The argument to ctype functions must be EOF or representable as an
unsigned char.

Casting to int is particularly useless because that's what the
compiler already does. We need to prevent sign extension, not write
down that we want sign extension.

OK deraadt, millert, kn

Add missing void to definition of http_init().

ok deraadt florian

Remove unneeded calls to tls_init(3)

As per the manual and lib/libtls/tls.c revision 1.79 from 2018
"Automatically handle library initialisation for libtls." initialisation
is handled automatically by other tls_*(3) functions.

Remove explicit tls_init() calls from base to not give the impression of
it being needed.

Feedback tb
OK Tests mestre

Remove the tls_close warnx in acme-client. Currently it very often reports
a spurious "acme-client: tls_close: EOF without close notify" warning which
is plain confusing - it is a warning only, doesn't block anything, but when
people have some other failure (network problems, bad acme-challenge
path in webserver, etc) they often see this message and think that it's
relevant.

The libtls warning is there to detect truncation attacks in protocols
that don't have their own way to do so (e.g. HTTP/0.9). HTTP/1.0 or newer
have methods to do this (Content-Length or chunked transfer encoding);
acme-client doesn't check them yet and perhaps should. But that's a separate
issue, the warnx doesn't really help with this anyway, and it's unlikely
that a truncated json payload would be valid for acme-client parsing anyway.

OK florian@ benno@

According to RFC 8555 we MUST send an User-Agent.
Pointed out and diff by Wolf, thanks!
Tweaked by me.
OK benno

When system calls indicate an error they return -1, not some arbitrary
value < 0. errno is only updated in this case. Change all (most?)
callers of syscalls to follow this better, and let's see if this strictness
helps us in the future.

Implement RFC 8555 "Automatic Certificate Management Environment
(ACME)" to be able to talk to the v02 Let's Encrypt API.

With this acme-client(1) will no longer be able to talk to the v01
API. Users must change the api url in /etc/acme-client.conf to
https://acme-v02.api.letsencrypt.org/directory
Existing accounts (and certs of course) stay valid and after the url
change acme-client will be able to renew certs.

Tested by Renaud Allard and benno
Input & OK benno

According to RFC 7230 Section 3.2 header field names are
case-insensitive.
Pointed out by "Wolf" ( wolf at wolfsden.cz ), thanks!
OK benno

update for libtls default cert changes.
bonus: this exposed a few missing const qualifiers.

Use TLS_CA_CERT_FILE instead of a separate define.

ok beck@ bluhm@ tb@

In netproc process, unveil to only expose the CA file.
ok florian

kill dead code

recallocarray() for data buffer from the net.
ok beck

Don't use <sys/param.h> from userland without cause. Sort <sys/*>
before other includes per style(9) while we're here.

ok florian@ bcook@ jsing@ beck@

Make returns consistent and remove parentheses per style(9).

Transformed with coccinelle.

Requested by and ok tb@

Complete jsing's coccinelle cleanup... by hand
ok jsing

Replace comparisons between a constant or enum and an expression, with
a comparison between the expression and the constant or enum. This
significantly improves readability.

Transformed with coccinelle.

Requested by deraadt@

string terminator is called a NUL

Use secure defaults for TLS - instead of accepting TLSv1.0 and any cipher
suite, use the libtls defaults and require TLSv1.2 with an AEAD+PFS cipher
suite - given who we're talking to one would hope that they meet these
requirements...

ok benno@ deraadt@ florian@

Avoid a potential MITM - calling tls_config_insecure_noverify() is a bad
idea, so stop doing that. Instead, use a single tls_config, set it up and
configure the CA file to use while we still have rpath, then drop rpath.
This also avoids creating a new tls_config for each and every HTTPS
connection, which is unnecessary.

ok benno@ florian@

tls_close() can return TLS_WANT_POLLIN/TLS_WANT_POLLOUT - handle this
case correctly.

ok florian@

The file descriptor needs to be closed in both the TLS and non-TLS case,
so make it a common/shared code path.

Both tls_free() and tls_config_free() are safe to call with NULL.

Remove more backwards compat for unsupported OpenBSD releases.

A small amount more KNF to make this easier on our eyes. Not going further
than this.
ok florian

we don't have config.h

do { } while is easier to eyeball

We are past 5.8. Also gets rid of asserts as a bonus.
OK benno@, deraadt@

whitespace

whitespace

avoid arith on void *, by using char *

Import Kristaps' letskencrypt and call it acme-client in tree.
OK to get it in deraadt@ (and probably beck@)

At least deraadt@, beck@ and otto@ are fine with the name and the
disagreements stopped.

Add missing void to definition of http_init().

ok deraadt florian

Remove unneeded calls to tls_init(3)

As per the manual and lib/libtls/tls.c revision 1.79 from 2018
"Automatically handle library initialisation for libtls." initialisation
is handled automatically by other tls_*(3) functions.

Remove explicit tls_init() calls from base to not give the impression of
it being needed.

Feedback tb
OK Tests mestre

Remove the tls_close warnx in acme-client. Currently it very often reports
a spurious "acme-client: tls_close: EOF without close notify" warning which
is plain confusing - it is a warning only, doesn't block anything, but when
people have some other failure (network problems, bad acme-challenge
path in webserver, etc) they often see this message and think that it's
relevant.

The libtls warning is there to detect truncation attacks in protocols
that don't have their own way to do so (e.g. HTTP/0.9). HTTP/1.0 or newer
have methods to do this (Content-Length or chunked transfer encoding);
acme-client doesn't check them yet and perhaps should. But that's a separate
issue, the warnx doesn't really help with this anyway, and it's unlikely
that a truncated json payload would be valid for acme-client parsing anyway.

OK florian@ benno@

According to RFC 8555 we MUST send an User-Agent.
Pointed out and diff by Wolf, thanks!
Tweaked by me.
OK benno

When system calls indicate an error they return -1, not some arbitrary
value < 0. errno is only updated in this case. Change all (most?)
callers of syscalls to follow this better, and let's see if this strictness
helps us in the future.

Implement RFC 8555 "Automatic Certificate Management Environment
(ACME)" to be able to talk to the v02 Let's Encrypt API.

With this acme-client(1) will no longer be able to talk to the v01
API. Users must change the api url in /etc/acme-client.conf to
https://acme-v02.api.letsencrypt.org/directory
Existing accounts (and certs of course) stay valid and after the url
change acme-client will be able to renew certs.

Tested by Renaud Allard and benno
Input & OK benno

According to RFC 7230 Section 3.2 header field names are
case-insensitive.
Pointed out by "Wolf" ( wolf at wolfsden.cz ), thanks!
OK benno

update for libtls default cert changes.
bonus: this exposed a few missing const qualifiers.

Use TLS_CA_CERT_FILE instead of a separate define.

ok beck@ bluhm@ tb@

In netproc process, unveil to only expose the CA file.
ok florian

kill dead code

recallocarray() for data buffer from the net.
ok beck

Don't use <sys/param.h> from userland without cause. Sort <sys/*>
before other includes per style(9) while we're here.

ok florian@ bcook@ jsing@ beck@

Make returns consistent and remove parentheses per style(9).

Transformed with coccinelle.

Requested by and ok tb@

Complete jsing's coccinelle cleanup... by hand
ok jsing

Replace comparisons between a constant or enum and an expression, with
a comparison between the expression and the constant or enum. This
significantly improves readability.

Transformed with coccinelle.

Requested by deraadt@

string terminator is called a NUL

Use secure defaults for TLS - instead of accepting TLSv1.0 and any cipher
suite, use the libtls defaults and require TLSv1.2 with an AEAD+PFS cipher
suite - given who we're talking to one would hope that they meet these
requirements...

ok benno@ deraadt@ florian@

Avoid a potential MITM - calling tls_config_insecure_noverify() is a bad
idea, so stop doing that. Instead, use a single tls_config, set it up and
configure the CA file to use while we still have rpath, then drop rpath.
This also avoids creating a new tls_config for each and every HTTPS
connection, which is unnecessary.

ok benno@ florian@

tls_close() can return TLS_WANT_POLLIN/TLS_WANT_POLLOUT - handle this
case correctly.

ok florian@

The file descriptor needs to be closed in both the TLS and non-TLS case,
so make it a common/shared code path.

Both tls_free() and tls_config_free() are safe to call with NULL.

Remove more backwards compat for unsupported OpenBSD releases.

A small amount more KNF to make this easier on our eyes. Not going further
than this.
ok florian

we don't have config.h

do { } while is easier to eyeball

We are past 5.8. Also gets rid of asserts as a bonus.
OK benno@, deraadt@

whitespace

whitespace

avoid arith on void *, by using char *

Import Kristaps' letskencrypt and call it acme-client in tree.
OK to get it in deraadt@ (and probably beck@)

At least deraadt@, beck@ and otto@ are fine with the name and the
disagreements stopped.

Remove unneeded calls to tls_init(3)

As per the manual and lib/libtls/tls.c revision 1.79 from 2018
"Automatically handle library initialisation for libtls." initialisation
is handled automatically by other tls_*(3) functions.

Remove explicit tls_init() calls from base to not give the impression of
it being needed.

Feedback tb
OK Tests mestre

Remove the tls_close warnx in acme-client. Currently it very often reports
a spurious "acme-client: tls_close: EOF without close notify" warning which
is plain confusing - it is a warning only, doesn't block anything, but when
people have some other failure (network problems, bad acme-challenge
path in webserver, etc) they often see this message and think that it's
relevant.

The libtls warning is there to detect truncation attacks in protocols
that don't have their own way to do so (e.g. HTTP/0.9). HTTP/1.0 or newer
have methods to do this (Content-Length or chunked transfer encoding);
acme-client doesn't check them yet and perhaps should. But that's a separate
issue, the warnx doesn't really help with this anyway, and it's unlikely
that a truncated json payload would be valid for acme-client parsing anyway.

OK florian@ benno@

According to RFC 8555 we MUST send an User-Agent.
Pointed out and diff by Wolf, thanks!
Tweaked by me.
OK benno

When system calls indicate an error they return -1, not some arbitrary
value < 0. errno is only updated in this case. Change all (most?)
callers of syscalls to follow this better, and let's see if this strictness
helps us in the future.

Implement RFC 8555 "Automatic Certificate Management Environment
(ACME)" to be able to talk to the v02 Let's Encrypt API.

With this acme-client(1) will no longer be able to talk to the v01
API. Users must change the api url in /etc/acme-client.conf to
https://acme-v02.api.letsencrypt.org/directory
Existing accounts (and certs of course) stay valid and after the url
change acme-client will be able to renew certs.

Tested by Renaud Allard and benno
Input & OK benno

According to RFC 7230 Section 3.2 header field names are
case-insensitive.
Pointed out by "Wolf" ( wolf at wolfsden.cz ), thanks!
OK benno

update for libtls default cert changes.
bonus: this exposed a few missing const qualifiers.

Use TLS_CA_CERT_FILE instead of a separate define.

ok beck@ bluhm@ tb@

In netproc process, unveil to only expose the CA file.
ok florian

kill dead code

recallocarray() for data buffer from the net.
ok beck

Don't use <sys/param.h> from userland without cause. Sort <sys/*>
before other includes per style(9) while we're here.

ok florian@ bcook@ jsing@ beck@

Make returns consistent and remove parentheses per style(9).

Transformed with coccinelle.

Requested by and ok tb@

Complete jsing's coccinelle cleanup... by hand
ok jsing

Replace comparisons between a constant or enum and an expression, with
a comparison between the expression and the constant or enum. This
significantly improves readability.

Transformed with coccinelle.

Requested by deraadt@

string terminator is called a NUL

Use secure defaults for TLS - instead of accepting TLSv1.0 and any cipher
suite, use the libtls defaults and require TLSv1.2 with an AEAD+PFS cipher
suite - given who we're talking to one would hope that they meet these
requirements...

ok benno@ deraadt@ florian@

Avoid a potential MITM - calling tls_config_insecure_noverify() is a bad
idea, so stop doing that. Instead, use a single tls_config, set it up and
configure the CA file to use while we still have rpath, then drop rpath.
This also avoids creating a new tls_config for each and every HTTPS
connection, which is unnecessary.

ok benno@ florian@

tls_close() can return TLS_WANT_POLLIN/TLS_WANT_POLLOUT - handle this
case correctly.

ok florian@

The file descriptor needs to be closed in both the TLS and non-TLS case,
so make it a common/shared code path.

Both tls_free() and tls_config_free() are safe to call with NULL.

Remove more backwards compat for unsupported OpenBSD releases.

A small amount more KNF to make this easier on our eyes. Not going further
than this.
ok florian

we don't have config.h

do { } while is easier to eyeball

We are past 5.8. Also gets rid of asserts as a bonus.
OK benno@, deraadt@

whitespace

whitespace

avoid arith on void *, by using char *

Import Kristaps' letskencrypt and call it acme-client in tree.
OK to get it in deraadt@ (and probably beck@)

At least deraadt@, beck@ and otto@ are fine with the name and the
disagreements stopped.

Remove the tls_close warnx in acme-client. Currently it very often reports
a spurious "acme-client: tls_close: EOF without close notify" warning which
is plain confusing - it is a warning only, doesn't block anything, but when
people have some other failure (network problems, bad acme-challenge
path in webserver, etc) they often see this message and think that it's
relevant.

The libtls warning is there to detect truncation attacks in protocols
that don't have their own way to do so (e.g. HTTP/0.9). HTTP/1.0 or newer
have methods to do this (Content-Length or chunked transfer encoding);
acme-client doesn't check them yet and perhaps should. But that's a separate
issue, the warnx doesn't really help with this anyway, and it's unlikely
that a truncated json payload would be valid for acme-client parsing anyway.

OK florian@ benno@

According to RFC 8555 we MUST send an User-Agent.
Pointed out and diff by Wolf, thanks!
Tweaked by me.
OK benno

When system calls indicate an error they return -1, not some arbitrary
value < 0. errno is only updated in this case. Change all (most?)
callers of syscalls to follow this better, and let's see if this strictness
helps us in the future.

Implement RFC 8555 "Automatic Certificate Management Environment
(ACME)" to be able to talk to the v02 Let's Encrypt API.

With this acme-client(1) will no longer be able to talk to the v01
API. Users must change the api url in /etc/acme-client.conf to
https://acme-v02.api.letsencrypt.org/directory
Existing accounts (and certs of course) stay valid and after the url
change acme-client will be able to renew certs.

Tested by Renaud Allard and benno
Input & OK benno

According to RFC 7230 Section 3.2 header field names are
case-insensitive.
Pointed out by "Wolf" ( wolf at wolfsden.cz ), thanks!
OK benno

update for libtls default cert changes.
bonus: this exposed a few missing const qualifiers.

Use TLS_CA_CERT_FILE instead of a separate define.

ok beck@ bluhm@ tb@

In netproc process, unveil to only expose the CA file.
ok florian

kill dead code

recallocarray() for data buffer from the net.
ok beck

Don't use <sys/param.h> from userland without cause. Sort <sys/*>
before other includes per style(9) while we're here.

ok florian@ bcook@ jsing@ beck@

Make returns consistent and remove parentheses per style(9).

Transformed with coccinelle.

Requested by and ok tb@

Complete jsing's coccinelle cleanup... by hand
ok jsing

Replace comparisons between a constant or enum and an expression, with
a comparison between the expression and the constant or enum. This
significantly improves readability.

Transformed with coccinelle.

Requested by deraadt@

string terminator is called a NUL

Use secure defaults for TLS - instead of accepting TLSv1.0 and any cipher
suite, use the libtls defaults and require TLSv1.2 with an AEAD+PFS cipher
suite - given who we're talking to one would hope that they meet these
requirements...

ok benno@ deraadt@ florian@

Avoid a potential MITM - calling tls_config_insecure_noverify() is a bad
idea, so stop doing that. Instead, use a single tls_config, set it up and
configure the CA file to use while we still have rpath, then drop rpath.
This also avoids creating a new tls_config for each and every HTTPS
connection, which is unnecessary.

ok benno@ florian@

tls_close() can return TLS_WANT_POLLIN/TLS_WANT_POLLOUT - handle this
case correctly.

ok florian@

The file descriptor needs to be closed in both the TLS and non-TLS case,
so make it a common/shared code path.

Both tls_free() and tls_config_free() are safe to call with NULL.

Remove more backwards compat for unsupported OpenBSD releases.

A small amount more KNF to make this easier on our eyes. Not going further
than this.
ok florian

we don't have config.h

do { } while is easier to eyeball

We are past 5.8. Also gets rid of asserts as a bonus.
OK benno@, deraadt@

whitespace

whitespace

avoid arith on void *, by using char *

Import Kristaps' letskencrypt and call it acme-client in tree.
OK to get it in deraadt@ (and probably beck@)

At least deraadt@, beck@ and otto@ are fine with the name and the
disagreements stopped.

According to RFC 8555 we MUST send an User-Agent.
Pointed out and diff by Wolf, thanks!
Tweaked by me.
OK benno

When system calls indicate an error they return -1, not some arbitrary
value < 0. errno is only updated in this case. Change all (most?)
callers of syscalls to follow this better, and let's see if this strictness
helps us in the future.

Implement RFC 8555 "Automatic Certificate Management Environment
(ACME)" to be able to talk to the v02 Let's Encrypt API.

With this acme-client(1) will no longer be able to talk to the v01
API. Users must change the api url in /etc/acme-client.conf to
https://acme-v02.api.letsencrypt.org/directory
Existing accounts (and certs of course) stay valid and after the url
change acme-client will be able to renew certs.

Tested by Renaud Allard and benno
Input & OK benno

According to RFC 7230 Section 3.2 header field names are
case-insensitive.
Pointed out by "Wolf" ( wolf at wolfsden.cz ), thanks!
OK benno

update for libtls default cert changes.
bonus: this exposed a few missing const qualifiers.

Use TLS_CA_CERT_FILE instead of a separate define.

ok beck@ bluhm@ tb@

In netproc process, unveil to only expose the CA file.
ok florian

kill dead code

recallocarray() for data buffer from the net.
ok beck

Don't use <sys/param.h> from userland without cause. Sort <sys/*>
before other includes per style(9) while we're here.

ok florian@ bcook@ jsing@ beck@

Make returns consistent and remove parentheses per style(9).

Transformed with coccinelle.

Requested by and ok tb@

Complete jsing's coccinelle cleanup... by hand
ok jsing

Replace comparisons between a constant or enum and an expression, with
a comparison between the expression and the constant or enum. This
significantly improves readability.

Transformed with coccinelle.

Requested by deraadt@

string terminator is called a NUL

Use secure defaults for TLS - instead of accepting TLSv1.0 and any cipher
suite, use the libtls defaults and require TLSv1.2 with an AEAD+PFS cipher
suite - given who we're talking to one would hope that they meet these
requirements...

ok benno@ deraadt@ florian@

Avoid a potential MITM - calling tls_config_insecure_noverify() is a bad
idea, so stop doing that. Instead, use a single tls_config, set it up and
configure the CA file to use while we still have rpath, then drop rpath.
This also avoids creating a new tls_config for each and every HTTPS
connection, which is unnecessary.

ok benno@ florian@

tls_close() can return TLS_WANT_POLLIN/TLS_WANT_POLLOUT - handle this
case correctly.

ok florian@

The file descriptor needs to be closed in both the TLS and non-TLS case,
so make it a common/shared code path.

Both tls_free() and tls_config_free() are safe to call with NULL.

Remove more backwards compat for unsupported OpenBSD releases.

A small amount more KNF to make this easier on our eyes. Not going further
than this.
ok florian

we don't have config.h

do { } while is easier to eyeball

We are past 5.8. Also gets rid of asserts as a bonus.
OK benno@, deraadt@

whitespace

whitespace

avoid arith on void *, by using char *

Import Kristaps' letskencrypt and call it acme-client in tree.
OK to get it in deraadt@ (and probably beck@)

At least deraadt@, beck@ and otto@ are fine with the name and the
disagreements stopped.

When system calls indicate an error they return -1, not some arbitrary
value < 0. errno is only updated in this case. Change all (most?)
callers of syscalls to follow this better, and let's see if this strictness
helps us in the future.

Implement RFC 8555 "Automatic Certificate Management Environment
(ACME)" to be able to talk to the v02 Let's Encrypt API.

With this acme-client(1) will no longer be able to talk to the v01
API. Users must change the api url in /etc/acme-client.conf to
https://acme-v02.api.letsencrypt.org/directory
Existing accounts (and certs of course) stay valid and after the url
change acme-client will be able to renew certs.

Tested by Renaud Allard and benno
Input & OK benno

According to RFC 7230 Section 3.2 header field names are
case-insensitive.
Pointed out by "Wolf" ( wolf at wolfsden.cz ), thanks!
OK benno

update for libtls default cert changes.
bonus: this exposed a few missing const qualifiers.

Use TLS_CA_CERT_FILE instead of a separate define.

ok beck@ bluhm@ tb@

In netproc process, unveil to only expose the CA file.
ok florian

kill dead code

recallocarray() for data buffer from the net.
ok beck

Don't use <sys/param.h> from userland without cause. Sort <sys/*>
before other includes per style(9) while we're here.

ok florian@ bcook@ jsing@ beck@

Make returns consistent and remove parentheses per style(9).

Transformed with coccinelle.

Requested by and ok tb@

Complete jsing's coccinelle cleanup... by hand
ok jsing

Replace comparisons between a constant or enum and an expression, with
a comparison between the expression and the constant or enum. This
significantly improves readability.

Transformed with coccinelle.

Requested by deraadt@

string terminator is called a NUL

Use secure defaults for TLS - instead of accepting TLSv1.0 and any cipher
suite, use the libtls defaults and require TLSv1.2 with an AEAD+PFS cipher
suite - given who we're talking to one would hope that they meet these
requirements...

ok benno@ deraadt@ florian@

Avoid a potential MITM - calling tls_config_insecure_noverify() is a bad
idea, so stop doing that. Instead, use a single tls_config, set it up and
configure the CA file to use while we still have rpath, then drop rpath.
This also avoids creating a new tls_config for each and every HTTPS
connection, which is unnecessary.

ok benno@ florian@

tls_close() can return TLS_WANT_POLLIN/TLS_WANT_POLLOUT - handle this
case correctly.

ok florian@

The file descriptor needs to be closed in both the TLS and non-TLS case,
so make it a common/shared code path.

Both tls_free() and tls_config_free() are safe to call with NULL.

Remove more backwards compat for unsupported OpenBSD releases.

A small amount more KNF to make this easier on our eyes. Not going further
than this.
ok florian

we don't have config.h

do { } while is easier to eyeball

We are past 5.8. Also gets rid of asserts as a bonus.
OK benno@, deraadt@

whitespace

whitespace

avoid arith on void *, by using char *

Import Kristaps' letskencrypt and call it acme-client in tree.
OK to get it in deraadt@ (and probably beck@)

At least deraadt@, beck@ and otto@ are fine with the name and the
disagreements stopped.

Implement RFC 8555 "Automatic Certificate Management Environment
(ACME)" to be able to talk to the v02 Let's Encrypt API.

With this acme-client(1) will no longer be able to talk to the v01
API. Users must change the api url in /etc/acme-client.conf to
https://acme-v02.api.letsencrypt.org/directory
Existing accounts (and certs of course) stay valid and after the url
change acme-client will be able to renew certs.

Tested by Renaud Allard and benno
Input & OK benno

According to RFC 7230 Section 3.2 header field names are
case-insensitive.
Pointed out by "Wolf" ( wolf at wolfsden.cz ), thanks!
OK benno

update for libtls default cert changes.
bonus: this exposed a few missing const qualifiers.

Use TLS_CA_CERT_FILE instead of a separate define.

ok beck@ bluhm@ tb@

In netproc process, unveil to only expose the CA file.
ok florian

kill dead code

recallocarray() for data buffer from the net.
ok beck

Don't use <sys/param.h> from userland without cause. Sort <sys/*>
before other includes per style(9) while we're here.

ok florian@ bcook@ jsing@ beck@

Make returns consistent and remove parentheses per style(9).

Transformed with coccinelle.

Requested by and ok tb@

Complete jsing's coccinelle cleanup... by hand
ok jsing

Replace comparisons between a constant or enum and an expression, with
a comparison between the expression and the constant or enum. This
significantly improves readability.

Transformed with coccinelle.

Requested by deraadt@

string terminator is called a NUL

Use secure defaults for TLS - instead of accepting TLSv1.0 and any cipher
suite, use the libtls defaults and require TLSv1.2 with an AEAD+PFS cipher
suite - given who we're talking to one would hope that they meet these
requirements...

ok benno@ deraadt@ florian@

Avoid a potential MITM - calling tls_config_insecure_noverify() is a bad
idea, so stop doing that. Instead, use a single tls_config, set it up and
configure the CA file to use while we still have rpath, then drop rpath.
This also avoids creating a new tls_config for each and every HTTPS
connection, which is unnecessary.

ok benno@ florian@

tls_close() can return TLS_WANT_POLLIN/TLS_WANT_POLLOUT - handle this
case correctly.

ok florian@

The file descriptor needs to be closed in both the TLS and non-TLS case,
so make it a common/shared code path.

Both tls_free() and tls_config_free() are safe to call with NULL.

Remove more backwards compat for unsupported OpenBSD releases.

A small amount more KNF to make this easier on our eyes. Not going further
than this.
ok florian

we don't have config.h

do { } while is easier to eyeball

We are past 5.8. Also gets rid of asserts as a bonus.
OK benno@, deraadt@

whitespace

whitespace

avoid arith on void *, by using char *

Import Kristaps' letskencrypt and call it acme-client in tree.
OK to get it in deraadt@ (and probably beck@)

At least deraadt@, beck@ and otto@ are fine with the name and the
disagreements stopped.

According to RFC 7230 Section 3.2 header field names are
case-insensitive.
Pointed out by "Wolf" ( wolf at wolfsden.cz ), thanks!
OK benno

update for libtls default cert changes.
bonus: this exposed a few missing const qualifiers.

Use TLS_CA_CERT_FILE instead of a separate define.

ok beck@ bluhm@ tb@

In netproc process, unveil to only expose the CA file.
ok florian

kill dead code

recallocarray() for data buffer from the net.
ok beck

Don't use <sys/param.h> from userland without cause. Sort <sys/*>
before other includes per style(9) while we're here.

ok florian@ bcook@ jsing@ beck@

Make returns consistent and remove parentheses per style(9).

Transformed with coccinelle.

Requested by and ok tb@

Complete jsing's coccinelle cleanup... by hand
ok jsing

Replace comparisons between a constant or enum and an expression, with
a comparison between the expression and the constant or enum. This
significantly improves readability.

Transformed with coccinelle.

Requested by deraadt@

string terminator is called a NUL

Use secure defaults for TLS - instead of accepting TLSv1.0 and any cipher
suite, use the libtls defaults and require TLSv1.2 with an AEAD+PFS cipher
suite - given who we're talking to one would hope that they meet these
requirements...

ok benno@ deraadt@ florian@

Avoid a potential MITM - calling tls_config_insecure_noverify() is a bad
idea, so stop doing that. Instead, use a single tls_config, set it up and
configure the CA file to use while we still have rpath, then drop rpath.
This also avoids creating a new tls_config for each and every HTTPS
connection, which is unnecessary.

ok benno@ florian@

tls_close() can return TLS_WANT_POLLIN/TLS_WANT_POLLOUT - handle this
case correctly.

ok florian@

The file descriptor needs to be closed in both the TLS and non-TLS case,
so make it a common/shared code path.

Both tls_free() and tls_config_free() are safe to call with NULL.

Remove more backwards compat for unsupported OpenBSD releases.

A small amount more KNF to make this easier on our eyes. Not going further
than this.
ok florian

we don't have config.h

do { } while is easier to eyeball

We are past 5.8. Also gets rid of asserts as a bonus.
OK benno@, deraadt@

whitespace

whitespace

avoid arith on void *, by using char *

Import Kristaps' letskencrypt and call it acme-client in tree.
OK to get it in deraadt@ (and probably beck@)

At least deraadt@, beck@ and otto@ are fine with the name and the
disagreements stopped.

update for libtls default cert changes.
bonus: this exposed a few missing const qualifiers.

Use TLS_CA_CERT_FILE instead of a separate define.

ok beck@ bluhm@ tb@

In netproc process, unveil to only expose the CA file.
ok florian

kill dead code

recallocarray() for data buffer from the net.
ok beck

Don't use <sys/param.h> from userland without cause. Sort <sys/*>
before other includes per style(9) while we're here.

ok florian@ bcook@ jsing@ beck@

Make returns consistent and remove parentheses per style(9).

Transformed with coccinelle.

Requested by and ok tb@

Complete jsing's coccinelle cleanup... by hand
ok jsing

Replace comparisons between a constant or enum and an expression, with
a comparison between the expression and the constant or enum. This
significantly improves readability.

Transformed with coccinelle.

Requested by deraadt@

string terminator is called a NUL

Use secure defaults for TLS - instead of accepting TLSv1.0 and any cipher
suite, use the libtls defaults and require TLSv1.2 with an AEAD+PFS cipher
suite - given who we're talking to one would hope that they meet these
requirements...

ok benno@ deraadt@ florian@

Avoid a potential MITM - calling tls_config_insecure_noverify() is a bad
idea, so stop doing that. Instead, use a single tls_config, set it up and
configure the CA file to use while we still have rpath, then drop rpath.
This also avoids creating a new tls_config for each and every HTTPS
connection, which is unnecessary.

ok benno@ florian@

tls_close() can return TLS_WANT_POLLIN/TLS_WANT_POLLOUT - handle this
case correctly.

ok florian@

The file descriptor needs to be closed in both the TLS and non-TLS case,
so make it a common/shared code path.

Both tls_free() and tls_config_free() are safe to call with NULL.

Remove more backwards compat for unsupported OpenBSD releases.

A small amount more KNF to make this easier on our eyes. Not going further
than this.
ok florian

we don't have config.h

do { } while is easier to eyeball

We are past 5.8. Also gets rid of asserts as a bonus.
OK benno@, deraadt@

whitespace

whitespace

avoid arith on void *, by using char *

Import Kristaps' letskencrypt and call it acme-client in tree.
OK to get it in deraadt@ (and probably beck@)

At least deraadt@, beck@ and otto@ are fine with the name and the
disagreements stopped.

Use TLS_CA_CERT_FILE instead of a separate define.

ok beck@ bluhm@ tb@

In netproc process, unveil to only expose the CA file.
ok florian

kill dead code

recallocarray() for data buffer from the net.
ok beck

Don't use <sys/param.h> from userland without cause. Sort <sys/*>
before other includes per style(9) while we're here.

ok florian@ bcook@ jsing@ beck@

Make returns consistent and remove parentheses per style(9).

Transformed with coccinelle.

Requested by and ok tb@

Complete jsing's coccinelle cleanup... by hand
ok jsing

Replace comparisons between a constant or enum and an expression, with
a comparison between the expression and the constant or enum. This
significantly improves readability.

Transformed with coccinelle.

Requested by deraadt@

string terminator is called a NUL

Use secure defaults for TLS - instead of accepting TLSv1.0 and any cipher
suite, use the libtls defaults and require TLSv1.2 with an AEAD+PFS cipher
suite - given who we're talking to one would hope that they meet these
requirements...

ok benno@ deraadt@ florian@

Avoid a potential MITM - calling tls_config_insecure_noverify() is a bad
idea, so stop doing that. Instead, use a single tls_config, set it up and
configure the CA file to use while we still have rpath, then drop rpath.
This also avoids creating a new tls_config for each and every HTTPS
connection, which is unnecessary.

ok benno@ florian@

tls_close() can return TLS_WANT_POLLIN/TLS_WANT_POLLOUT - handle this
case correctly.

ok florian@

The file descriptor needs to be closed in both the TLS and non-TLS case,
so make it a common/shared code path.

Both tls_free() and tls_config_free() are safe to call with NULL.

Remove more backwards compat for unsupported OpenBSD releases.

A small amount more KNF to make this easier on our eyes. Not going further
than this.
ok florian

we don't have config.h

do { } while is easier to eyeball

We are past 5.8. Also gets rid of asserts as a bonus.
OK benno@, deraadt@

whitespace

whitespace

avoid arith on void *, by using char *

Import Kristaps' letskencrypt and call it acme-client in tree.
OK to get it in deraadt@ (and probably beck@)

At least deraadt@, beck@ and otto@ are fine with the name and the
disagreements stopped.

In netproc process, unveil to only expose the CA file.
ok florian

kill dead code

recallocarray() for data buffer from the net.
ok beck

Don't use <sys/param.h> from userland without cause. Sort <sys/*>
before other includes per style(9) while we're here.

ok florian@ bcook@ jsing@ beck@

Make returns consistent and remove parentheses per style(9).

Transformed with coccinelle.

Requested by and ok tb@

Complete jsing's coccinelle cleanup... by hand
ok jsing

Replace comparisons between a constant or enum and an expression, with
a comparison between the expression and the constant or enum. This
significantly improves readability.

Transformed with coccinelle.

Requested by deraadt@

string terminator is called a NUL

Use secure defaults for TLS - instead of accepting TLSv1.0 and any cipher
suite, use the libtls defaults and require TLSv1.2 with an AEAD+PFS cipher
suite - given who we're talking to one would hope that they meet these
requirements...

ok benno@ deraadt@ florian@

Avoid a potential MITM - calling tls_config_insecure_noverify() is a bad
idea, so stop doing that. Instead, use a single tls_config, set it up and
configure the CA file to use while we still have rpath, then drop rpath.
This also avoids creating a new tls_config for each and every HTTPS
connection, which is unnecessary.

ok benno@ florian@

tls_close() can return TLS_WANT_POLLIN/TLS_WANT_POLLOUT - handle this
case correctly.

ok florian@

The file descriptor needs to be closed in both the TLS and non-TLS case,
so make it a common/shared code path.

Both tls_free() and tls_config_free() are safe to call with NULL.

Remove more backwards compat for unsupported OpenBSD releases.

A small amount more KNF to make this easier on our eyes. Not going further
than this.
ok florian

we don't have config.h

do { } while is easier to eyeball

We are past 5.8. Also gets rid of asserts as a bonus.
OK benno@, deraadt@

whitespace

whitespace

avoid arith on void *, by using char *

Import Kristaps' letskencrypt and call it acme-client in tree.
OK to get it in deraadt@ (and probably beck@)

At least deraadt@, beck@ and otto@ are fine with the name and the
disagreements stopped.

kill dead code

recallocarray() for data buffer from the net.
ok beck

Don't use <sys/param.h> from userland without cause. Sort <sys/*>
before other includes per style(9) while we're here.

ok florian@ bcook@ jsing@ beck@

Make returns consistent and remove parentheses per style(9).

Transformed with coccinelle.

Requested by and ok tb@

Complete jsing's coccinelle cleanup... by hand
ok jsing

Replace comparisons between a constant or enum and an expression, with
a comparison between the expression and the constant or enum. This
significantly improves readability.

Transformed with coccinelle.

Requested by deraadt@

string terminator is called a NUL

Use secure defaults for TLS - instead of accepting TLSv1.0 and any cipher
suite, use the libtls defaults and require TLSv1.2 with an AEAD+PFS cipher
suite - given who we're talking to one would hope that they meet these
requirements...

ok benno@ deraadt@ florian@

Avoid a potential MITM - calling tls_config_insecure_noverify() is a bad
idea, so stop doing that. Instead, use a single tls_config, set it up and
configure the CA file to use while we still have rpath, then drop rpath.
This also avoids creating a new tls_config for each and every HTTPS
connection, which is unnecessary.

ok benno@ florian@

tls_close() can return TLS_WANT_POLLIN/TLS_WANT_POLLOUT - handle this
case correctly.

ok florian@

The file descriptor needs to be closed in both the TLS and non-TLS case,
so make it a common/shared code path.

Both tls_free() and tls_config_free() are safe to call with NULL.

Remove more backwards compat for unsupported OpenBSD releases.

A small amount more KNF to make this easier on our eyes. Not going further
than this.
ok florian

we don't have config.h

do { } while is easier to eyeball

We are past 5.8. Also gets rid of asserts as a bonus.
OK benno@, deraadt@

whitespace

whitespace

avoid arith on void *, by using char *

Import Kristaps' letskencrypt and call it acme-client in tree.
OK to get it in deraadt@ (and probably beck@)

At least deraadt@, beck@ and otto@ are fine with the name and the
disagreements stopped.

recallocarray() for data buffer from the net.
ok beck

Don't use <sys/param.h> from userland without cause. Sort <sys/*>
before other includes per style(9) while we're here.

ok florian@ bcook@ jsing@ beck@

Make returns consistent and remove parentheses per style(9).

Transformed with coccinelle.

Requested by and ok tb@

Complete jsing's coccinelle cleanup... by hand
ok jsing

Replace comparisons between a constant or enum and an expression, with
a comparison between the expression and the constant or enum. This
significantly improves readability.

Transformed with coccinelle.

Requested by deraadt@

string terminator is called a NUL

Use secure defaults for TLS - instead of accepting TLSv1.0 and any cipher
suite, use the libtls defaults and require TLSv1.2 with an AEAD+PFS cipher
suite - given who we're talking to one would hope that they meet these
requirements...

ok benno@ deraadt@ florian@

Avoid a potential MITM - calling tls_config_insecure_noverify() is a bad
idea, so stop doing that. Instead, use a single tls_config, set it up and
configure the CA file to use while we still have rpath, then drop rpath.
This also avoids creating a new tls_config for each and every HTTPS
connection, which is unnecessary.

ok benno@ florian@

tls_close() can return TLS_WANT_POLLIN/TLS_WANT_POLLOUT - handle this
case correctly.

ok florian@

The file descriptor needs to be closed in both the TLS and non-TLS case,
so make it a common/shared code path.

Both tls_free() and tls_config_free() are safe to call with NULL.

Remove more backwards compat for unsupported OpenBSD releases.

A small amount more KNF to make this easier on our eyes. Not going further
than this.
ok florian

we don't have config.h

do { } while is easier to eyeball

We are past 5.8. Also gets rid of asserts as a bonus.
OK benno@, deraadt@

whitespace

whitespace

avoid arith on void *, by using char *

Import Kristaps' letskencrypt and call it acme-client in tree.
OK to get it in deraadt@ (and probably beck@)

At least deraadt@, beck@ and otto@ are fine with the name and the
disagreements stopped.