe1f3b6b119dbe812911b2f8440b6a16d8e068b5a5d70d55ef20ac0"
},
"downloads": -1,
"filename": "ocspbot-0.9.0-py2.py3-none-any.whl",
"has_sig": false,
"md5_digest": "e7b03c1f31a995be3a01cb883c4c7c9b",
"packagetype": "bdist_wheel",
"python_version": "py2.py3",
"requires_python": null,
"size": 18327,
"upload_time": "2017-04-23T17:09:36",
"url": "https://files.pythonhosted.org/packages/34/3f/55a34b866389bbcbc0ae779708ff1d2f4556afdff594db924930606da327/ocspbot-0.9.0-py2.py3-none-any.whl"
},
{
"comment_text": "",
"digests": {
"md5": "60e9800553777136946d3fe737bb9981",
"sha256": "b68c7fe52dde612842bcf44f31b48175d1c5ace8b7d9ffda599f329ae76d5da9"
},
"downloads": -1,
"filename": "ocspbot-0.9.0.tar.gz",
"has_sig": false,
"md5_digest": "60e9800553777136946d3fe737bb9981",
"packagetype": "sdist",
"python_version": "source",
"requires_python": null,
"size": 14428,
"upload_time": "2017-04-23T17:09:37",
"url": "https://files.pythonhosted.org/packages/0c/48/2da8be6810a52eb81ef86b517a6c8a0c712ce73304c9ea0545671226e751/ocspbot-0.9.0.tar.gz"
}
],
"0.9.1": [
{
"comment_text": "",
"digests": {
"md5": "4dc46918d0025c1a0397c5fe3e81cf29",
"sha256": "1dbf0eed9002c120aa6b718523e9efe8b5467d6ddf1bc0e736f224d3c081b3c1"
},
"downloads": -1,
"filename": "ocspbot-0.9.1-py2.py3-none-any.whl",
"has_sig": false,
"md5_digest": "4dc46918d0025c1a0397c5fe3e81cf29",
"packagetype": "bdist_wheel",
"python_version": "py2.py3",
"requires_python": null,
"size": 18637,
"upload_time": "2017-04-24T11:31:25",
"url": "https://files.pythonhosted.org/packages/e1/e0/e6bacc1ad7850621993e32cbe4d09213812831ce9853c17c9b60df7e69db/ocspbot-0.9.1-py2.py3-none-any.whl"
},
{
"comment_text": "",
"digests": {
"md5": "f4ff1dc3ec1f5855ba50f0b4eb4b38f3",
"sha256": "5d0589fc52625ea7e44fda37665d679423bc7c64d0de40ad7636ff3c6c4fabbb"
},
"downloads": -1,
"filename": "ocspbot-0.9.1.tar.gz",
"has_sig": false,
"md5_digest": "f4ff1dc3ec1f5855ba50f0b4eb4b38f3",
"packagetype": "sdist",
"python_version": "source",
"requires_python": null,
"size": 14627,
"upload_time": "2017-04-24T11:31:27",
"url": "https://files.pythonhosted.org/packages/26/35/65e0b40c7dabaeef5c163bd23e42630875eade8b59d12b7e2b8be7f48475/ocspbot-0.9.1.tar.gz"
}
],
"0.9.2": [
{
"comment_text": "",
"digests": {
"md5": "aab1df075d2d445e54a469778a5d627e",
"sha256": "d5340a2fcc47ac8d0bd37beae3aa1b6c3ac7d51617e83fd384fbc8d71e0d4775"
},
"downloads": -1,
"filename": "ocspbot-0.9.2-py2.py3-none-any.whl",
"has_sig": false,
"md5_digest": "aab1df075d2d445e54a469778a5d627e",
"packagetype": "bdist_wheel",
"python_version": "py2.py3",
"requires_python": null,
"size": 18926,
"upload_time": "2017-04-27T23:07:20",
"url": "https://files.pythonhosted.org/packages/ef/99/e0006517b5adafed7ac62a1c2dd84f51185ac84d7bcf8a9e0cb130b44e28/ocspbot-0.9.2-py2.py3-none-any.whl"
},
{
"comment_text": "",
"digests": {
"md5": "ff601af19e7ca445223a377141f3ab72",
"sha256": "a8bea38c98cf4bdbacd94efa679712ba8d7d1b9a051c1ba3718842cfd5eacd95"
},
"downloads": -1,
"filename": "ocspbot-0.9.2.tar.gz",
"has_sig": false,
"md5_digest": "ff601af19e7ca445223a377141f3ab72",
"packagetype": "sdist",
"python_version": "source",
"requires_python": null,
"size": 14906,
"upload_time": "2017-04-27T23:07:22",
"url": "https://files.pythonhosted.org/packages/59/90/74c1558919c74f63d01e852daec845e94060fa508541e0b0d2a7d9126f82/ocspbot-0.9.2.tar.gz"
}
],
"0.9.3": [
{
"comment_text": "",
"digests": {
"md5": "d4ee4bef8454c1d78aae4f0e607eeb94",
"sha256": "b81c16aa82383f29f8a957150cd926f6f8ead01277412f81ee0325903f233ce8"
},
"downloads": -1,
"filename": "ocspbot-0.9.3-py2.py3-none-any.whl",
"has_sig": false,
"md5_digest": "d4ee4bef8454c1d78aae4f0e607eeb94",
"packagetype": "bdist_wheel",
"python_version": "py2.py3",
"requires_python": null,
"size": 15691,
"upload_time": "2018-09-16T15:23:31",
"url": "https://files.pythonhosted.org/packages/3e/4b/580d855c40d05754bacc358adb5f7eb22c805ae36b3996b10c44430c96a0/ocspbot-0.9.3-py2.py3-none-any.whl"
},
{
"comment_text": "",
"digests": {
"md5": "38c427cf416cc01ded04a1a339aa3190",
"sha256": "32e4448787f9dd2b24411081235108d67c3a5070af09d74c0e1fb9586cada22f"
},
"downloads": -1,
"filename": "ocspbot-0.9.3.tar.gz",
"has_sig": false,
"md5_digest": "38c427cf416cc01ded04a1a339aa3190",
"packagetype": "sdist",
"python_version": "source",
"requires_python": null,
"size": 18275,
"upload_time": "2018-09-16T15:23:36",
"url": "https://files.pythonhosted.org/packages/7f/de/c906d4358fb0a2b5c1ccda8bc7167b93f762433170afd83ec331765a0a32/ocspbot-0.9.3.tar.gz"
}
]
},
"urls": [
{
"comment_text": "",
"digests": {
"md5": "d4ee4bef8454c1d78aae4f0e607eeb94",
"sha256": "b81c16aa82383f29f8a957150cd926f6f8ead01277412f81ee0325903f233ce8"
},
"downloads": -1,
"filename": "ocspbot-0.9.3-py2.py3-none-any.whl",
"has_sig": false,
"md5_digest": "d4ee4bef8454c1d78aae4f0e607eeb94",
"packagetype": "bdist_wheel",
"python_version": "py2.py3",
"requires_python": null,
"size": 15691,
"upload_time": "2018-09-16T15:23:31",
"url": "https://files.pythonhosted.org/packages/3e/4b/580d855c40d05754bacc358adb5f7eb22c805ae36b3996b10c44430c96a0/ocspbot-0.9.3-py2.py3-none-any.whl"
},
{
"comment_text": "",
"digests": {
"md5": "38c427cf416cc01ded04a1a339aa3190",
"sha256": "32e4448787f9dd2b24411081235108d67c3a5070af09d74c0e1fb9586cada22f"
},
"downloads": -1,
"filename": "ocspbot-0.9.3.tar.gz",
"has_sig": false,
"md5_digest": "38c427cf416cc01ded04a1a339aa3190",
"packagetype": "sdist",
"python_version": "source",
"requires_python": null,
"size": 18275,
"upload_time": "2018-09-16T15:23:36",
"url": "https://files.pythonhosted.org/packages/7f/de/c906d4358fb0a2b5c1ccda8bc7167b93f762433170afd83ec331765a0a32/ocspbot-0.9.3.tar.gz"
}
]
}