acme/__init__.py | 15 15 + 0 - 0 !
acme/jose_test.py | 43 43 + 0 - 0 !
2 files changed, 58 insertions(+)

 [patch] allow josepy to be accessed through acme.jose. (#6592)

When working on an update to our packages in Ubuntu Xenial, @NCommander noticed that importing code through acme.jose no longer works since josepy became a separate package and remembers having to fix up some code that was using acme.jose himself.

This PR should fix that problem by making all of josepy accessible through acme.jose. This is primarily beneficial to our OS package maintainers who want to avoid subtle API changes when updating packages in stable repositories. They will likely backport this change, but I figure we might as well add it ourselves to minimize divergences in our OS packages in the future and avoid problems on the off chance someone hasn't upgraded acme and was relying on this feature.

This patch has been edited by Harlan Lieberman-Berg <hlieberman@debian.org> to drop a reference to a file not included in this repo.

acme/__init__.py | 4 2 + 2 - 0 !
acme/jose_test.py | 18 14 + 4 - 0 !
2 files changed, 16 insertions(+), 6 deletions(-)

 [patch] add missing acme.jose attribute. (#6637)

Fixes the problem at https://github.com/certbot/certbot/pull/6592#discussion_r245106383.

The tests use `eval` which neither myself or `pylint` like very much. I started to change this by splitting the path we wanted to test and repeatedly calling `getattr`, but it didn't seem worth the effort to me.

* Add missing acme.jose attribute.

* update changelog

acme/client.py | 92 65 + 27 - 0 !
acme/client_test.py | 30 28 + 2 - 0 !
tests/certbot-pebble-integration.sh | 16 16 + 0 - 0 !
tests/pebble-fetch.sh | 41 41 + 0 - 0 !
4 files changed, 150 insertions(+), 29 deletions(-)

 [patch] implement post-as-get requests (#6522)

* Setup an integration tests env against Pebble, that enforce post-as-get

* Implement POST-as-GET requests, with fallback to GET.

* Fix unit tests

* Fix coverage.

* Fix or ignore lint errors

* Corrections after review

* Correct test

* Try a simple delegate approach

* Add a test

* Simplify test mocking

* Clean comment

acme/client.py | 29 16 + 13 - 0 !
1 file changed, 16 insertions(+), 13 deletions(-)

 [patch] send a post-as-get request to query registration in acme v2
 (#6993)

* Send a post-as-get request to query registration

* Add comments. Add again a line.

* Prepare code for future PR about post-as-get

acme/client.py | 3 1 + 2 - 0 !
1 file changed, 1 insertion(+), 2 deletions(-)

 [patch] correct the content-type used in the post-as-get request to
 retrieve a cert (#6757)

acme/challenges.py | 20 20 + 0 - 0 !
acme/challenges_test.py | 9 9 + 0 - 0 !
acme/client.py | 26 20 + 6 - 0 !
acme/client_test.py | 28 28 + 0 - 0 !
4 files changed, 77 insertions(+), 6 deletions(-)

 [patch] remove keyauthorization field from the challenge response jws
 token (#6758)

Fixes #6755.

POSTing the `keyAuthorization` in a JWS token when answering an ACME challenge, has been deprecated for some time now. Indeed, this is superfluous as the request is already authentified by the JWS signature.

Boulder still accepts to see this field in the JWS token, and ignore it. Pebble in non strict mode also. But Pebble in strict mode refuses the request, to prepare complete removal of this field in ACME v2.

Certbot still sends the `keyAuthorization` field. This PR removes it, and makes Certbot compliant with current ACME v2 protocol, and so Pebble in strict mode.

See also [letsencrypt/pebble#192](https://github.com/letsencrypt/pebble/issues/192) for implementation details server side.

* New implementation, with a fallback.

* Update acme/acme/client.py

Co-Authored-By: adferrand <adferrand@users.noreply.github.com>

* Fix an instance parameter

* Update comment

* Add unit tests on keyAuthorization dump

* Update acme/client.py

Co-Authored-By: adferrand <adferrand@users.noreply.github.com>

* Restrict the magic of setting a variable in immutable object in one place. Make a soon to be removed method private.