| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
|
|
|
|
|
|
| |
name, by adding a new (optional) config option "domain name".
This can be used to create a rsa and an ecdsa key for the same domain
name.
The old domain name in the 'title' line continues to be used as domain
name in the abscence of the domain name argument, i.e. the change is
backward compatible with current config files.
tested by sthen@
ok florian@ sthen@
|
| |
|
|
|
|
| |
definitions in every source file that includes extern.h.
From Michael Forney (mforney AT mforney DOT org), thanks!
OK jca
|
| |
|
|
|
| |
OK benno
Input & OK tb
|
| |
|
|
|
|
|
|
|
|
|
| |
This uses less code and unveil(2) seems to be the better tool here.
The directory one chroots into needs to be carefully setup (they are
not) and comon wisedom is that root can break out of chroots.
There is probably nothing wrong with the chroot code because of pledge
but it still makes me feel uneasy.
input & OK on previous version mestre
OK on previous version deraadt
bug found, input & OK benno
|
| | |
|
| |
|
|
|
| |
Originaly from Renaud Allard following input from benno, tweaked by me.
OK benno
|
| |
|
|
| |
diff from Renaud Allard <renaud@allard.it>, ok to get in from florian@
|
| |
|
|
|
| |
One could always use them on the command line and acme-client would do
the right thing.
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
(ACME)" to be able to talk to the v02 Let's Encrypt API.
With this acme-client(1) will no longer be able to talk to the v01
API. Users must change the api url in /etc/acme-client.conf to
https://acme-v02.api.letsencrypt.org/directory
Existing accounts (and certs of course) stay valid and after the url
change acme-client will be able to renew certs.
Tested by Renaud Allard and benno
Input & OK benno
|
| |
|
|
|
|
| |
things more readable. otto notes that free() does some checks, but
in this case readability is better than complete cleanup.
ok florian@ deraadt@
|
| |
|
|
|
|
| |
the contents of its argument (on other platforms). Also strdup() the result,
because basename returns a pointer to static memory.
ok florian@
|
| |
|
|
|
|
|
|
|
| |
(it does not on OpenBSD) so we need to us a copy of the string. In
addition, copy the result of dirname() as well, because it's static
storage and if we call dirname() again it will be overwritten.
Original problem noted and fix suggested by Wolf (wolf AT wolfsden DOT
cz)
ok florian@
|
| |
|
|
|
| |
move the check of existing "account ..." line from main.c to the parser.
ok deraadt@
|
| |
|
|
| |
ok tb@
|
| |
|
|
| |
ok tb@ (previous 3 commits to main.c as well)
|
| |
|
|
| |
From Ross L Richardson.
|
| | |
|
| |
|
|
| |
manpage. From Ross L Richardson.
|
| |
|
|
|
|
|
|
| |
directory call. This way we don't need to update the acme-client.conf
file every time it changes. Still parse the option, ignore and warn about
it for a release. Sysmerge should be able to handle the removal.
"nice" deraadt@
OK benno
|
| |
|
|
|
|
|
| |
Gets rid of double slashes, pointed out by Raf Czlonka (rczlonka at
gmail), thanks!
OK benno
|
| |
|
|
| |
OK benno
|
| |
|
|
|
|
| |
Transformed with coccinelle.
Requested by and ok tb@
|
| |
|
|
| |
ok jsing
|
| | |
|
| |
|
|
|
|
|
|
|
| |
a comparison between the expression and the constant or enum. This
significantly improves readability.
Transformed with coccinelle.
Requested by deraadt@
|
| | |
|
| |
|
|
|
|
| |
preserve order.
ok florian@
|
| |
|
|
| |
OK benno
|
| |
|
|
|
|
| |
revokation works, the fullchain file will be unlinked.
ok florian
|
| |
|
|
| |
OK benno
|
| |
|
|
|
|
|
|
|
| |
This way we can still chroot to certdir but the the certificate file
is not fixed to "cert.pem".
Writing of chain.pem and fullchain.pem is currently broken with this.
OK benno
|
| |
|
|
|
| |
in the way.
OK benno
|
| |
|
|
| |
OK benno
|
| | |
|
| | |
|
| |
|
|
|
|
| |
implement new -n option to check and print configuration
ok florian
|
| |
|
|
|
|
| |
fix getopt()
ok florian
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
change command line options:
n -> A new Account key
N -> D new Domain key
With this acme-client has these main usage patterns:
* create new Account Key and Domain Key and get a certificate:
acme-client -A -D www.example.com
* renew certificate:
acme-client www.example.com
* revoke certificate:
acme-client -r www.example.com
ok florian
|
| |
|
|
|
|
|
| |
- add challengedir option to config file
- remove -C option from command line
ok florian
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
start using the configuration file and delete command line arguments:
-a agreement -> agreement url ...
-c certdir -> domain certificate "path"
-f accountkey -> account key "path"
-k domainkey -> domain key "path"
-s authority -> sign with "name"
new argument:
-f configfile
the changes needed to use the new configuration are local to main.c for now.
While the configuration could be passed directly to netproc(), keyproc() etc,
the diff is smaller this way.
This also removes the multidir (-m) mode for now - specify different paths in
each domain {} block instead.
ok florian
|
| |
|
|
|
| |
it can be worked on in the tree).
ok florian@ deraadt@
|
| |
|
|
|
| |
than this.
ok florian
|
| |
|
|
|
| |
rather than doing it right afterwards.
ok florian
|
| |
|
|
| |
what purpose it was intended to serve.
|
| | |
|
| |
|
|
|
|
|
|
|
| |
talk.
Suggest by and OK deraadt, OK benno.
(Later on deraadt and benno discussed if this should be handled with a
config file. This seems to be good enough for now. We can do a config
file later.)
|
| | |
|
| | |
|
| |
|
|
|
| |
pledge directly as needed.
ok florian
|
| | |
|
benno
florian
gilles
jsing
deraadt
jmc