username/flaskpaste
1
0
Fork 1
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

fpaste: add register command for public certificate enrollment
Some checks failed
CI / Lint & Format (push) Failing after 15s
Details
CI / Tests (push) Has been skipped
Details
CI / Security Scan (push) Failing after 19s
Details

Browse Source 
- Add register command to obtain client cert from server
- Solve PoW challenge, receive PKCS#12 bundle
- Extract cert/key, optionally update config (--configure)
- Fix registration to work without PKI_ENABLED (only needs PKI_CA_PASSWORD)
- Add skip_enabled_check param to get_ca_info() for registration path
- Update docs: README examples, API header name fix (X-Fingerprint-SHA1)
This commit is contained in:
Username
2025-12-21 10:59:09 +01:00
parent 5849c7406f
commit 880bf631e3
5 changed files with 191 additions and 10 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
documentation/api.md
View File

@@ -1119,7 +1119,8 @@ Content-Type: application/json
|--------|-------------|
| `X-Fingerprint-SHA1` | SHA1 fingerprint for `X-SSL-Client-SHA1` header |
| `X-Certificate-Expires` | Unix timestamp when certificate expires |
- Client certificate (signed by CA)
**PKCS#12 Bundle Contents:**
- Client certificate (signed by CA)
- Client private key (EC secp384r1)
- CA certificate (for trust chain)
@@ -1127,7 +1128,8 @@ X-Certificate-Fingerprint: b2c3d4e5f6a1b2c3d4e5f6a1b2c3d4e5f6a1b2c3
**Errors:**
| Code | Description |
|------|-------------|
| 400 | Proof-of-work failed (invalid/expired challenge) |
| 400 | Proof-of-work required (when enabled) |
| 400 | Proof-of-work failed (invalid/expired challenge) |
| 500 | PKI_CA_PASSWORD not configured |
| 500 | Certificate generation failed |