summaryrefslogtreecommitdiffstats
path: root/usr.sbin/acme-client/extern.h (follow)
Commit message (Collapse)AuthorAgeFilesLines
* We need to be able to provide contact information to use theflorian2020-09-141-2/+2
| | | | | | buypass.com acme api. From Bartosz Kuzma (bartosz.kuzma AT release11.com), thanks! OK beck, deraadt
* Report what's wrong when account creation fails instead of a genericflorian2020-09-141-1/+2
| | | | | http error. OK beck
* In case the order fails print the human readable reason from theflorian2020-05-101-1/+2
| | | | | | challenge objects that the server hopefully provides. input & OK deraadt OK beck, benno
* Do not define variables in extern.h since this will lead to duplicateflorian2020-02-071-3/+3
| | | | | | definitions in every source file that includes extern.h. From Michael Forney (mforney AT mforney DOT org), thanks! OK jca
* Implement elliptic curve account keys.florian2019-06-171-3/+6
| | | | | OK benno Input & OK tb
* Trade unveil(2) for chroot(2).florian2019-06-161-3/+3
| | | | | | | | | | | This uses less code and unveil(2) seems to be the better tool here. The directory one chroots into needs to be carefully setup (they are not) and comon wisedom is that root can break out of chroots. There is probably nothing wrong with the chroot code because of pledge but it still makes me feel uneasy. input & OK on previous version mestre OK on previous version deraadt bug found, input & OK benno
* Track key type (RSA or ECDSA) in an enum and clean up a bit while here.florian2019-06-141-7/+3
| | | | | Originaly from Renaud Allard following input from benno, tweaked by me. OK benno
* use acme-client to sign certificated with ecdsa keysgilles2019-06-121-1/+6
| | | | diff from Renaud Allard <renaud@allard.it>, ok to get in from florian@
* Remove A and D flag, they are superfluous.florian2019-06-081-4/+3
| | | | | One could always use them on the command line and acme-client would do the right thing.
* Implement RFC 8555 "Automatic Certificate Management Environmentflorian2019-06-071-14/+37
| | | | | | | | | | | | | (ACME)" to be able to talk to the v02 Let's Encrypt API. With this acme-client(1) will no longer be able to talk to the v01 API. Users must change the api url in /etc/acme-client.conf to https://acme-v02.api.letsencrypt.org/directory Existing accounts (and certs of course) stay valid and after the url change acme-client will be able to renew certs. Tested by Renaud Allard and benno Input & OK benno
* make struct chng.status a enum for readability.benno2019-01-311-2/+8
| | | | ok florian@
* Deprecate agreement url config option and get the information from theflorian2017-11-271-2/+3
| | | | | | | | directory call. This way we don't need to update the acme-client.conf file every time it changes. Still parse the option, ignore and warn about it for a release. Sysmerge should be able to handle the removal. "nice" deraadt@ OK benno
* Split certificate file from config file into certdir and certfile.florian2017-01-211-10/+4
| | | | | | | | | This way we can still chroot to certdir but the the certificate file is not fixed to "cert.pem". Writing of chain.pem and fullchain.pem is currently broken with this. OK benno
* Remove backup option. This is not acme-client's business; also it getsflorian2017-01-211-2/+2
| | | | | in the way. OK benno
* acme-client use configuration file [1 of 5]benno2017-01-211-12/+7
| | | | | | | | | | | | | | | | | | | | | | start using the configuration file and delete command line arguments: -a agreement -> agreement url ... -c certdir -> domain certificate "path" -f accountkey -> account key "path" -k domainkey -> domain key "path" -s authority -> sign with "name" new argument: -f configfile the changes needed to use the new configuration are local to main.c for now. While the configuration could be passed directly to netproc(), keyproc() etc, the diff is smaller this way. This also removes the multidir (-m) mode for now - specify different paths in each domain {} block instead. ok florian
* Implement table driven selection to which ACME authorities we canflorian2016-09-011-1/+12
| | | | | | | | | talk. Suggest by and OK deraadt, OK benno. (Later on deraadt and benno discussed if this should be handled with a config file. This seems to be good enough for now. We can do a config file later.)
* PATH_VAR_EMPTY is not usedderaadt2016-09-011-5/+1
|
* Collapse krazy abstractions for other sandbox models, using chroot andderaadt2016-09-011-8/+1
| | | | | pledge directly as needed. ok florian
* whitespacebenno2016-08-311-4/+4
|
* Import Kristaps' letskencrypt and call it acme-client in tree.florian2016-08-311-0/+267
OK to get it in deraadt@ (and probably beck@) At least deraadt@, beck@ and otto@ are fine with the name and the disagreements stopped.