#
1.56 |
|
19-Jun-2024 |
claudio |
Kill the SIGPIPE signal handler which is installed around write opertations. Instead just SIG_IGN SIGPIPE in main.c for all of acme-client. More work to be done here but at least this distraction is gone. OK florian@ deraadt@ op@
|
Revision tags: OPENBSD_7_2_BASE OPENBSD_7_3_BASE OPENBSD_7_4_BASE OPENBSD_7_5_BASE
|
#
1.55 |
|
05-May-2022 |
florian |
Check that the challenge token which is turned into a filename is base64url encoded. We have only the challenge directory unveil(2)'ed so funny business like ../ will not work, but we shouldn't generate garbage filenames that someone else might trip over either. Pointed out and diff by Ali Farzanrad (ali_farzanrad AT riseup.net) OK beck
|
Revision tags: OPENBSD_6_8_BASE OPENBSD_6_9_BASE OPENBSD_7_0_BASE OPENBSD_7_1_BASE
|
#
1.54 |
|
10-May-2020 |
benno |
Allow to have multiple domain ... {} sextions with the same domain name, by adding a new (optional) config option "domain name". This can be used to create a rsa and an ecdsa key for the same domain name. The old domain name in the 'title' line continues to be used as domain name in the abscence of the domain name argument, i.e. the change is backward compatible with current config files. tested by sthen@ ok florian@ sthen@
|
Revision tags: OPENBSD_6_7_BASE
|
#
1.53 |
|
07-Feb-2020 |
florian |
Do not define variables in extern.h since this will lead to duplicate definitions in every source file that includes extern.h. From Michael Forney (mforney AT mforney DOT org), thanks! OK jca
|
Revision tags: OPENBSD_6_6_BASE
|
#
1.52 |
|
17-Jun-2019 |
florian |
Implement elliptic curve account keys. OK benno Input & OK tb
|
#
1.51 |
|
16-Jun-2019 |
florian |
Trade unveil(2) for chroot(2). This uses less code and unveil(2) seems to be the better tool here. The directory one chroots into needs to be carefully setup (they are not) and comon wisedom is that root can break out of chroots. There is probably nothing wrong with the chroot code because of pledge but it still makes me feel uneasy. input & OK on previous version mestre OK on previous version deraadt bug found, input & OK benno
|
#
1.50 |
|
16-Jun-2019 |
florian |
acctkey indirection is unnecessary, just pass authority->account
|
#
1.49 |
|
14-Jun-2019 |
florian |
Track key type (RSA or ECDSA) in an enum and clean up a bit while here. Originaly from Renaud Allard following input from benno, tweaked by me. OK benno
|
#
1.48 |
|
12-Jun-2019 |
gilles |
use acme-client to sign certificated with ecdsa keys
diff from Renaud Allard <renaud@allard.it>, ok to get in from florian@
|
#
1.47 |
|
08-Jun-2019 |
florian |
Remove A and D flag, they are superfluous. One could always use them on the command line and acme-client would do the right thing.
|
#
1.46 |
|
07-Jun-2019 |
florian |
Implement RFC 8555 "Automatic Certificate Management Environment (ACME)" to be able to talk to the v02 Let's Encrypt API.
With this acme-client(1) will no longer be able to talk to the v01 API. Users must change the api url in /etc/acme-client.conf to https://acme-v02.api.letsencrypt.org/directory Existing accounts (and certs of course) stay valid and after the url change acme-client will be able to renew certs.
Tested by Renaud Allard and benno Input & OK benno
|
Revision tags: OPENBSD_6_5_BASE
|
#
1.45 |
|
09-Mar-2019 |
benno |
remove free() before exit() from main(), in ongoing work to make things more readable. otto notes that free() does some checks, but in this case readability is better than complete cleanup. ok florian@ deraadt@
|
#
1.44 |
|
09-Mar-2019 |
benno |
use temporary strings for calls to basename(), because it may change the contents of its argument (on other platforms). Also strdup() the result, because basename returns a pointer to static memory. ok florian@
|
#
1.43 |
|
08-Mar-2019 |
benno |
fix dirname usage in acme-client: dirname() can modify its argument (it does not on OpenBSD) so we need to us a copy of the string. In addition, copy the result of dirname() as well, because it's static storage and if we call dirname() again it will be overwritten. Original problem noted and fix suggested by Wolf (wolf AT wolfsden DOT cz) ok florian@
|
#
1.42 |
|
29-Jan-2019 |
benno |
add an extra check for existing "api ..." line in the config. move the check of existing "account ..." line from main.c to the parser. ok deraadt@
|
Revision tags: OPENBSD_6_4_BASE
|
#
1.41 |
|
30-Jul-2018 |
benno |
cleanup initialization of chngdir. inspired by Ross L Richardson. ok tb@
|
#
1.40 |
|
30-Jul-2018 |
benno |
replace exit() with return(), from Ross L Richardson. ok tb@ (previous 3 commits to main.c as well)
|
#
1.39 |
|
30-Jul-2018 |
benno |
replace warn() + exit() with err() From Ross L Richardson.
|
#
1.38 |
|
30-Jul-2018 |
benno |
line too long and whitespace. From Ross L Richardson.
|
#
1.37 |
|
30-Jul-2018 |
benno |
reorder option parsing to be alphabetical/same order as usage and manpage. From Ross L Richardson.
|
Revision tags: OPENBSD_6_3_BASE
|
#
1.36 |
|
27-Nov-2017 |
florian |
Deprecate agreement url config option and get the information from the directory call. This way we don't need to update the acme-client.conf file every time it changes. Still parse the option, ignore and warn about it for a release. Sysmerge should be able to handle the removal. "nice" deraadt@ OK benno
|
Revision tags: OPENBSD_6_2_BASE
|
#
1.35 |
|
27-May-2017 |
florian |
Use basename(3) instead of hand rolling it. Gets rid of double slashes, pointed out by Raf Czlonka (rczlonka at gmail), thanks!
OK benno
|
Revision tags: OPENBSD_6_1_BASE
|
#
1.34 |
|
23-Mar-2017 |
florian |
pull root check up, the parser will bomb out anyway OK benno
|
#
1.33 |
|
24-Jan-2017 |
jsing |
Make returns consistent and remove parentheses per style(9).
Transformed with coccinelle.
Requested by and ok tb@
|
#
1.32 |
|
24-Jan-2017 |
deraadt |
Complete jsing's coccinelle cleanup... by hand ok jsing
|
#
1.31 |
|
24-Jan-2017 |
deraadt |
errx() does not need extra newline
|
#
1.30 |
|
24-Jan-2017 |
jsing |
Replace comparisons between a constant or enum and an expression, with a comparison between the expression and the constant or enum. This significantly improves readability.
Transformed with coccinelle.
Requested by deraadt@
|
#
1.29 |
|
21-Jan-2017 |
jmc |
tweak previous;
|
#
1.28 |
|
21-Jan-2017 |
benno |
move config data structures mostly to TAILQs, because that way we preserve order.
ok florian@
|
#
1.27 |
|
21-Jan-2017 |
florian |
it is ok to only specify a full chain certificate OK benno
|
#
1.26 |
|
21-Jan-2017 |
benno |
add option 'domain full chain certificate "path"', revokation works, the fullchain file will be unlinked.
ok florian
|
#
1.25 |
|
21-Jan-2017 |
florian |
Implement domain chain certificate. OK benno
|
#
1.24 |
|
21-Jan-2017 |
florian |
Split certificate file from config file into certdir and certfile. This way we can still chroot to certdir but the the certificate file is not fixed to "cert.pem".
Writing of chain.pem and fullchain.pem is currently broken with this.
OK benno
|
#
1.23 |
|
21-Jan-2017 |
florian |
Remove backup option. This is not acme-client's business; also it gets in the way. OK benno
|
#
1.22 |
|
21-Jan-2017 |
florian |
We are only dealing with one domain on the command line OK benno
|
#
1.21 |
|
21-Jan-2017 |
florian |
typo; ok benno
|
#
1.20 |
|
21-Jan-2017 |
florian |
typo; ok benno
|
#
1.19 |
|
21-Jan-2017 |
benno |
acme-client use configuration file [5 of 5] implement new -n option to check and print configuration
ok florian
|
#
1.18 |
|
21-Jan-2017 |
benno |
acme-client use configuration file [4 of 5]
fix getopt()
ok florian
|
#
1.17 |
|
21-Jan-2017 |
benno |
acme-client use configuration file [3 of 5]
change command line options:
n -> A new Account key N -> D new Domain key
With this acme-client has these main usage patterns:
* create new Account Key and Domain Key and get a certificate:
acme-client -A -D www.example.com
* renew certificate:
acme-client www.example.com
* revoke certificate:
acme-client -r www.example.com
ok florian
|
#
1.16 |
|
21-Jan-2017 |
benno |
acme-client use configuration file [2 of 5]
- add challengedir option to config file - remove -C option from command line
ok florian
|
#
1.15 |
|
21-Jan-2017 |
benno |
acme-client use configuration file [1 of 5]
start using the configuration file and delete command line arguments:
-a agreement -> agreement url ... -c certdir -> domain certificate "path" -f accountkey -> account key "path" -k domainkey -> domain key "path" -s authority -> sign with "name"
new argument: -f configfile
the changes needed to use the new configuration are local to main.c for now. While the configuration could be passed directly to netproc(), keyproc() etc, the diff is smaller this way.
This also removes the multidir (-m) mode for now - specify different paths in each domain {} block instead.
ok florian
|
#
1.14 |
|
18-Sep-2016 |
benno |
add a config file parser to acme-client (unused at the moment, so that it can be worked on in the tree). ok florian@ deraadt@
|
#
1.13 |
|
13-Sep-2016 |
deraadt |
A small amount more KNF to make this easier on our eyes. Not going further than this. ok florian
|
#
1.12 |
|
13-Sep-2016 |
deraadt |
hoist local variable initialization directly into the definitions, rather than doing it right afterwards. ok florian
|
#
1.11 |
|
13-Sep-2016 |
deraadt |
Inconsistant use of case (value): idiom drives me nuts, I have no idea what purpose it was intended to serve.
|
#
1.10 |
|
01-Sep-2016 |
florian |
update usage(); pointed out by jmc@
|
#
1.9 |
|
01-Sep-2016 |
florian |
Implement table driven selection to which ACME authorities we can talk. Suggest by and OK deraadt, OK benno.
(Later on deraadt and benno discussed if this should be handled with a config file. This seems to be good enough for now. We can do a config file later.)
|
#
1.8 |
|
01-Sep-2016 |
florian |
we don't have config.h
|
#
1.7 |
|
01-Sep-2016 |
deraadt |
line wrap usage
|
#
1.6 |
|
01-Sep-2016 |
deraadt |
Collapse krazy abstractions for other sandbox models, using chroot and pledge directly as needed. ok florian
|
#
1.5 |
|
01-Sep-2016 |
benno |
knf
|
#
1.4 |
|
31-Aug-2016 |
benno |
whitespace
|
#
1.3 |
|
31-Aug-2016 |
deraadt |
revoke -> revocate, to avoid alias ok florian
|
#
1.2 |
|
31-Aug-2016 |
florian |
store files in directories called acme
|
#
1.1 |
|
31-Aug-2016 |
florian |
Import Kristaps' letskencrypt and call it acme-client in tree. OK to get it in deraadt@ (and probably beck@)
At least deraadt@, beck@ and otto@ are fine with the name and the disagreements stopped.
|
#
1.55 |
|
05-May-2022 |
florian |
Check that the challenge token which is turned into a filename is base64url encoded. We have only the challenge directory unveil(2)'ed so funny business like ../ will not work, but we shouldn't generate garbage filenames that someone else might trip over either. Pointed out and diff by Ali Farzanrad (ali_farzanrad AT riseup.net) OK beck
|
Revision tags: OPENBSD_6_8_BASE OPENBSD_6_9_BASE OPENBSD_7_0_BASE OPENBSD_7_1_BASE
|
#
1.54 |
|
10-May-2020 |
benno |
Allow to have multiple domain ... {} sextions with the same domain name, by adding a new (optional) config option "domain name". This can be used to create a rsa and an ecdsa key for the same domain name. The old domain name in the 'title' line continues to be used as domain name in the abscence of the domain name argument, i.e. the change is backward compatible with current config files. tested by sthen@ ok florian@ sthen@
|
Revision tags: OPENBSD_6_7_BASE
|
#
1.53 |
|
07-Feb-2020 |
florian |
Do not define variables in extern.h since this will lead to duplicate definitions in every source file that includes extern.h. From Michael Forney (mforney AT mforney DOT org), thanks! OK jca
|
Revision tags: OPENBSD_6_6_BASE
|
#
1.52 |
|
17-Jun-2019 |
florian |
Implement elliptic curve account keys. OK benno Input & OK tb
|
#
1.51 |
|
16-Jun-2019 |
florian |
Trade unveil(2) for chroot(2). This uses less code and unveil(2) seems to be the better tool here. The directory one chroots into needs to be carefully setup (they are not) and comon wisedom is that root can break out of chroots. There is probably nothing wrong with the chroot code because of pledge but it still makes me feel uneasy. input & OK on previous version mestre OK on previous version deraadt bug found, input & OK benno
|
#
1.50 |
|
16-Jun-2019 |
florian |
acctkey indirection is unnecessary, just pass authority->account
|
#
1.49 |
|
14-Jun-2019 |
florian |
Track key type (RSA or ECDSA) in an enum and clean up a bit while here. Originaly from Renaud Allard following input from benno, tweaked by me. OK benno
|
#
1.48 |
|
12-Jun-2019 |
gilles |
use acme-client to sign certificated with ecdsa keys
diff from Renaud Allard <renaud@allard.it>, ok to get in from florian@
|
#
1.47 |
|
08-Jun-2019 |
florian |
Remove A and D flag, they are superfluous. One could always use them on the command line and acme-client would do the right thing.
|
#
1.46 |
|
07-Jun-2019 |
florian |
Implement RFC 8555 "Automatic Certificate Management Environment (ACME)" to be able to talk to the v02 Let's Encrypt API.
With this acme-client(1) will no longer be able to talk to the v01 API. Users must change the api url in /etc/acme-client.conf to https://acme-v02.api.letsencrypt.org/directory Existing accounts (and certs of course) stay valid and after the url change acme-client will be able to renew certs.
Tested by Renaud Allard and benno Input & OK benno
|
Revision tags: OPENBSD_6_5_BASE
|
#
1.45 |
|
09-Mar-2019 |
benno |
remove free() before exit() from main(), in ongoing work to make things more readable. otto notes that free() does some checks, but in this case readability is better than complete cleanup. ok florian@ deraadt@
|
#
1.44 |
|
09-Mar-2019 |
benno |
use temporary strings for calls to basename(), because it may change the contents of its argument (on other platforms). Also strdup() the result, because basename returns a pointer to static memory. ok florian@
|
#
1.43 |
|
08-Mar-2019 |
benno |
fix dirname usage in acme-client: dirname() can modify its argument (it does not on OpenBSD) so we need to us a copy of the string. In addition, copy the result of dirname() as well, because it's static storage and if we call dirname() again it will be overwritten. Original problem noted and fix suggested by Wolf (wolf AT wolfsden DOT cz) ok florian@
|
#
1.42 |
|
29-Jan-2019 |
benno |
add an extra check for existing "api ..." line in the config. move the check of existing "account ..." line from main.c to the parser. ok deraadt@
|
Revision tags: OPENBSD_6_4_BASE
|
#
1.41 |
|
30-Jul-2018 |
benno |
cleanup initialization of chngdir. inspired by Ross L Richardson. ok tb@
|
#
1.40 |
|
30-Jul-2018 |
benno |
replace exit() with return(), from Ross L Richardson. ok tb@ (previous 3 commits to main.c as well)
|
#
1.39 |
|
30-Jul-2018 |
benno |
replace warn() + exit() with err() From Ross L Richardson.
|
#
1.38 |
|
30-Jul-2018 |
benno |
line too long and whitespace. From Ross L Richardson.
|
#
1.37 |
|
30-Jul-2018 |
benno |
reorder option parsing to be alphabetical/same order as usage and manpage. From Ross L Richardson.
|
Revision tags: OPENBSD_6_3_BASE
|
#
1.36 |
|
27-Nov-2017 |
florian |
Deprecate agreement url config option and get the information from the directory call. This way we don't need to update the acme-client.conf file every time it changes. Still parse the option, ignore and warn about it for a release. Sysmerge should be able to handle the removal. "nice" deraadt@ OK benno
|
Revision tags: OPENBSD_6_2_BASE
|
#
1.35 |
|
27-May-2017 |
florian |
Use basename(3) instead of hand rolling it. Gets rid of double slashes, pointed out by Raf Czlonka (rczlonka at gmail), thanks!
OK benno
|
Revision tags: OPENBSD_6_1_BASE
|
#
1.34 |
|
23-Mar-2017 |
florian |
pull root check up, the parser will bomb out anyway OK benno
|
#
1.33 |
|
24-Jan-2017 |
jsing |
Make returns consistent and remove parentheses per style(9).
Transformed with coccinelle.
Requested by and ok tb@
|
#
1.32 |
|
24-Jan-2017 |
deraadt |
Complete jsing's coccinelle cleanup... by hand ok jsing
|
#
1.31 |
|
24-Jan-2017 |
deraadt |
errx() does not need extra newline
|
#
1.30 |
|
24-Jan-2017 |
jsing |
Replace comparisons between a constant or enum and an expression, with a comparison between the expression and the constant or enum. This significantly improves readability.
Transformed with coccinelle.
Requested by deraadt@
|
#
1.29 |
|
21-Jan-2017 |
jmc |
tweak previous;
|
#
1.28 |
|
21-Jan-2017 |
benno |
move config data structures mostly to TAILQs, because that way we preserve order.
ok florian@
|
#
1.27 |
|
21-Jan-2017 |
florian |
it is ok to only specify a full chain certificate OK benno
|
#
1.26 |
|
21-Jan-2017 |
benno |
add option 'domain full chain certificate "path"', revokation works, the fullchain file will be unlinked.
ok florian
|
#
1.25 |
|
21-Jan-2017 |
florian |
Implement domain chain certificate. OK benno
|
#
1.24 |
|
21-Jan-2017 |
florian |
Split certificate file from config file into certdir and certfile. This way we can still chroot to certdir but the the certificate file is not fixed to "cert.pem".
Writing of chain.pem and fullchain.pem is currently broken with this.
OK benno
|
#
1.23 |
|
21-Jan-2017 |
florian |
Remove backup option. This is not acme-client's business; also it gets in the way. OK benno
|
#
1.22 |
|
21-Jan-2017 |
florian |
We are only dealing with one domain on the command line OK benno
|
#
1.21 |
|
21-Jan-2017 |
florian |
typo; ok benno
|
#
1.20 |
|
21-Jan-2017 |
florian |
typo; ok benno
|
#
1.19 |
|
21-Jan-2017 |
benno |
acme-client use configuration file [5 of 5] implement new -n option to check and print configuration
ok florian
|
#
1.18 |
|
21-Jan-2017 |
benno |
acme-client use configuration file [4 of 5]
fix getopt()
ok florian
|
#
1.17 |
|
21-Jan-2017 |
benno |
acme-client use configuration file [3 of 5]
change command line options:
n -> A new Account key N -> D new Domain key
With this acme-client has these main usage patterns:
* create new Account Key and Domain Key and get a certificate:
acme-client -A -D www.example.com
* renew certificate:
acme-client www.example.com
* revoke certificate:
acme-client -r www.example.com
ok florian
|
#
1.16 |
|
21-Jan-2017 |
benno |
acme-client use configuration file [2 of 5]
- add challengedir option to config file - remove -C option from command line
ok florian
|
#
1.15 |
|
21-Jan-2017 |
benno |
acme-client use configuration file [1 of 5]
start using the configuration file and delete command line arguments:
-a agreement -> agreement url ... -c certdir -> domain certificate "path" -f accountkey -> account key "path" -k domainkey -> domain key "path" -s authority -> sign with "name"
new argument: -f configfile
the changes needed to use the new configuration are local to main.c for now. While the configuration could be passed directly to netproc(), keyproc() etc, the diff is smaller this way.
This also removes the multidir (-m) mode for now - specify different paths in each domain {} block instead.
ok florian
|
#
1.14 |
|
18-Sep-2016 |
benno |
add a config file parser to acme-client (unused at the moment, so that it can be worked on in the tree). ok florian@ deraadt@
|
#
1.13 |
|
13-Sep-2016 |
deraadt |
A small amount more KNF to make this easier on our eyes. Not going further than this. ok florian
|
#
1.12 |
|
13-Sep-2016 |
deraadt |
hoist local variable initialization directly into the definitions, rather than doing it right afterwards. ok florian
|
#
1.11 |
|
13-Sep-2016 |
deraadt |
Inconsistant use of case (value): idiom drives me nuts, I have no idea what purpose it was intended to serve.
|
#
1.10 |
|
01-Sep-2016 |
florian |
update usage(); pointed out by jmc@
|
#
1.9 |
|
01-Sep-2016 |
florian |
Implement table driven selection to which ACME authorities we can talk. Suggest by and OK deraadt, OK benno.
(Later on deraadt and benno discussed if this should be handled with a config file. This seems to be good enough for now. We can do a config file later.)
|
#
1.8 |
|
01-Sep-2016 |
florian |
we don't have config.h
|
#
1.7 |
|
01-Sep-2016 |
deraadt |
line wrap usage
|
#
1.6 |
|
01-Sep-2016 |
deraadt |
Collapse krazy abstractions for other sandbox models, using chroot and pledge directly as needed. ok florian
|
#
1.5 |
|
01-Sep-2016 |
benno |
knf
|
#
1.4 |
|
31-Aug-2016 |
benno |
whitespace
|
#
1.3 |
|
31-Aug-2016 |
deraadt |
revoke -> revocate, to avoid alias ok florian
|
#
1.2 |
|
31-Aug-2016 |
florian |
store files in directories called acme
|
#
1.1 |
|
31-Aug-2016 |
florian |
Import Kristaps' letskencrypt and call it acme-client in tree. OK to get it in deraadt@ (and probably beck@)
At least deraadt@, beck@ and otto@ are fine with the name and the disagreements stopped.
|
#
1.54 |
|
10-May-2020 |
benno |
Allow to have multiple domain ... {} sextions with the same domain name, by adding a new (optional) config option "domain name". This can be used to create a rsa and an ecdsa key for the same domain name. The old domain name in the 'title' line continues to be used as domain name in the abscence of the domain name argument, i.e. the change is backward compatible with current config files. tested by sthen@ ok florian@ sthen@
|
Revision tags: OPENBSD_6_7_BASE
|
#
1.53 |
|
07-Feb-2020 |
florian |
Do not define variables in extern.h since this will lead to duplicate definitions in every source file that includes extern.h. From Michael Forney (mforney AT mforney DOT org), thanks! OK jca
|
Revision tags: OPENBSD_6_6_BASE
|
#
1.52 |
|
17-Jun-2019 |
florian |
Implement elliptic curve account keys. OK benno Input & OK tb
|
#
1.51 |
|
16-Jun-2019 |
florian |
Trade unveil(2) for chroot(2). This uses less code and unveil(2) seems to be the better tool here. The directory one chroots into needs to be carefully setup (they are not) and comon wisedom is that root can break out of chroots. There is probably nothing wrong with the chroot code because of pledge but it still makes me feel uneasy. input & OK on previous version mestre OK on previous version deraadt bug found, input & OK benno
|
#
1.50 |
|
16-Jun-2019 |
florian |
acctkey indirection is unnecessary, just pass authority->account
|
#
1.49 |
|
14-Jun-2019 |
florian |
Track key type (RSA or ECDSA) in an enum and clean up a bit while here. Originaly from Renaud Allard following input from benno, tweaked by me. OK benno
|
#
1.48 |
|
12-Jun-2019 |
gilles |
use acme-client to sign certificated with ecdsa keys
diff from Renaud Allard <renaud@allard.it>, ok to get in from florian@
|
#
1.47 |
|
08-Jun-2019 |
florian |
Remove A and D flag, they are superfluous. One could always use them on the command line and acme-client would do the right thing.
|
#
1.46 |
|
07-Jun-2019 |
florian |
Implement RFC 8555 "Automatic Certificate Management Environment (ACME)" to be able to talk to the v02 Let's Encrypt API.
With this acme-client(1) will no longer be able to talk to the v01 API. Users must change the api url in /etc/acme-client.conf to https://acme-v02.api.letsencrypt.org/directory Existing accounts (and certs of course) stay valid and after the url change acme-client will be able to renew certs.
Tested by Renaud Allard and benno Input & OK benno
|
Revision tags: OPENBSD_6_5_BASE
|
#
1.45 |
|
09-Mar-2019 |
benno |
remove free() before exit() from main(), in ongoing work to make things more readable. otto notes that free() does some checks, but in this case readability is better than complete cleanup. ok florian@ deraadt@
|
#
1.44 |
|
09-Mar-2019 |
benno |
use temporary strings for calls to basename(), because it may change the contents of its argument (on other platforms). Also strdup() the result, because basename returns a pointer to static memory. ok florian@
|
#
1.43 |
|
08-Mar-2019 |
benno |
fix dirname usage in acme-client: dirname() can modify its argument (it does not on OpenBSD) so we need to us a copy of the string. In addition, copy the result of dirname() as well, because it's static storage and if we call dirname() again it will be overwritten. Original problem noted and fix suggested by Wolf (wolf AT wolfsden DOT cz) ok florian@
|
#
1.42 |
|
29-Jan-2019 |
benno |
add an extra check for existing "api ..." line in the config. move the check of existing "account ..." line from main.c to the parser. ok deraadt@
|
Revision tags: OPENBSD_6_4_BASE
|
#
1.41 |
|
30-Jul-2018 |
benno |
cleanup initialization of chngdir. inspired by Ross L Richardson. ok tb@
|
#
1.40 |
|
30-Jul-2018 |
benno |
replace exit() with return(), from Ross L Richardson. ok tb@ (previous 3 commits to main.c as well)
|
#
1.39 |
|
30-Jul-2018 |
benno |
replace warn() + exit() with err() From Ross L Richardson.
|
#
1.38 |
|
30-Jul-2018 |
benno |
line too long and whitespace. From Ross L Richardson.
|
#
1.37 |
|
30-Jul-2018 |
benno |
reorder option parsing to be alphabetical/same order as usage and manpage. From Ross L Richardson.
|
Revision tags: OPENBSD_6_3_BASE
|
#
1.36 |
|
27-Nov-2017 |
florian |
Deprecate agreement url config option and get the information from the directory call. This way we don't need to update the acme-client.conf file every time it changes. Still parse the option, ignore and warn about it for a release. Sysmerge should be able to handle the removal. "nice" deraadt@ OK benno
|
Revision tags: OPENBSD_6_2_BASE
|
#
1.35 |
|
27-May-2017 |
florian |
Use basename(3) instead of hand rolling it. Gets rid of double slashes, pointed out by Raf Czlonka (rczlonka at gmail), thanks!
OK benno
|
Revision tags: OPENBSD_6_1_BASE
|
#
1.34 |
|
23-Mar-2017 |
florian |
pull root check up, the parser will bomb out anyway OK benno
|
#
1.33 |
|
24-Jan-2017 |
jsing |
Make returns consistent and remove parentheses per style(9).
Transformed with coccinelle.
Requested by and ok tb@
|
#
1.32 |
|
24-Jan-2017 |
deraadt |
Complete jsing's coccinelle cleanup... by hand ok jsing
|
#
1.31 |
|
24-Jan-2017 |
deraadt |
errx() does not need extra newline
|
#
1.30 |
|
24-Jan-2017 |
jsing |
Replace comparisons between a constant or enum and an expression, with a comparison between the expression and the constant or enum. This significantly improves readability.
Transformed with coccinelle.
Requested by deraadt@
|
#
1.29 |
|
21-Jan-2017 |
jmc |
tweak previous;
|
#
1.28 |
|
21-Jan-2017 |
benno |
move config data structures mostly to TAILQs, because that way we preserve order.
ok florian@
|
#
1.27 |
|
21-Jan-2017 |
florian |
it is ok to only specify a full chain certificate OK benno
|
#
1.26 |
|
21-Jan-2017 |
benno |
add option 'domain full chain certificate "path"', revokation works, the fullchain file will be unlinked.
ok florian
|
#
1.25 |
|
21-Jan-2017 |
florian |
Implement domain chain certificate. OK benno
|
#
1.24 |
|
21-Jan-2017 |
florian |
Split certificate file from config file into certdir and certfile. This way we can still chroot to certdir but the the certificate file is not fixed to "cert.pem".
Writing of chain.pem and fullchain.pem is currently broken with this.
OK benno
|
#
1.23 |
|
21-Jan-2017 |
florian |
Remove backup option. This is not acme-client's business; also it gets in the way. OK benno
|
#
1.22 |
|
21-Jan-2017 |
florian |
We are only dealing with one domain on the command line OK benno
|
#
1.21 |
|
21-Jan-2017 |
florian |
typo; ok benno
|
#
1.20 |
|
21-Jan-2017 |
florian |
typo; ok benno
|
#
1.19 |
|
21-Jan-2017 |
benno |
acme-client use configuration file [5 of 5] implement new -n option to check and print configuration
ok florian
|
#
1.18 |
|
21-Jan-2017 |
benno |
acme-client use configuration file [4 of 5]
fix getopt()
ok florian
|
#
1.17 |
|
21-Jan-2017 |
benno |
acme-client use configuration file [3 of 5]
change command line options:
n -> A new Account key N -> D new Domain key
With this acme-client has these main usage patterns:
* create new Account Key and Domain Key and get a certificate:
acme-client -A -D www.example.com
* renew certificate:
acme-client www.example.com
* revoke certificate:
acme-client -r www.example.com
ok florian
|
#
1.16 |
|
21-Jan-2017 |
benno |
acme-client use configuration file [2 of 5]
- add challengedir option to config file - remove -C option from command line
ok florian
|
#
1.15 |
|
21-Jan-2017 |
benno |
acme-client use configuration file [1 of 5]
start using the configuration file and delete command line arguments:
-a agreement -> agreement url ... -c certdir -> domain certificate "path" -f accountkey -> account key "path" -k domainkey -> domain key "path" -s authority -> sign with "name"
new argument: -f configfile
the changes needed to use the new configuration are local to main.c for now. While the configuration could be passed directly to netproc(), keyproc() etc, the diff is smaller this way.
This also removes the multidir (-m) mode for now - specify different paths in each domain {} block instead.
ok florian
|
#
1.14 |
|
18-Sep-2016 |
benno |
add a config file parser to acme-client (unused at the moment, so that it can be worked on in the tree). ok florian@ deraadt@
|
#
1.13 |
|
13-Sep-2016 |
deraadt |
A small amount more KNF to make this easier on our eyes. Not going further than this. ok florian
|
#
1.12 |
|
13-Sep-2016 |
deraadt |
hoist local variable initialization directly into the definitions, rather than doing it right afterwards. ok florian
|
#
1.11 |
|
13-Sep-2016 |
deraadt |
Inconsistant use of case (value): idiom drives me nuts, I have no idea what purpose it was intended to serve.
|
#
1.10 |
|
01-Sep-2016 |
florian |
update usage(); pointed out by jmc@
|
#
1.9 |
|
01-Sep-2016 |
florian |
Implement table driven selection to which ACME authorities we can talk. Suggest by and OK deraadt, OK benno.
(Later on deraadt and benno discussed if this should be handled with a config file. This seems to be good enough for now. We can do a config file later.)
|
#
1.8 |
|
01-Sep-2016 |
florian |
we don't have config.h
|
#
1.7 |
|
01-Sep-2016 |
deraadt |
line wrap usage
|
#
1.6 |
|
01-Sep-2016 |
deraadt |
Collapse krazy abstractions for other sandbox models, using chroot and pledge directly as needed. ok florian
|
#
1.5 |
|
01-Sep-2016 |
benno |
knf
|
#
1.4 |
|
31-Aug-2016 |
benno |
whitespace
|
#
1.3 |
|
31-Aug-2016 |
deraadt |
revoke -> revocate, to avoid alias ok florian
|
#
1.2 |
|
31-Aug-2016 |
florian |
store files in directories called acme
|
#
1.1 |
|
31-Aug-2016 |
florian |
Import Kristaps' letskencrypt and call it acme-client in tree. OK to get it in deraadt@ (and probably beck@)
At least deraadt@, beck@ and otto@ are fine with the name and the disagreements stopped.
|
#
1.53 |
|
07-Feb-2020 |
florian |
Do not define variables in extern.h since this will lead to duplicate definitions in every source file that includes extern.h. From Michael Forney (mforney AT mforney DOT org), thanks! OK jca
|
Revision tags: OPENBSD_6_6_BASE
|
#
1.52 |
|
17-Jun-2019 |
florian |
Implement elliptic curve account keys. OK benno Input & OK tb
|
#
1.51 |
|
16-Jun-2019 |
florian |
Trade unveil(2) for chroot(2). This uses less code and unveil(2) seems to be the better tool here. The directory one chroots into needs to be carefully setup (they are not) and comon wisedom is that root can break out of chroots. There is probably nothing wrong with the chroot code because of pledge but it still makes me feel uneasy. input & OK on previous version mestre OK on previous version deraadt bug found, input & OK benno
|
#
1.50 |
|
16-Jun-2019 |
florian |
acctkey indirection is unnecessary, just pass authority->account
|
#
1.49 |
|
14-Jun-2019 |
florian |
Track key type (RSA or ECDSA) in an enum and clean up a bit while here. Originaly from Renaud Allard following input from benno, tweaked by me. OK benno
|
#
1.48 |
|
12-Jun-2019 |
gilles |
use acme-client to sign certificated with ecdsa keys
diff from Renaud Allard <renaud@allard.it>, ok to get in from florian@
|
#
1.47 |
|
08-Jun-2019 |
florian |
Remove A and D flag, they are superfluous. One could always use them on the command line and acme-client would do the right thing.
|
#
1.46 |
|
07-Jun-2019 |
florian |
Implement RFC 8555 "Automatic Certificate Management Environment (ACME)" to be able to talk to the v02 Let's Encrypt API.
With this acme-client(1) will no longer be able to talk to the v01 API. Users must change the api url in /etc/acme-client.conf to https://acme-v02.api.letsencrypt.org/directory Existing accounts (and certs of course) stay valid and after the url change acme-client will be able to renew certs.
Tested by Renaud Allard and benno Input & OK benno
|
Revision tags: OPENBSD_6_5_BASE
|
#
1.45 |
|
09-Mar-2019 |
benno |
remove free() before exit() from main(), in ongoing work to make things more readable. otto notes that free() does some checks, but in this case readability is better than complete cleanup. ok florian@ deraadt@
|
#
1.44 |
|
09-Mar-2019 |
benno |
use temporary strings for calls to basename(), because it may change the contents of its argument (on other platforms). Also strdup() the result, because basename returns a pointer to static memory. ok florian@
|
#
1.43 |
|
08-Mar-2019 |
benno |
fix dirname usage in acme-client: dirname() can modify its argument (it does not on OpenBSD) so we need to us a copy of the string. In addition, copy the result of dirname() as well, because it's static storage and if we call dirname() again it will be overwritten. Original problem noted and fix suggested by Wolf (wolf AT wolfsden DOT cz) ok florian@
|
#
1.42 |
|
29-Jan-2019 |
benno |
add an extra check for existing "api ..." line in the config. move the check of existing "account ..." line from main.c to the parser. ok deraadt@
|
Revision tags: OPENBSD_6_4_BASE
|
#
1.41 |
|
30-Jul-2018 |
benno |
cleanup initialization of chngdir. inspired by Ross L Richardson. ok tb@
|
#
1.40 |
|
30-Jul-2018 |
benno |
replace exit() with return(), from Ross L Richardson. ok tb@ (previous 3 commits to main.c as well)
|
#
1.39 |
|
30-Jul-2018 |
benno |
replace warn() + exit() with err() From Ross L Richardson.
|
#
1.38 |
|
30-Jul-2018 |
benno |
line too long and whitespace. From Ross L Richardson.
|
#
1.37 |
|
30-Jul-2018 |
benno |
reorder option parsing to be alphabetical/same order as usage and manpage. From Ross L Richardson.
|
Revision tags: OPENBSD_6_3_BASE
|
#
1.36 |
|
27-Nov-2017 |
florian |
Deprecate agreement url config option and get the information from the directory call. This way we don't need to update the acme-client.conf file every time it changes. Still parse the option, ignore and warn about it for a release. Sysmerge should be able to handle the removal. "nice" deraadt@ OK benno
|
Revision tags: OPENBSD_6_2_BASE
|
#
1.35 |
|
27-May-2017 |
florian |
Use basename(3) instead of hand rolling it. Gets rid of double slashes, pointed out by Raf Czlonka (rczlonka at gmail), thanks!
OK benno
|
Revision tags: OPENBSD_6_1_BASE
|
#
1.34 |
|
23-Mar-2017 |
florian |
pull root check up, the parser will bomb out anyway OK benno
|
#
1.33 |
|
24-Jan-2017 |
jsing |
Make returns consistent and remove parentheses per style(9).
Transformed with coccinelle.
Requested by and ok tb@
|
#
1.32 |
|
24-Jan-2017 |
deraadt |
Complete jsing's coccinelle cleanup... by hand ok jsing
|
#
1.31 |
|
24-Jan-2017 |
deraadt |
errx() does not need extra newline
|
#
1.30 |
|
24-Jan-2017 |
jsing |
Replace comparisons between a constant or enum and an expression, with a comparison between the expression and the constant or enum. This significantly improves readability.
Transformed with coccinelle.
Requested by deraadt@
|
#
1.29 |
|
21-Jan-2017 |
jmc |
tweak previous;
|
#
1.28 |
|
21-Jan-2017 |
benno |
move config data structures mostly to TAILQs, because that way we preserve order.
ok florian@
|
#
1.27 |
|
21-Jan-2017 |
florian |
it is ok to only specify a full chain certificate OK benno
|
#
1.26 |
|
21-Jan-2017 |
benno |
add option 'domain full chain certificate "path"', revokation works, the fullchain file will be unlinked.
ok florian
|
#
1.25 |
|
21-Jan-2017 |
florian |
Implement domain chain certificate. OK benno
|
#
1.24 |
|
21-Jan-2017 |
florian |
Split certificate file from config file into certdir and certfile. This way we can still chroot to certdir but the the certificate file is not fixed to "cert.pem".
Writing of chain.pem and fullchain.pem is currently broken with this.
OK benno
|
#
1.23 |
|
21-Jan-2017 |
florian |
Remove backup option. This is not acme-client's business; also it gets in the way. OK benno
|
#
1.22 |
|
21-Jan-2017 |
florian |
We are only dealing with one domain on the command line OK benno
|
#
1.21 |
|
21-Jan-2017 |
florian |
typo; ok benno
|
#
1.20 |
|
21-Jan-2017 |
florian |
typo; ok benno
|
#
1.19 |
|
21-Jan-2017 |
benno |
acme-client use configuration file [5 of 5] implement new -n option to check and print configuration
ok florian
|
#
1.18 |
|
21-Jan-2017 |
benno |
acme-client use configuration file [4 of 5]
fix getopt()
ok florian
|
#
1.17 |
|
21-Jan-2017 |
benno |
acme-client use configuration file [3 of 5]
change command line options:
n -> A new Account key N -> D new Domain key
With this acme-client has these main usage patterns:
* create new Account Key and Domain Key and get a certificate:
acme-client -A -D www.example.com
* renew certificate:
acme-client www.example.com
* revoke certificate:
acme-client -r www.example.com
ok florian
|
#
1.16 |
|
21-Jan-2017 |
benno |
acme-client use configuration file [2 of 5]
- add challengedir option to config file - remove -C option from command line
ok florian
|
#
1.15 |
|
21-Jan-2017 |
benno |
acme-client use configuration file [1 of 5]
start using the configuration file and delete command line arguments:
-a agreement -> agreement url ... -c certdir -> domain certificate "path" -f accountkey -> account key "path" -k domainkey -> domain key "path" -s authority -> sign with "name"
new argument: -f configfile
the changes needed to use the new configuration are local to main.c for now. While the configuration could be passed directly to netproc(), keyproc() etc, the diff is smaller this way.
This also removes the multidir (-m) mode for now - specify different paths in each domain {} block instead.
ok florian
|
#
1.14 |
|
18-Sep-2016 |
benno |
add a config file parser to acme-client (unused at the moment, so that it can be worked on in the tree). ok florian@ deraadt@
|
#
1.13 |
|
13-Sep-2016 |
deraadt |
A small amount more KNF to make this easier on our eyes. Not going further than this. ok florian
|
#
1.12 |
|
13-Sep-2016 |
deraadt |
hoist local variable initialization directly into the definitions, rather than doing it right afterwards. ok florian
|
#
1.11 |
|
13-Sep-2016 |
deraadt |
Inconsistant use of case (value): idiom drives me nuts, I have no idea what purpose it was intended to serve.
|
#
1.10 |
|
01-Sep-2016 |
florian |
update usage(); pointed out by jmc@
|
#
1.9 |
|
01-Sep-2016 |
florian |
Implement table driven selection to which ACME authorities we can talk. Suggest by and OK deraadt, OK benno.
(Later on deraadt and benno discussed if this should be handled with a config file. This seems to be good enough for now. We can do a config file later.)
|
#
1.8 |
|
01-Sep-2016 |
florian |
we don't have config.h
|
#
1.7 |
|
01-Sep-2016 |
deraadt |
line wrap usage
|
#
1.6 |
|
01-Sep-2016 |
deraadt |
Collapse krazy abstractions for other sandbox models, using chroot and pledge directly as needed. ok florian
|
#
1.5 |
|
01-Sep-2016 |
benno |
knf
|
#
1.4 |
|
31-Aug-2016 |
benno |
whitespace
|
#
1.3 |
|
31-Aug-2016 |
deraadt |
revoke -> revocate, to avoid alias ok florian
|
#
1.2 |
|
31-Aug-2016 |
florian |
store files in directories called acme
|
#
1.1 |
|
31-Aug-2016 |
florian |
Import Kristaps' letskencrypt and call it acme-client in tree. OK to get it in deraadt@ (and probably beck@)
At least deraadt@, beck@ and otto@ are fine with the name and the disagreements stopped.
|
#
1.52 |
|
17-Jun-2019 |
florian |
Implement elliptic curve account keys. OK benno Input & OK tb
|
#
1.51 |
|
16-Jun-2019 |
florian |
Trade unveil(2) for chroot(2). This uses less code and unveil(2) seems to be the better tool here. The directory one chroots into needs to be carefully setup (they are not) and comon wisedom is that root can break out of chroots. There is probably nothing wrong with the chroot code because of pledge but it still makes me feel uneasy. input & OK on previous version mestre OK on previous version deraadt bug found, input & OK benno
|
#
1.50 |
|
16-Jun-2019 |
florian |
acctkey indirection is unnecessary, just pass authority->account
|
#
1.49 |
|
14-Jun-2019 |
florian |
Track key type (RSA or ECDSA) in an enum and clean up a bit while here. Originaly from Renaud Allard following input from benno, tweaked by me. OK benno
|
#
1.48 |
|
12-Jun-2019 |
gilles |
use acme-client to sign certificated with ecdsa keys
diff from Renaud Allard <renaud@allard.it>, ok to get in from florian@
|
#
1.47 |
|
08-Jun-2019 |
florian |
Remove A and D flag, they are superfluous. One could always use them on the command line and acme-client would do the right thing.
|
#
1.46 |
|
07-Jun-2019 |
florian |
Implement RFC 8555 "Automatic Certificate Management Environment (ACME)" to be able to talk to the v02 Let's Encrypt API.
With this acme-client(1) will no longer be able to talk to the v01 API. Users must change the api url in /etc/acme-client.conf to https://acme-v02.api.letsencrypt.org/directory Existing accounts (and certs of course) stay valid and after the url change acme-client will be able to renew certs.
Tested by Renaud Allard and benno Input & OK benno
|
Revision tags: OPENBSD_6_5_BASE
|
#
1.45 |
|
09-Mar-2019 |
benno |
remove free() before exit() from main(), in ongoing work to make things more readable. otto notes that free() does some checks, but in this case readability is better than complete cleanup. ok florian@ deraadt@
|
#
1.44 |
|
09-Mar-2019 |
benno |
use temporary strings for calls to basename(), because it may change the contents of its argument (on other platforms). Also strdup() the result, because basename returns a pointer to static memory. ok florian@
|
#
1.43 |
|
08-Mar-2019 |
benno |
fix dirname usage in acme-client: dirname() can modify its argument (it does not on OpenBSD) so we need to us a copy of the string. In addition, copy the result of dirname() as well, because it's static storage and if we call dirname() again it will be overwritten. Original problem noted and fix suggested by Wolf (wolf AT wolfsden DOT cz) ok florian@
|
#
1.42 |
|
29-Jan-2019 |
benno |
add an extra check for existing "api ..." line in the config. move the check of existing "account ..." line from main.c to the parser. ok deraadt@
|
Revision tags: OPENBSD_6_4_BASE
|
#
1.41 |
|
30-Jul-2018 |
benno |
cleanup initialization of chngdir. inspired by Ross L Richardson. ok tb@
|
#
1.40 |
|
30-Jul-2018 |
benno |
replace exit() with return(), from Ross L Richardson. ok tb@ (previous 3 commits to main.c as well)
|
#
1.39 |
|
30-Jul-2018 |
benno |
replace warn() + exit() with err() From Ross L Richardson.
|
#
1.38 |
|
30-Jul-2018 |
benno |
line too long and whitespace. From Ross L Richardson.
|
#
1.37 |
|
30-Jul-2018 |
benno |
reorder option parsing to be alphabetical/same order as usage and manpage. From Ross L Richardson.
|
Revision tags: OPENBSD_6_3_BASE
|
#
1.36 |
|
27-Nov-2017 |
florian |
Deprecate agreement url config option and get the information from the directory call. This way we don't need to update the acme-client.conf file every time it changes. Still parse the option, ignore and warn about it for a release. Sysmerge should be able to handle the removal. "nice" deraadt@ OK benno
|
Revision tags: OPENBSD_6_2_BASE
|
#
1.35 |
|
27-May-2017 |
florian |
Use basename(3) instead of hand rolling it. Gets rid of double slashes, pointed out by Raf Czlonka (rczlonka at gmail), thanks!
OK benno
|
Revision tags: OPENBSD_6_1_BASE
|
#
1.34 |
|
23-Mar-2017 |
florian |
pull root check up, the parser will bomb out anyway OK benno
|
#
1.33 |
|
24-Jan-2017 |
jsing |
Make returns consistent and remove parentheses per style(9).
Transformed with coccinelle.
Requested by and ok tb@
|
#
1.32 |
|
24-Jan-2017 |
deraadt |
Complete jsing's coccinelle cleanup... by hand ok jsing
|
#
1.31 |
|
24-Jan-2017 |
deraadt |
errx() does not need extra newline
|
#
1.30 |
|
24-Jan-2017 |
jsing |
Replace comparisons between a constant or enum and an expression, with a comparison between the expression and the constant or enum. This significantly improves readability.
Transformed with coccinelle.
Requested by deraadt@
|
#
1.29 |
|
21-Jan-2017 |
jmc |
tweak previous;
|
#
1.28 |
|
21-Jan-2017 |
benno |
move config data structures mostly to TAILQs, because that way we preserve order.
ok florian@
|
#
1.27 |
|
21-Jan-2017 |
florian |
it is ok to only specify a full chain certificate OK benno
|
#
1.26 |
|
21-Jan-2017 |
benno |
add option 'domain full chain certificate "path"', revokation works, the fullchain file will be unlinked.
ok florian
|
#
1.25 |
|
21-Jan-2017 |
florian |
Implement domain chain certificate. OK benno
|
#
1.24 |
|
21-Jan-2017 |
florian |
Split certificate file from config file into certdir and certfile. This way we can still chroot to certdir but the the certificate file is not fixed to "cert.pem".
Writing of chain.pem and fullchain.pem is currently broken with this.
OK benno
|
#
1.23 |
|
21-Jan-2017 |
florian |
Remove backup option. This is not acme-client's business; also it gets in the way. OK benno
|
#
1.22 |
|
21-Jan-2017 |
florian |
We are only dealing with one domain on the command line OK benno
|
#
1.21 |
|
21-Jan-2017 |
florian |
typo; ok benno
|
#
1.20 |
|
21-Jan-2017 |
florian |
typo; ok benno
|
#
1.19 |
|
21-Jan-2017 |
benno |
acme-client use configuration file [5 of 5] implement new -n option to check and print configuration
ok florian
|
#
1.18 |
|
21-Jan-2017 |
benno |
acme-client use configuration file [4 of 5]
fix getopt()
ok florian
|
#
1.17 |
|
21-Jan-2017 |
benno |
acme-client use configuration file [3 of 5]
change command line options:
n -> A new Account key N -> D new Domain key
With this acme-client has these main usage patterns:
* create new Account Key and Domain Key and get a certificate:
acme-client -A -D www.example.com
* renew certificate:
acme-client www.example.com
* revoke certificate:
acme-client -r www.example.com
ok florian
|
#
1.16 |
|
21-Jan-2017 |
benno |
acme-client use configuration file [2 of 5]
- add challengedir option to config file - remove -C option from command line
ok florian
|
#
1.15 |
|
21-Jan-2017 |
benno |
acme-client use configuration file [1 of 5]
start using the configuration file and delete command line arguments:
-a agreement -> agreement url ... -c certdir -> domain certificate "path" -f accountkey -> account key "path" -k domainkey -> domain key "path" -s authority -> sign with "name"
new argument: -f configfile
the changes needed to use the new configuration are local to main.c for now. While the configuration could be passed directly to netproc(), keyproc() etc, the diff is smaller this way.
This also removes the multidir (-m) mode for now - specify different paths in each domain {} block instead.
ok florian
|
#
1.14 |
|
18-Sep-2016 |
benno |
add a config file parser to acme-client (unused at the moment, so that it can be worked on in the tree). ok florian@ deraadt@
|
#
1.13 |
|
13-Sep-2016 |
deraadt |
A small amount more KNF to make this easier on our eyes. Not going further than this. ok florian
|
#
1.12 |
|
13-Sep-2016 |
deraadt |
hoist local variable initialization directly into the definitions, rather than doing it right afterwards. ok florian
|
#
1.11 |
|
13-Sep-2016 |
deraadt |
Inconsistant use of case (value): idiom drives me nuts, I have no idea what purpose it was intended to serve.
|
#
1.10 |
|
01-Sep-2016 |
florian |
update usage(); pointed out by jmc@
|
#
1.9 |
|
01-Sep-2016 |
florian |
Implement table driven selection to which ACME authorities we can talk. Suggest by and OK deraadt, OK benno.
(Later on deraadt and benno discussed if this should be handled with a config file. This seems to be good enough for now. We can do a config file later.)
|
#
1.8 |
|
01-Sep-2016 |
florian |
we don't have config.h
|
#
1.7 |
|
01-Sep-2016 |
deraadt |
line wrap usage
|
#
1.6 |
|
01-Sep-2016 |
deraadt |
Collapse krazy abstractions for other sandbox models, using chroot and pledge directly as needed. ok florian
|
#
1.5 |
|
01-Sep-2016 |
benno |
knf
|
#
1.4 |
|
31-Aug-2016 |
benno |
whitespace
|
#
1.3 |
|
31-Aug-2016 |
deraadt |
revoke -> revocate, to avoid alias ok florian
|
#
1.2 |
|
31-Aug-2016 |
florian |
store files in directories called acme
|
#
1.1 |
|
31-Aug-2016 |
florian |
Import Kristaps' letskencrypt and call it acme-client in tree. OK to get it in deraadt@ (and probably beck@)
At least deraadt@, beck@ and otto@ are fine with the name and the disagreements stopped.
|
#
1.51 |
|
16-Jun-2019 |
florian |
Trade unveil(2) for chroot(2). This uses less code and unveil(2) seems to be the better tool here. The directory one chroots into needs to be carefully setup (they are not) and comon wisedom is that root can break out of chroots. There is probably nothing wrong with the chroot code because of pledge but it still makes me feel uneasy. input & OK on previous version mestre OK on previous version deraadt bug found, input & OK benno
|
#
1.50 |
|
16-Jun-2019 |
florian |
acctkey indirection is unnecessary, just pass authority->account
|
#
1.49 |
|
14-Jun-2019 |
florian |
Track key type (RSA or ECDSA) in an enum and clean up a bit while here. Originaly from Renaud Allard following input from benno, tweaked by me. OK benno
|
#
1.48 |
|
12-Jun-2019 |
gilles |
use acme-client to sign certificated with ecdsa keys
diff from Renaud Allard <renaud@allard.it>, ok to get in from florian@
|
#
1.47 |
|
08-Jun-2019 |
florian |
Remove A and D flag, they are superfluous. One could always use them on the command line and acme-client would do the right thing.
|
#
1.46 |
|
07-Jun-2019 |
florian |
Implement RFC 8555 "Automatic Certificate Management Environment (ACME)" to be able to talk to the v02 Let's Encrypt API.
With this acme-client(1) will no longer be able to talk to the v01 API. Users must change the api url in /etc/acme-client.conf to https://acme-v02.api.letsencrypt.org/directory Existing accounts (and certs of course) stay valid and after the url change acme-client will be able to renew certs.
Tested by Renaud Allard and benno Input & OK benno
|
Revision tags: OPENBSD_6_5_BASE
|
#
1.45 |
|
09-Mar-2019 |
benno |
remove free() before exit() from main(), in ongoing work to make things more readable. otto notes that free() does some checks, but in this case readability is better than complete cleanup. ok florian@ deraadt@
|
#
1.44 |
|
09-Mar-2019 |
benno |
use temporary strings for calls to basename(), because it may change the contents of its argument (on other platforms). Also strdup() the result, because basename returns a pointer to static memory. ok florian@
|
#
1.43 |
|
08-Mar-2019 |
benno |
fix dirname usage in acme-client: dirname() can modify its argument (it does not on OpenBSD) so we need to us a copy of the string. In addition, copy the result of dirname() as well, because it's static storage and if we call dirname() again it will be overwritten. Original problem noted and fix suggested by Wolf (wolf AT wolfsden DOT cz) ok florian@
|
#
1.42 |
|
29-Jan-2019 |
benno |
add an extra check for existing "api ..." line in the config. move the check of existing "account ..." line from main.c to the parser. ok deraadt@
|
Revision tags: OPENBSD_6_4_BASE
|
#
1.41 |
|
30-Jul-2018 |
benno |
cleanup initialization of chngdir. inspired by Ross L Richardson. ok tb@
|
#
1.40 |
|
30-Jul-2018 |
benno |
replace exit() with return(), from Ross L Richardson. ok tb@ (previous 3 commits to main.c as well)
|
#
1.39 |
|
30-Jul-2018 |
benno |
replace warn() + exit() with err() From Ross L Richardson.
|
#
1.38 |
|
30-Jul-2018 |
benno |
line too long and whitespace. From Ross L Richardson.
|
#
1.37 |
|
30-Jul-2018 |
benno |
reorder option parsing to be alphabetical/same order as usage and manpage. From Ross L Richardson.
|
Revision tags: OPENBSD_6_3_BASE
|
#
1.36 |
|
27-Nov-2017 |
florian |
Deprecate agreement url config option and get the information from the directory call. This way we don't need to update the acme-client.conf file every time it changes. Still parse the option, ignore and warn about it for a release. Sysmerge should be able to handle the removal. "nice" deraadt@ OK benno
|
Revision tags: OPENBSD_6_2_BASE
|
#
1.35 |
|
27-May-2017 |
florian |
Use basename(3) instead of hand rolling it. Gets rid of double slashes, pointed out by Raf Czlonka (rczlonka at gmail), thanks!
OK benno
|
Revision tags: OPENBSD_6_1_BASE
|
#
1.34 |
|
23-Mar-2017 |
florian |
pull root check up, the parser will bomb out anyway OK benno
|
#
1.33 |
|
24-Jan-2017 |
jsing |
Make returns consistent and remove parentheses per style(9).
Transformed with coccinelle.
Requested by and ok tb@
|
#
1.32 |
|
24-Jan-2017 |
deraadt |
Complete jsing's coccinelle cleanup... by hand ok jsing
|
#
1.31 |
|
24-Jan-2017 |
deraadt |
errx() does not need extra newline
|
#
1.30 |
|
24-Jan-2017 |
jsing |
Replace comparisons between a constant or enum and an expression, with a comparison between the expression and the constant or enum. This significantly improves readability.
Transformed with coccinelle.
Requested by deraadt@
|
#
1.29 |
|
21-Jan-2017 |
jmc |
tweak previous;
|
#
1.28 |
|
21-Jan-2017 |
benno |
move config data structures mostly to TAILQs, because that way we preserve order.
ok florian@
|
#
1.27 |
|
21-Jan-2017 |
florian |
it is ok to only specify a full chain certificate OK benno
|
#
1.26 |
|
21-Jan-2017 |
benno |
add option 'domain full chain certificate "path"', revokation works, the fullchain file will be unlinked.
ok florian
|
#
1.25 |
|
21-Jan-2017 |
florian |
Implement domain chain certificate. OK benno
|
#
1.24 |
|
21-Jan-2017 |
florian |
Split certificate file from config file into certdir and certfile. This way we can still chroot to certdir but the the certificate file is not fixed to "cert.pem".
Writing of chain.pem and fullchain.pem is currently broken with this.
OK benno
|
#
1.23 |
|
21-Jan-2017 |
florian |
Remove backup option. This is not acme-client's business; also it gets in the way. OK benno
|
#
1.22 |
|
21-Jan-2017 |
florian |
We are only dealing with one domain on the command line OK benno
|
#
1.21 |
|
21-Jan-2017 |
florian |
typo; ok benno
|
#
1.20 |
|
21-Jan-2017 |
florian |
typo; ok benno
|
#
1.19 |
|
21-Jan-2017 |
benno |
acme-client use configuration file [5 of 5] implement new -n option to check and print configuration
ok florian
|
#
1.18 |
|
21-Jan-2017 |
benno |
acme-client use configuration file [4 of 5]
fix getopt()
ok florian
|
#
1.17 |
|
21-Jan-2017 |
benno |
acme-client use configuration file [3 of 5]
change command line options:
n -> A new Account key N -> D new Domain key
With this acme-client has these main usage patterns:
* create new Account Key and Domain Key and get a certificate:
acme-client -A -D www.example.com
* renew certificate:
acme-client www.example.com
* revoke certificate:
acme-client -r www.example.com
ok florian
|
#
1.16 |
|
21-Jan-2017 |
benno |
acme-client use configuration file [2 of 5]
- add challengedir option to config file - remove -C option from command line
ok florian
|
#
1.15 |
|
21-Jan-2017 |
benno |
acme-client use configuration file [1 of 5]
start using the configuration file and delete command line arguments:
-a agreement -> agreement url ... -c certdir -> domain certificate "path" -f accountkey -> account key "path" -k domainkey -> domain key "path" -s authority -> sign with "name"
new argument: -f configfile
the changes needed to use the new configuration are local to main.c for now. While the configuration could be passed directly to netproc(), keyproc() etc, the diff is smaller this way.
This also removes the multidir (-m) mode for now - specify different paths in each domain {} block instead.
ok florian
|
#
1.14 |
|
18-Sep-2016 |
benno |
add a config file parser to acme-client (unused at the moment, so that it can be worked on in the tree). ok florian@ deraadt@
|
#
1.13 |
|
13-Sep-2016 |
deraadt |
A small amount more KNF to make this easier on our eyes. Not going further than this. ok florian
|
#
1.12 |
|
13-Sep-2016 |
deraadt |
hoist local variable initialization directly into the definitions, rather than doing it right afterwards. ok florian
|
#
1.11 |
|
13-Sep-2016 |
deraadt |
Inconsistant use of case (value): idiom drives me nuts, I have no idea what purpose it was intended to serve.
|
#
1.10 |
|
01-Sep-2016 |
florian |
update usage(); pointed out by jmc@
|
#
1.9 |
|
01-Sep-2016 |
florian |
Implement table driven selection to which ACME authorities we can talk. Suggest by and OK deraadt, OK benno.
(Later on deraadt and benno discussed if this should be handled with a config file. This seems to be good enough for now. We can do a config file later.)
|
#
1.8 |
|
01-Sep-2016 |
florian |
we don't have config.h
|
#
1.7 |
|
01-Sep-2016 |
deraadt |
line wrap usage
|
#
1.6 |
|
01-Sep-2016 |
deraadt |
Collapse krazy abstractions for other sandbox models, using chroot and pledge directly as needed. ok florian
|
#
1.5 |
|
01-Sep-2016 |
benno |
knf
|
#
1.4 |
|
31-Aug-2016 |
benno |
whitespace
|
#
1.3 |
|
31-Aug-2016 |
deraadt |
revoke -> revocate, to avoid alias ok florian
|
#
1.2 |
|
31-Aug-2016 |
florian |
store files in directories called acme
|
#
1.1 |
|
31-Aug-2016 |
florian |
Import Kristaps' letskencrypt and call it acme-client in tree. OK to get it in deraadt@ (and probably beck@)
At least deraadt@, beck@ and otto@ are fine with the name and the disagreements stopped.
|
#
1.50 |
|
16-Jun-2019 |
florian |
acctkey indirection is unnecessary, just pass authority->account
|
#
1.49 |
|
14-Jun-2019 |
florian |
Track key type (RSA or ECDSA) in an enum and clean up a bit while here. Originaly from Renaud Allard following input from benno, tweaked by me. OK benno
|
#
1.48 |
|
12-Jun-2019 |
gilles |
use acme-client to sign certificated with ecdsa keys
diff from Renaud Allard <renaud@allard.it>, ok to get in from florian@
|
#
1.47 |
|
08-Jun-2019 |
florian |
Remove A and D flag, they are superfluous. One could always use them on the command line and acme-client would do the right thing.
|
#
1.46 |
|
07-Jun-2019 |
florian |
Implement RFC 8555 "Automatic Certificate Management Environment (ACME)" to be able to talk to the v02 Let's Encrypt API.
With this acme-client(1) will no longer be able to talk to the v01 API. Users must change the api url in /etc/acme-client.conf to https://acme-v02.api.letsencrypt.org/directory Existing accounts (and certs of course) stay valid and after the url change acme-client will be able to renew certs.
Tested by Renaud Allard and benno Input & OK benno
|
Revision tags: OPENBSD_6_5_BASE
|
#
1.45 |
|
09-Mar-2019 |
benno |
remove free() before exit() from main(), in ongoing work to make things more readable. otto notes that free() does some checks, but in this case readability is better than complete cleanup. ok florian@ deraadt@
|
#
1.44 |
|
09-Mar-2019 |
benno |
use temporary strings for calls to basename(), because it may change the contents of its argument (on other platforms). Also strdup() the result, because basename returns a pointer to static memory. ok florian@
|
#
1.43 |
|
08-Mar-2019 |
benno |
fix dirname usage in acme-client: dirname() can modify its argument (it does not on OpenBSD) so we need to us a copy of the string. In addition, copy the result of dirname() as well, because it's static storage and if we call dirname() again it will be overwritten. Original problem noted and fix suggested by Wolf (wolf AT wolfsden DOT cz) ok florian@
|
#
1.42 |
|
29-Jan-2019 |
benno |
add an extra check for existing "api ..." line in the config. move the check of existing "account ..." line from main.c to the parser. ok deraadt@
|
Revision tags: OPENBSD_6_4_BASE
|
#
1.41 |
|
30-Jul-2018 |
benno |
cleanup initialization of chngdir. inspired by Ross L Richardson. ok tb@
|
#
1.40 |
|
30-Jul-2018 |
benno |
replace exit() with return(), from Ross L Richardson. ok tb@ (previous 3 commits to main.c as well)
|
#
1.39 |
|
30-Jul-2018 |
benno |
replace warn() + exit() with err() From Ross L Richardson.
|
#
1.38 |
|
30-Jul-2018 |
benno |
line too long and whitespace. From Ross L Richardson.
|
#
1.37 |
|
30-Jul-2018 |
benno |
reorder option parsing to be alphabetical/same order as usage and manpage. From Ross L Richardson.
|
Revision tags: OPENBSD_6_3_BASE
|
#
1.36 |
|
27-Nov-2017 |
florian |
Deprecate agreement url config option and get the information from the directory call. This way we don't need to update the acme-client.conf file every time it changes. Still parse the option, ignore and warn about it for a release. Sysmerge should be able to handle the removal. "nice" deraadt@ OK benno
|
Revision tags: OPENBSD_6_2_BASE
|
#
1.35 |
|
27-May-2017 |
florian |
Use basename(3) instead of hand rolling it. Gets rid of double slashes, pointed out by Raf Czlonka (rczlonka at gmail), thanks!
OK benno
|
Revision tags: OPENBSD_6_1_BASE
|
#
1.34 |
|
23-Mar-2017 |
florian |
pull root check up, the parser will bomb out anyway OK benno
|
#
1.33 |
|
24-Jan-2017 |
jsing |
Make returns consistent and remove parentheses per style(9).
Transformed with coccinelle.
Requested by and ok tb@
|
#
1.32 |
|
24-Jan-2017 |
deraadt |
Complete jsing's coccinelle cleanup... by hand ok jsing
|
#
1.31 |
|
24-Jan-2017 |
deraadt |
errx() does not need extra newline
|
#
1.30 |
|
24-Jan-2017 |
jsing |
Replace comparisons between a constant or enum and an expression, with a comparison between the expression and the constant or enum. This significantly improves readability.
Transformed with coccinelle.
Requested by deraadt@
|
#
1.29 |
|
21-Jan-2017 |
jmc |
tweak previous;
|
#
1.28 |
|
21-Jan-2017 |
benno |
move config data structures mostly to TAILQs, because that way we preserve order.
ok florian@
|
#
1.27 |
|
21-Jan-2017 |
florian |
it is ok to only specify a full chain certificate OK benno
|
#
1.26 |
|
21-Jan-2017 |
benno |
add option 'domain full chain certificate "path"', revokation works, the fullchain file will be unlinked.
ok florian
|
#
1.25 |
|
21-Jan-2017 |
florian |
Implement domain chain certificate. OK benno
|
#
1.24 |
|
21-Jan-2017 |
florian |
Split certificate file from config file into certdir and certfile. This way we can still chroot to certdir but the the certificate file is not fixed to "cert.pem".
Writing of chain.pem and fullchain.pem is currently broken with this.
OK benno
|
#
1.23 |
|
21-Jan-2017 |
florian |
Remove backup option. This is not acme-client's business; also it gets in the way. OK benno
|
#
1.22 |
|
21-Jan-2017 |
florian |
We are only dealing with one domain on the command line OK benno
|
#
1.21 |
|
21-Jan-2017 |
florian |
typo; ok benno
|
#
1.20 |
|
21-Jan-2017 |
florian |
typo; ok benno
|
#
1.19 |
|
21-Jan-2017 |
benno |
acme-client use configuration file [5 of 5] implement new -n option to check and print configuration
ok florian
|
#
1.18 |
|
21-Jan-2017 |
benno |
acme-client use configuration file [4 of 5]
fix getopt()
ok florian
|
#
1.17 |
|
21-Jan-2017 |
benno |
acme-client use configuration file [3 of 5]
change command line options:
n -> A new Account key N -> D new Domain key
With this acme-client has these main usage patterns:
* create new Account Key and Domain Key and get a certificate:
acme-client -A -D www.example.com
* renew certificate:
acme-client www.example.com
* revoke certificate:
acme-client -r www.example.com
ok florian
|
#
1.16 |
|
21-Jan-2017 |
benno |
acme-client use configuration file [2 of 5]
- add challengedir option to config file - remove -C option from command line
ok florian
|
#
1.15 |
|
21-Jan-2017 |
benno |
acme-client use configuration file [1 of 5]
start using the configuration file and delete command line arguments:
-a agreement -> agreement url ... -c certdir -> domain certificate "path" -f accountkey -> account key "path" -k domainkey -> domain key "path" -s authority -> sign with "name"
new argument: -f configfile
the changes needed to use the new configuration are local to main.c for now. While the configuration could be passed directly to netproc(), keyproc() etc, the diff is smaller this way.
This also removes the multidir (-m) mode for now - specify different paths in each domain {} block instead.
ok florian
|
#
1.14 |
|
18-Sep-2016 |
benno |
add a config file parser to acme-client (unused at the moment, so that it can be worked on in the tree). ok florian@ deraadt@
|
#
1.13 |
|
13-Sep-2016 |
deraadt |
A small amount more KNF to make this easier on our eyes. Not going further than this. ok florian
|
#
1.12 |
|
13-Sep-2016 |
deraadt |
hoist local variable initialization directly into the definitions, rather than doing it right afterwards. ok florian
|
#
1.11 |
|
13-Sep-2016 |
deraadt |
Inconsistant use of case (value): idiom drives me nuts, I have no idea what purpose it was intended to serve.
|
#
1.10 |
|
01-Sep-2016 |
florian |
update usage(); pointed out by jmc@
|
#
1.9 |
|
01-Sep-2016 |
florian |
Implement table driven selection to which ACME authorities we can talk. Suggest by and OK deraadt, OK benno.
(Later on deraadt and benno discussed if this should be handled with a config file. This seems to be good enough for now. We can do a config file later.)
|
#
1.8 |
|
01-Sep-2016 |
florian |
we don't have config.h
|
#
1.7 |
|
01-Sep-2016 |
deraadt |
line wrap usage
|
#
1.6 |
|
01-Sep-2016 |
deraadt |
Collapse krazy abstractions for other sandbox models, using chroot and pledge directly as needed. ok florian
|
#
1.5 |
|
01-Sep-2016 |
benno |
knf
|
#
1.4 |
|
31-Aug-2016 |
benno |
whitespace
|
#
1.3 |
|
31-Aug-2016 |
deraadt |
revoke -> revocate, to avoid alias ok florian
|
#
1.2 |
|
31-Aug-2016 |
florian |
store files in directories called acme
|
#
1.1 |
|
31-Aug-2016 |
florian |
Import Kristaps' letskencrypt and call it acme-client in tree. OK to get it in deraadt@ (and probably beck@)
At least deraadt@, beck@ and otto@ are fine with the name and the disagreements stopped.
|
#
1.49 |
|
14-Jun-2019 |
florian |
Track key type (RSA or ECDSA) in an enum and clean up a bit while here. Originaly from Renaud Allard following input from benno, tweaked by me. OK benno
|
#
1.48 |
|
12-Jun-2019 |
gilles |
use acme-client to sign certificated with ecdsa keys
diff from Renaud Allard <renaud@allard.it>, ok to get in from florian@
|
#
1.47 |
|
08-Jun-2019 |
florian |
Remove A and D flag, they are superfluous. One could always use them on the command line and acme-client would do the right thing.
|
#
1.46 |
|
07-Jun-2019 |
florian |
Implement RFC 8555 "Automatic Certificate Management Environment (ACME)" to be able to talk to the v02 Let's Encrypt API.
With this acme-client(1) will no longer be able to talk to the v01 API. Users must change the api url in /etc/acme-client.conf to https://acme-v02.api.letsencrypt.org/directory Existing accounts (and certs of course) stay valid and after the url change acme-client will be able to renew certs.
Tested by Renaud Allard and benno Input & OK benno
|
Revision tags: OPENBSD_6_5_BASE
|
#
1.45 |
|
09-Mar-2019 |
benno |
remove free() before exit() from main(), in ongoing work to make things more readable. otto notes that free() does some checks, but in this case readability is better than complete cleanup. ok florian@ deraadt@
|
#
1.44 |
|
09-Mar-2019 |
benno |
use temporary strings for calls to basename(), because it may change the contents of its argument (on other platforms). Also strdup() the result, because basename returns a pointer to static memory. ok florian@
|
#
1.43 |
|
08-Mar-2019 |
benno |
fix dirname usage in acme-client: dirname() can modify its argument (it does not on OpenBSD) so we need to us a copy of the string. In addition, copy the result of dirname() as well, because it's static storage and if we call dirname() again it will be overwritten. Original problem noted and fix suggested by Wolf (wolf AT wolfsden DOT cz) ok florian@
|
#
1.42 |
|
29-Jan-2019 |
benno |
add an extra check for existing "api ..." line in the config. move the check of existing "account ..." line from main.c to the parser. ok deraadt@
|
Revision tags: OPENBSD_6_4_BASE
|
#
1.41 |
|
30-Jul-2018 |
benno |
cleanup initialization of chngdir. inspired by Ross L Richardson. ok tb@
|
#
1.40 |
|
30-Jul-2018 |
benno |
replace exit() with return(), from Ross L Richardson. ok tb@ (previous 3 commits to main.c as well)
|
#
1.39 |
|
30-Jul-2018 |
benno |
replace warn() + exit() with err() From Ross L Richardson.
|
#
1.38 |
|
30-Jul-2018 |
benno |
line too long and whitespace. From Ross L Richardson.
|
#
1.37 |
|
30-Jul-2018 |
benno |
reorder option parsing to be alphabetical/same order as usage and manpage. From Ross L Richardson.
|
Revision tags: OPENBSD_6_3_BASE
|
#
1.36 |
|
27-Nov-2017 |
florian |
Deprecate agreement url config option and get the information from the directory call. This way we don't need to update the acme-client.conf file every time it changes. Still parse the option, ignore and warn about it for a release. Sysmerge should be able to handle the removal. "nice" deraadt@ OK benno
|
Revision tags: OPENBSD_6_2_BASE
|
#
1.35 |
|
27-May-2017 |
florian |
Use basename(3) instead of hand rolling it. Gets rid of double slashes, pointed out by Raf Czlonka (rczlonka at gmail), thanks!
OK benno
|
Revision tags: OPENBSD_6_1_BASE
|
#
1.34 |
|
23-Mar-2017 |
florian |
pull root check up, the parser will bomb out anyway OK benno
|
#
1.33 |
|
24-Jan-2017 |
jsing |
Make returns consistent and remove parentheses per style(9).
Transformed with coccinelle.
Requested by and ok tb@
|
#
1.32 |
|
24-Jan-2017 |
deraadt |
Complete jsing's coccinelle cleanup... by hand ok jsing
|
#
1.31 |
|
24-Jan-2017 |
deraadt |
errx() does not need extra newline
|
#
1.30 |
|
24-Jan-2017 |
jsing |
Replace comparisons between a constant or enum and an expression, with a comparison between the expression and the constant or enum. This significantly improves readability.
Transformed with coccinelle.
Requested by deraadt@
|
#
1.29 |
|
21-Jan-2017 |
jmc |
tweak previous;
|
#
1.28 |
|
21-Jan-2017 |
benno |
move config data structures mostly to TAILQs, because that way we preserve order.
ok florian@
|
#
1.27 |
|
21-Jan-2017 |
florian |
it is ok to only specify a full chain certificate OK benno
|
#
1.26 |
|
21-Jan-2017 |
benno |
add option 'domain full chain certificate "path"', revokation works, the fullchain file will be unlinked.
ok florian
|
#
1.25 |
|
21-Jan-2017 |
florian |
Implement domain chain certificate. OK benno
|
#
1.24 |
|
21-Jan-2017 |
florian |
Split certificate file from config file into certdir and certfile. This way we can still chroot to certdir but the the certificate file is not fixed to "cert.pem".
Writing of chain.pem and fullchain.pem is currently broken with this.
OK benno
|
#
1.23 |
|
21-Jan-2017 |
florian |
Remove backup option. This is not acme-client's business; also it gets in the way. OK benno
|
#
1.22 |
|
21-Jan-2017 |
florian |
We are only dealing with one domain on the command line OK benno
|
#
1.21 |
|
21-Jan-2017 |
florian |
typo; ok benno
|
#
1.20 |
|
21-Jan-2017 |
florian |
typo; ok benno
|
#
1.19 |
|
21-Jan-2017 |
benno |
acme-client use configuration file [5 of 5] implement new -n option to check and print configuration
ok florian
|
#
1.18 |
|
21-Jan-2017 |
benno |
acme-client use configuration file [4 of 5]
fix getopt()
ok florian
|
#
1.17 |
|
21-Jan-2017 |
benno |
acme-client use configuration file [3 of 5]
change command line options:
n -> A new Account key N -> D new Domain key
With this acme-client has these main usage patterns:
* create new Account Key and Domain Key and get a certificate:
acme-client -A -D www.example.com
* renew certificate:
acme-client www.example.com
* revoke certificate:
acme-client -r www.example.com
ok florian
|
#
1.16 |
|
21-Jan-2017 |
benno |
acme-client use configuration file [2 of 5]
- add challengedir option to config file - remove -C option from command line
ok florian
|
#
1.15 |
|
21-Jan-2017 |
benno |
acme-client use configuration file [1 of 5]
start using the configuration file and delete command line arguments:
-a agreement -> agreement url ... -c certdir -> domain certificate "path" -f accountkey -> account key "path" -k domainkey -> domain key "path" -s authority -> sign with "name"
new argument: -f configfile
the changes needed to use the new configuration are local to main.c for now. While the configuration could be passed directly to netproc(), keyproc() etc, the diff is smaller this way.
This also removes the multidir (-m) mode for now - specify different paths in each domain {} block instead.
ok florian
|
#
1.14 |
|
18-Sep-2016 |
benno |
add a config file parser to acme-client (unused at the moment, so that it can be worked on in the tree). ok florian@ deraadt@
|
#
1.13 |
|
13-Sep-2016 |
deraadt |
A small amount more KNF to make this easier on our eyes. Not going further than this. ok florian
|
#
1.12 |
|
13-Sep-2016 |
deraadt |
hoist local variable initialization directly into the definitions, rather than doing it right afterwards. ok florian
|
#
1.11 |
|
13-Sep-2016 |
deraadt |
Inconsistant use of case (value): idiom drives me nuts, I have no idea what purpose it was intended to serve.
|
#
1.10 |
|
01-Sep-2016 |
florian |
update usage(); pointed out by jmc@
|
#
1.9 |
|
01-Sep-2016 |
florian |
Implement table driven selection to which ACME authorities we can talk. Suggest by and OK deraadt, OK benno.
(Later on deraadt and benno discussed if this should be handled with a config file. This seems to be good enough for now. We can do a config file later.)
|
#
1.8 |
|
01-Sep-2016 |
florian |
we don't have config.h
|
#
1.7 |
|
01-Sep-2016 |
deraadt |
line wrap usage
|
#
1.6 |
|
01-Sep-2016 |
deraadt |
Collapse krazy abstractions for other sandbox models, using chroot and pledge directly as needed. ok florian
|
#
1.5 |
|
01-Sep-2016 |
benno |
knf
|
#
1.4 |
|
31-Aug-2016 |
benno |
whitespace
|
#
1.3 |
|
31-Aug-2016 |
deraadt |
revoke -> revocate, to avoid alias ok florian
|
#
1.2 |
|
31-Aug-2016 |
florian |
store files in directories called acme
|
#
1.1 |
|
31-Aug-2016 |
florian |
Import Kristaps' letskencrypt and call it acme-client in tree. OK to get it in deraadt@ (and probably beck@)
At least deraadt@, beck@ and otto@ are fine with the name and the disagreements stopped.
|
#
1.48 |
|
12-Jun-2019 |
gilles |
use acme-client to sign certificated with ecdsa keys
diff from Renaud Allard <renaud@allard.it>, ok to get in from florian@
|
#
1.47 |
|
08-Jun-2019 |
florian |
Remove A and D flag, they are superfluous. One could always use them on the command line and acme-client would do the right thing.
|
#
1.46 |
|
07-Jun-2019 |
florian |
Implement RFC 8555 "Automatic Certificate Management Environment (ACME)" to be able to talk to the v02 Let's Encrypt API.
With this acme-client(1) will no longer be able to talk to the v01 API. Users must change the api url in /etc/acme-client.conf to https://acme-v02.api.letsencrypt.org/directory Existing accounts (and certs of course) stay valid and after the url change acme-client will be able to renew certs.
Tested by Renaud Allard and benno Input & OK benno
|
Revision tags: OPENBSD_6_5_BASE
|
#
1.45 |
|
09-Mar-2019 |
benno |
remove free() before exit() from main(), in ongoing work to make things more readable. otto notes that free() does some checks, but in this case readability is better than complete cleanup. ok florian@ deraadt@
|
#
1.44 |
|
09-Mar-2019 |
benno |
use temporary strings for calls to basename(), because it may change the contents of its argument (on other platforms). Also strdup() the result, because basename returns a pointer to static memory. ok florian@
|
#
1.43 |
|
08-Mar-2019 |
benno |
fix dirname usage in acme-client: dirname() can modify its argument (it does not on OpenBSD) so we need to us a copy of the string. In addition, copy the result of dirname() as well, because it's static storage and if we call dirname() again it will be overwritten. Original problem noted and fix suggested by Wolf (wolf AT wolfsden DOT cz) ok florian@
|
#
1.42 |
|
29-Jan-2019 |
benno |
add an extra check for existing "api ..." line in the config. move the check of existing "account ..." line from main.c to the parser. ok deraadt@
|
Revision tags: OPENBSD_6_4_BASE
|
#
1.41 |
|
30-Jul-2018 |
benno |
cleanup initialization of chngdir. inspired by Ross L Richardson. ok tb@
|
#
1.40 |
|
30-Jul-2018 |
benno |
replace exit() with return(), from Ross L Richardson. ok tb@ (previous 3 commits to main.c as well)
|
#
1.39 |
|
30-Jul-2018 |
benno |
replace warn() + exit() with err() From Ross L Richardson.
|
#
1.38 |
|
30-Jul-2018 |
benno |
line too long and whitespace. From Ross L Richardson.
|
#
1.37 |
|
30-Jul-2018 |
benno |
reorder option parsing to be alphabetical/same order as usage and manpage. From Ross L Richardson.
|
Revision tags: OPENBSD_6_3_BASE
|
#
1.36 |
|
27-Nov-2017 |
florian |
Deprecate agreement url config option and get the information from the directory call. This way we don't need to update the acme-client.conf file every time it changes. Still parse the option, ignore and warn about it for a release. Sysmerge should be able to handle the removal. "nice" deraadt@ OK benno
|
Revision tags: OPENBSD_6_2_BASE
|
#
1.35 |
|
27-May-2017 |
florian |
Use basename(3) instead of hand rolling it. Gets rid of double slashes, pointed out by Raf Czlonka (rczlonka at gmail), thanks!
OK benno
|
Revision tags: OPENBSD_6_1_BASE
|
#
1.34 |
|
23-Mar-2017 |
florian |
pull root check up, the parser will bomb out anyway OK benno
|
#
1.33 |
|
24-Jan-2017 |
jsing |
Make returns consistent and remove parentheses per style(9).
Transformed with coccinelle.
Requested by and ok tb@
|
#
1.32 |
|
24-Jan-2017 |
deraadt |
Complete jsing's coccinelle cleanup... by hand ok jsing
|
#
1.31 |
|
24-Jan-2017 |
deraadt |
errx() does not need extra newline
|
#
1.30 |
|
24-Jan-2017 |
jsing |
Replace comparisons between a constant or enum and an expression, with a comparison between the expression and the constant or enum. This significantly improves readability.
Transformed with coccinelle.
Requested by deraadt@
|
#
1.29 |
|
21-Jan-2017 |
jmc |
tweak previous;
|
#
1.28 |
|
21-Jan-2017 |
benno |
move config data structures mostly to TAILQs, because that way we preserve order.
ok florian@
|
#
1.27 |
|
21-Jan-2017 |
florian |
it is ok to only specify a full chain certificate OK benno
|
#
1.26 |
|
21-Jan-2017 |
benno |
add option 'domain full chain certificate "path"', revokation works, the fullchain file will be unlinked.
ok florian
|
#
1.25 |
|
21-Jan-2017 |
florian |
Implement domain chain certificate. OK benno
|
#
1.24 |
|
21-Jan-2017 |
florian |
Split certificate file from config file into certdir and certfile. This way we can still chroot to certdir but the the certificate file is not fixed to "cert.pem".
Writing of chain.pem and fullchain.pem is currently broken with this.
OK benno
|
#
1.23 |
|
21-Jan-2017 |
florian |
Remove backup option. This is not acme-client's business; also it gets in the way. OK benno
|
#
1.22 |
|
21-Jan-2017 |
florian |
We are only dealing with one domain on the command line OK benno
|
#
1.21 |
|
21-Jan-2017 |
florian |
typo; ok benno
|
#
1.20 |
|
21-Jan-2017 |
florian |
typo; ok benno
|
#
1.19 |
|
21-Jan-2017 |
benno |
acme-client use configuration file [5 of 5] implement new -n option to check and print configuration
ok florian
|
#
1.18 |
|
21-Jan-2017 |
benno |
acme-client use configuration file [4 of 5]
fix getopt()
ok florian
|
#
1.17 |
|
21-Jan-2017 |
benno |
acme-client use configuration file [3 of 5]
change command line options:
n -> A new Account key N -> D new Domain key
With this acme-client has these main usage patterns:
* create new Account Key and Domain Key and get a certificate:
acme-client -A -D www.example.com
* renew certificate:
acme-client www.example.com
* revoke certificate:
acme-client -r www.example.com
ok florian
|
#
1.16 |
|
21-Jan-2017 |
benno |
acme-client use configuration file [2 of 5]
- add challengedir option to config file - remove -C option from command line
ok florian
|
#
1.15 |
|
21-Jan-2017 |
benno |
acme-client use configuration file [1 of 5]
start using the configuration file and delete command line arguments:
-a agreement -> agreement url ... -c certdir -> domain certificate "path" -f accountkey -> account key "path" -k domainkey -> domain key "path" -s authority -> sign with "name"
new argument: -f configfile
the changes needed to use the new configuration are local to main.c for now. While the configuration could be passed directly to netproc(), keyproc() etc, the diff is smaller this way.
This also removes the multidir (-m) mode for now - specify different paths in each domain {} block instead.
ok florian
|
#
1.14 |
|
18-Sep-2016 |
benno |
add a config file parser to acme-client (unused at the moment, so that it can be worked on in the tree). ok florian@ deraadt@
|
#
1.13 |
|
13-Sep-2016 |
deraadt |
A small amount more KNF to make this easier on our eyes. Not going further than this. ok florian
|
#
1.12 |
|
13-Sep-2016 |
deraadt |
hoist local variable initialization directly into the definitions, rather than doing it right afterwards. ok florian
|
#
1.11 |
|
13-Sep-2016 |
deraadt |
Inconsistant use of case (value): idiom drives me nuts, I have no idea what purpose it was intended to serve.
|
#
1.10 |
|
01-Sep-2016 |
florian |
update usage(); pointed out by jmc@
|
#
1.9 |
|
01-Sep-2016 |
florian |
Implement table driven selection to which ACME authorities we can talk. Suggest by and OK deraadt, OK benno.
(Later on deraadt and benno discussed if this should be handled with a config file. This seems to be good enough for now. We can do a config file later.)
|
#
1.8 |
|
01-Sep-2016 |
florian |
we don't have config.h
|
#
1.7 |
|
01-Sep-2016 |
deraadt |
line wrap usage
|
#
1.6 |
|
01-Sep-2016 |
deraadt |
Collapse krazy abstractions for other sandbox models, using chroot and pledge directly as needed. ok florian
|
#
1.5 |
|
01-Sep-2016 |
benno |
knf
|
#
1.4 |
|
31-Aug-2016 |
benno |
whitespace
|
#
1.3 |
|
31-Aug-2016 |
deraadt |
revoke -> revocate, to avoid alias ok florian
|
#
1.2 |
|
31-Aug-2016 |
florian |
store files in directories called acme
|
#
1.1 |
|
31-Aug-2016 |
florian |
Import Kristaps' letskencrypt and call it acme-client in tree. OK to get it in deraadt@ (and probably beck@)
At least deraadt@, beck@ and otto@ are fine with the name and the disagreements stopped.
|
#
1.47 |
|
08-Jun-2019 |
florian |
Remove A and D flag, they are superfluous. One could always use them on the command line and acme-client would do the right thing.
|
#
1.46 |
|
07-Jun-2019 |
florian |
Implement RFC 8555 "Automatic Certificate Management Environment (ACME)" to be able to talk to the v02 Let's Encrypt API.
With this acme-client(1) will no longer be able to talk to the v01 API. Users must change the api url in /etc/acme-client.conf to https://acme-v02.api.letsencrypt.org/directory Existing accounts (and certs of course) stay valid and after the url change acme-client will be able to renew certs.
Tested by Renaud Allard and benno Input & OK benno
|
Revision tags: OPENBSD_6_5_BASE
|
#
1.45 |
|
09-Mar-2019 |
benno |
remove free() before exit() from main(), in ongoing work to make things more readable. otto notes that free() does some checks, but in this case readability is better than complete cleanup. ok florian@ deraadt@
|
#
1.44 |
|
09-Mar-2019 |
benno |
use temporary strings for calls to basename(), because it may change the contents of its argument (on other platforms). Also strdup() the result, because basename returns a pointer to static memory. ok florian@
|
#
1.43 |
|
08-Mar-2019 |
benno |
fix dirname usage in acme-client: dirname() can modify its argument (it does not on OpenBSD) so we need to us a copy of the string. In addition, copy the result of dirname() as well, because it's static storage and if we call dirname() again it will be overwritten. Original problem noted and fix suggested by Wolf (wolf AT wolfsden DOT cz) ok florian@
|
#
1.42 |
|
29-Jan-2019 |
benno |
add an extra check for existing "api ..." line in the config. move the check of existing "account ..." line from main.c to the parser. ok deraadt@
|
Revision tags: OPENBSD_6_4_BASE
|
#
1.41 |
|
30-Jul-2018 |
benno |
cleanup initialization of chngdir. inspired by Ross L Richardson. ok tb@
|
#
1.40 |
|
30-Jul-2018 |
benno |
replace exit() with return(), from Ross L Richardson. ok tb@ (previous 3 commits to main.c as well)
|
#
1.39 |
|
30-Jul-2018 |
benno |
replace warn() + exit() with err() From Ross L Richardson.
|
#
1.38 |
|
30-Jul-2018 |
benno |
line too long and whitespace. From Ross L Richardson.
|
#
1.37 |
|
30-Jul-2018 |
benno |
reorder option parsing to be alphabetical/same order as usage and manpage. From Ross L Richardson.
|
Revision tags: OPENBSD_6_3_BASE
|
#
1.36 |
|
27-Nov-2017 |
florian |
Deprecate agreement url config option and get the information from the directory call. This way we don't need to update the acme-client.conf file every time it changes. Still parse the option, ignore and warn about it for a release. Sysmerge should be able to handle the removal. "nice" deraadt@ OK benno
|
Revision tags: OPENBSD_6_2_BASE
|
#
1.35 |
|
27-May-2017 |
florian |
Use basename(3) instead of hand rolling it. Gets rid of double slashes, pointed out by Raf Czlonka (rczlonka at gmail), thanks!
OK benno
|
Revision tags: OPENBSD_6_1_BASE
|
#
1.34 |
|
23-Mar-2017 |
florian |
pull root check up, the parser will bomb out anyway OK benno
|
#
1.33 |
|
24-Jan-2017 |
jsing |
Make returns consistent and remove parentheses per style(9).
Transformed with coccinelle.
Requested by and ok tb@
|
#
1.32 |
|
24-Jan-2017 |
deraadt |
Complete jsing's coccinelle cleanup... by hand ok jsing
|
#
1.31 |
|
24-Jan-2017 |
deraadt |
errx() does not need extra newline
|
#
1.30 |
|
24-Jan-2017 |
jsing |
Replace comparisons between a constant or enum and an expression, with a comparison between the expression and the constant or enum. This significantly improves readability.
Transformed with coccinelle.
Requested by deraadt@
|
#
1.29 |
|
21-Jan-2017 |
jmc |
tweak previous;
|
#
1.28 |
|
21-Jan-2017 |
benno |
move config data structures mostly to TAILQs, because that way we preserve order.
ok florian@
|
#
1.27 |
|
21-Jan-2017 |
florian |
it is ok to only specify a full chain certificate OK benno
|
#
1.26 |
|
21-Jan-2017 |
benno |
add option 'domain full chain certificate "path"', revokation works, the fullchain file will be unlinked.
ok florian
|
#
1.25 |
|
21-Jan-2017 |
florian |
Implement domain chain certificate. OK benno
|
#
1.24 |
|
21-Jan-2017 |
florian |
Split certificate file from config file into certdir and certfile. This way we can still chroot to certdir but the the certificate file is not fixed to "cert.pem".
Writing of chain.pem and fullchain.pem is currently broken with this.
OK benno
|
#
1.23 |
|
21-Jan-2017 |
florian |
Remove backup option. This is not acme-client's business; also it gets in the way. OK benno
|
#
1.22 |
|
21-Jan-2017 |
florian |
We are only dealing with one domain on the command line OK benno
|
#
1.21 |
|
21-Jan-2017 |
florian |
typo; ok benno
|
#
1.20 |
|
21-Jan-2017 |
florian |
typo; ok benno
|
#
1.19 |
|
21-Jan-2017 |
benno |
acme-client use configuration file [5 of 5] implement new -n option to check and print configuration
ok florian
|
#
1.18 |
|
21-Jan-2017 |
benno |
acme-client use configuration file [4 of 5]
fix getopt()
ok florian
|
#
1.17 |
|
21-Jan-2017 |
benno |
acme-client use configuration file [3 of 5]
change command line options:
n -> A new Account key N -> D new Domain key
With this acme-client has these main usage patterns:
* create new Account Key and Domain Key and get a certificate:
acme-client -A -D www.example.com
* renew certificate:
acme-client www.example.com
* revoke certificate:
acme-client -r www.example.com
ok florian
|
#
1.16 |
|
21-Jan-2017 |
benno |
acme-client use configuration file [2 of 5]
- add challengedir option to config file - remove -C option from command line
ok florian
|
#
1.15 |
|
21-Jan-2017 |
benno |
acme-client use configuration file [1 of 5]
start using the configuration file and delete command line arguments:
-a agreement -> agreement url ... -c certdir -> domain certificate "path" -f accountkey -> account key "path" -k domainkey -> domain key "path" -s authority -> sign with "name"
new argument: -f configfile
the changes needed to use the new configuration are local to main.c for now. While the configuration could be passed directly to netproc(), keyproc() etc, the diff is smaller this way.
This also removes the multidir (-m) mode for now - specify different paths in each domain {} block instead.
ok florian
|
#
1.14 |
|
18-Sep-2016 |
benno |
add a config file parser to acme-client (unused at the moment, so that it can be worked on in the tree). ok florian@ deraadt@
|
#
1.13 |
|
13-Sep-2016 |
deraadt |
A small amount more KNF to make this easier on our eyes. Not going further than this. ok florian
|
#
1.12 |
|
13-Sep-2016 |
deraadt |
hoist local variable initialization directly into the definitions, rather than doing it right afterwards. ok florian
|
#
1.11 |
|
13-Sep-2016 |
deraadt |
Inconsistant use of case (value): idiom drives me nuts, I have no idea what purpose it was intended to serve.
|
#
1.10 |
|
01-Sep-2016 |
florian |
update usage(); pointed out by jmc@
|
#
1.9 |
|
01-Sep-2016 |
florian |
Implement table driven selection to which ACME authorities we can talk. Suggest by and OK deraadt, OK benno.
(Later on deraadt and benno discussed if this should be handled with a config file. This seems to be good enough for now. We can do a config file later.)
|
#
1.8 |
|
01-Sep-2016 |
florian |
we don't have config.h
|
#
1.7 |
|
01-Sep-2016 |
deraadt |
line wrap usage
|
#
1.6 |
|
01-Sep-2016 |
deraadt |
Collapse krazy abstractions for other sandbox models, using chroot and pledge directly as needed. ok florian
|
#
1.5 |
|
01-Sep-2016 |
benno |
knf
|
#
1.4 |
|
31-Aug-2016 |
benno |
whitespace
|
#
1.3 |
|
31-Aug-2016 |
deraadt |
revoke -> revocate, to avoid alias ok florian
|
#
1.2 |
|
31-Aug-2016 |
florian |
store files in directories called acme
|
#
1.1 |
|
31-Aug-2016 |
florian |
Import Kristaps' letskencrypt and call it acme-client in tree. OK to get it in deraadt@ (and probably beck@)
At least deraadt@, beck@ and otto@ are fine with the name and the disagreements stopped.
|
#
1.46 |
|
07-Jun-2019 |
florian |
Implement RFC 8555 "Automatic Certificate Management Environment (ACME)" to be able to talk to the v02 Let's Encrypt API.
With this acme-client(1) will no longer be able to talk to the v01 API. Users must change the api url in /etc/acme-client.conf to https://acme-v02.api.letsencrypt.org/directory Existing accounts (and certs of course) stay valid and after the url change acme-client will be able to renew certs.
Tested by Renaud Allard and benno Input & OK benno
|
Revision tags: OPENBSD_6_5_BASE
|
#
1.45 |
|
09-Mar-2019 |
benno |
remove free() before exit() from main(), in ongoing work to make things more readable. otto notes that free() does some checks, but in this case readability is better than complete cleanup. ok florian@ deraadt@
|
#
1.44 |
|
09-Mar-2019 |
benno |
use temporary strings for calls to basename(), because it may change the contents of its argument (on other platforms). Also strdup() the result, because basename returns a pointer to static memory. ok florian@
|
#
1.43 |
|
08-Mar-2019 |
benno |
fix dirname usage in acme-client: dirname() can modify its argument (it does not on OpenBSD) so we need to us a copy of the string. In addition, copy the result of dirname() as well, because it's static storage and if we call dirname() again it will be overwritten. Original problem noted and fix suggested by Wolf (wolf AT wolfsden DOT cz) ok florian@
|
#
1.42 |
|
29-Jan-2019 |
benno |
add an extra check for existing "api ..." line in the config. move the check of existing "account ..." line from main.c to the parser. ok deraadt@
|
Revision tags: OPENBSD_6_4_BASE
|
#
1.41 |
|
30-Jul-2018 |
benno |
cleanup initialization of chngdir. inspired by Ross L Richardson. ok tb@
|
#
1.40 |
|
30-Jul-2018 |
benno |
replace exit() with return(), from Ross L Richardson. ok tb@ (previous 3 commits to main.c as well)
|
#
1.39 |
|
30-Jul-2018 |
benno |
replace warn() + exit() with err() From Ross L Richardson.
|
#
1.38 |
|
30-Jul-2018 |
benno |
line too long and whitespace. From Ross L Richardson.
|
#
1.37 |
|
30-Jul-2018 |
benno |
reorder option parsing to be alphabetical/same order as usage and manpage. From Ross L Richardson.
|
Revision tags: OPENBSD_6_3_BASE
|
#
1.36 |
|
27-Nov-2017 |
florian |
Deprecate agreement url config option and get the information from the directory call. This way we don't need to update the acme-client.conf file every time it changes. Still parse the option, ignore and warn about it for a release. Sysmerge should be able to handle the removal. "nice" deraadt@ OK benno
|
Revision tags: OPENBSD_6_2_BASE
|
#
1.35 |
|
27-May-2017 |
florian |
Use basename(3) instead of hand rolling it. Gets rid of double slashes, pointed out by Raf Czlonka (rczlonka at gmail), thanks!
OK benno
|
Revision tags: OPENBSD_6_1_BASE
|
#
1.34 |
|
23-Mar-2017 |
florian |
pull root check up, the parser will bomb out anyway OK benno
|
#
1.33 |
|
24-Jan-2017 |
jsing |
Make returns consistent and remove parentheses per style(9).
Transformed with coccinelle.
Requested by and ok tb@
|
#
1.32 |
|
24-Jan-2017 |
deraadt |
Complete jsing's coccinelle cleanup... by hand ok jsing
|
#
1.31 |
|
24-Jan-2017 |
deraadt |
errx() does not need extra newline
|
#
1.30 |
|
24-Jan-2017 |
jsing |
Replace comparisons between a constant or enum and an expression, with a comparison between the expression and the constant or enum. This significantly improves readability.
Transformed with coccinelle.
Requested by deraadt@
|
#
1.29 |
|
21-Jan-2017 |
jmc |
tweak previous;
|
#
1.28 |
|
21-Jan-2017 |
benno |
move config data structures mostly to TAILQs, because that way we preserve order.
ok florian@
|
#
1.27 |
|
21-Jan-2017 |
florian |
it is ok to only specify a full chain certificate OK benno
|
#
1.26 |
|
21-Jan-2017 |
benno |
add option 'domain full chain certificate "path"', revokation works, the fullchain file will be unlinked.
ok florian
|
#
1.25 |
|
21-Jan-2017 |
florian |
Implement domain chain certificate. OK benno
|
#
1.24 |
|
21-Jan-2017 |
florian |
Split certificate file from config file into certdir and certfile. This way we can still chroot to certdir but the the certificate file is not fixed to "cert.pem".
Writing of chain.pem and fullchain.pem is currently broken with this.
OK benno
|
#
1.23 |
|
21-Jan-2017 |
florian |
Remove backup option. This is not acme-client's business; also it gets in the way. OK benno
|
#
1.22 |
|
21-Jan-2017 |
florian |
We are only dealing with one domain on the command line OK benno
|
#
1.21 |
|
21-Jan-2017 |
florian |
typo; ok benno
|
#
1.20 |
|
21-Jan-2017 |
florian |
typo; ok benno
|
#
1.19 |
|
21-Jan-2017 |
benno |
acme-client use configuration file [5 of 5] implement new -n option to check and print configuration
ok florian
|
#
1.18 |
|
21-Jan-2017 |
benno |
acme-client use configuration file [4 of 5]
fix getopt()
ok florian
|
#
1.17 |
|
21-Jan-2017 |
benno |
acme-client use configuration file [3 of 5]
change command line options:
n -> A new Account key N -> D new Domain key
With this acme-client has these main usage patterns:
* create new Account Key and Domain Key and get a certificate:
acme-client -A -D www.example.com
* renew certificate:
acme-client www.example.com
* revoke certificate:
acme-client -r www.example.com
ok florian
|
#
1.16 |
|
21-Jan-2017 |
benno |
acme-client use configuration file [2 of 5]
- add challengedir option to config file - remove -C option from command line
ok florian
|
#
1.15 |
|
21-Jan-2017 |
benno |
acme-client use configuration file [1 of 5]
start using the configuration file and delete command line arguments:
-a agreement -> agreement url ... -c certdir -> domain certificate "path" -f accountkey -> account key "path" -k domainkey -> domain key "path" -s authority -> sign with "name"
new argument: -f configfile
the changes needed to use the new configuration are local to main.c for now. While the configuration could be passed directly to netproc(), keyproc() etc, the diff is smaller this way.
This also removes the multidir (-m) mode for now - specify different paths in each domain {} block instead.
ok florian
|
#
1.14 |
|
18-Sep-2016 |
benno |
add a config file parser to acme-client (unused at the moment, so that it can be worked on in the tree). ok florian@ deraadt@
|
#
1.13 |
|
13-Sep-2016 |
deraadt |
A small amount more KNF to make this easier on our eyes. Not going further than this. ok florian
|
#
1.12 |
|
13-Sep-2016 |
deraadt |
hoist local variable initialization directly into the definitions, rather than doing it right afterwards. ok florian
|
#
1.11 |
|
13-Sep-2016 |
deraadt |
Inconsistant use of case (value): idiom drives me nuts, I have no idea what purpose it was intended to serve.
|
#
1.10 |
|
01-Sep-2016 |
florian |
update usage(); pointed out by jmc@
|
#
1.9 |
|
01-Sep-2016 |
florian |
Implement table driven selection to which ACME authorities we can talk. Suggest by and OK deraadt, OK benno.
(Later on deraadt and benno discussed if this should be handled with a config file. This seems to be good enough for now. We can do a config file later.)
|
#
1.8 |
|
01-Sep-2016 |
florian |
we don't have config.h
|
#
1.7 |
|
01-Sep-2016 |
deraadt |
line wrap usage
|
#
1.6 |
|
01-Sep-2016 |
deraadt |
Collapse krazy abstractions for other sandbox models, using chroot and pledge directly as needed. ok florian
|
#
1.5 |
|
01-Sep-2016 |
benno |
knf
|
#
1.4 |
|
31-Aug-2016 |
benno |
whitespace
|
#
1.3 |
|
31-Aug-2016 |
deraadt |
revoke -> revocate, to avoid alias ok florian
|
#
1.2 |
|
31-Aug-2016 |
florian |
store files in directories called acme
|
#
1.1 |
|
31-Aug-2016 |
florian |
Import Kristaps' letskencrypt and call it acme-client in tree. OK to get it in deraadt@ (and probably beck@)
At least deraadt@, beck@ and otto@ are fine with the name and the disagreements stopped.
|
#
1.45 |
|
09-Mar-2019 |
benno |
remove free() before exit() from main(), in ongoing work to make things more readable. otto notes that free() does some checks, but in this case readability is better than complete cleanup. ok florian@ deraadt@
|
#
1.44 |
|
09-Mar-2019 |
benno |
use temporary strings for calls to basename(), because it may change the contents of its argument (on other platforms). Also strdup() the result, because basename returns a pointer to static memory. ok florian@
|
#
1.43 |
|
08-Mar-2019 |
benno |
fix dirname usage in acme-client: dirname() can modify its argument (it does not on OpenBSD) so we need to us a copy of the string. In addition, copy the result of dirname() as well, because it's static storage and if we call dirname() again it will be overwritten. Original problem noted and fix suggested by Wolf (wolf AT wolfsden DOT cz) ok florian@
|
#
1.42 |
|
29-Jan-2019 |
benno |
add an extra check for existing "api ..." line in the config. move the check of existing "account ..." line from main.c to the parser. ok deraadt@
|
Revision tags: OPENBSD_6_4_BASE
|
#
1.41 |
|
30-Jul-2018 |
benno |
cleanup initialization of chngdir. inspired by Ross L Richardson. ok tb@
|
#
1.40 |
|
30-Jul-2018 |
benno |
replace exit() with return(), from Ross L Richardson. ok tb@ (previous 3 commits to main.c as well)
|
#
1.39 |
|
30-Jul-2018 |
benno |
replace warn() + exit() with err() From Ross L Richardson.
|
#
1.38 |
|
30-Jul-2018 |
benno |
line too long and whitespace. From Ross L Richardson.
|
#
1.37 |
|
30-Jul-2018 |
benno |
reorder option parsing to be alphabetical/same order as usage and manpage. From Ross L Richardson.
|
Revision tags: OPENBSD_6_3_BASE
|
#
1.36 |
|
27-Nov-2017 |
florian |
Deprecate agreement url config option and get the information from the directory call. This way we don't need to update the acme-client.conf file every time it changes. Still parse the option, ignore and warn about it for a release. Sysmerge should be able to handle the removal. "nice" deraadt@ OK benno
|
Revision tags: OPENBSD_6_2_BASE
|
#
1.35 |
|
27-May-2017 |
florian |
Use basename(3) instead of hand rolling it. Gets rid of double slashes, pointed out by Raf Czlonka (rczlonka at gmail), thanks!
OK benno
|
Revision tags: OPENBSD_6_1_BASE
|
#
1.34 |
|
23-Mar-2017 |
florian |
pull root check up, the parser will bomb out anyway OK benno
|
#
1.33 |
|
24-Jan-2017 |
jsing |
Make returns consistent and remove parentheses per style(9).
Transformed with coccinelle.
Requested by and ok tb@
|
#
1.32 |
|
24-Jan-2017 |
deraadt |
Complete jsing's coccinelle cleanup... by hand ok jsing
|
#
1.31 |
|
24-Jan-2017 |
deraadt |
errx() does not need extra newline
|
#
1.30 |
|
24-Jan-2017 |
jsing |
Replace comparisons between a constant or enum and an expression, with a comparison between the expression and the constant or enum. This significantly improves readability.
Transformed with coccinelle.
Requested by deraadt@
|
#
1.29 |
|
21-Jan-2017 |
jmc |
tweak previous;
|
#
1.28 |
|
21-Jan-2017 |
benno |
move config data structures mostly to TAILQs, because that way we preserve order.
ok florian@
|
#
1.27 |
|
21-Jan-2017 |
florian |
it is ok to only specify a full chain certificate OK benno
|
#
1.26 |
|
21-Jan-2017 |
benno |
add option 'domain full chain certificate "path"', revokation works, the fullchain file will be unlinked.
ok florian
|
#
1.25 |
|
21-Jan-2017 |
florian |
Implement domain chain certificate. OK benno
|
#
1.24 |
|
21-Jan-2017 |
florian |
Split certificate file from config file into certdir and certfile. This way we can still chroot to certdir but the the certificate file is not fixed to "cert.pem".
Writing of chain.pem and fullchain.pem is currently broken with this.
OK benno
|
#
1.23 |
|
21-Jan-2017 |
florian |
Remove backup option. This is not acme-client's business; also it gets in the way. OK benno
|
#
1.22 |
|
21-Jan-2017 |
florian |
We are only dealing with one domain on the command line OK benno
|
#
1.21 |
|
21-Jan-2017 |
florian |
typo; ok benno
|
#
1.20 |
|
21-Jan-2017 |
florian |
typo; ok benno
|
#
1.19 |
|
21-Jan-2017 |
benno |
acme-client use configuration file [5 of 5] implement new -n option to check and print configuration
ok florian
|
#
1.18 |
|
21-Jan-2017 |
benno |
acme-client use configuration file [4 of 5]
fix getopt()
ok florian
|
#
1.17 |
|
21-Jan-2017 |
benno |
acme-client use configuration file [3 of 5]
change command line options:
n -> A new Account key N -> D new Domain key
With this acme-client has these main usage patterns:
* create new Account Key and Domain Key and get a certificate:
acme-client -A -D www.example.com
* renew certificate:
acme-client www.example.com
* revoke certificate:
acme-client -r www.example.com
ok florian
|
#
1.16 |
|
21-Jan-2017 |
benno |
acme-client use configuration file [2 of 5]
- add challengedir option to config file - remove -C option from command line
ok florian
|
#
1.15 |
|
21-Jan-2017 |
benno |
acme-client use configuration file [1 of 5]
start using the configuration file and delete command line arguments:
-a agreement -> agreement url ... -c certdir -> domain certificate "path" -f accountkey -> account key "path" -k domainkey -> domain key "path" -s authority -> sign with "name"
new argument: -f configfile
the changes needed to use the new configuration are local to main.c for now. While the configuration could be passed directly to netproc(), keyproc() etc, the diff is smaller this way.
This also removes the multidir (-m) mode for now - specify different paths in each domain {} block instead.
ok florian
|
#
1.14 |
|
18-Sep-2016 |
benno |
add a config file parser to acme-client (unused at the moment, so that it can be worked on in the tree). ok florian@ deraadt@
|
#
1.13 |
|
13-Sep-2016 |
deraadt |
A small amount more KNF to make this easier on our eyes. Not going further than this. ok florian
|
#
1.12 |
|
13-Sep-2016 |
deraadt |
hoist local variable initialization directly into the definitions, rather than doing it right afterwards. ok florian
|
#
1.11 |
|
13-Sep-2016 |
deraadt |
Inconsistant use of case (value): idiom drives me nuts, I have no idea what purpose it was intended to serve.
|
#
1.10 |
|
01-Sep-2016 |
florian |
update usage(); pointed out by jmc@
|
#
1.9 |
|
01-Sep-2016 |
florian |
Implement table driven selection to which ACME authorities we can talk. Suggest by and OK deraadt, OK benno.
(Later on deraadt and benno discussed if this should be handled with a config file. This seems to be good enough for now. We can do a config file later.)
|
#
1.8 |
|
01-Sep-2016 |
florian |
we don't have config.h
|
#
1.7 |
|
01-Sep-2016 |
deraadt |
line wrap usage
|
#
1.6 |
|
01-Sep-2016 |
deraadt |
Collapse krazy abstractions for other sandbox models, using chroot and pledge directly as needed. ok florian
|
#
1.5 |
|
01-Sep-2016 |
benno |
knf
|
#
1.4 |
|
31-Aug-2016 |
benno |
whitespace
|
#
1.3 |
|
31-Aug-2016 |
deraadt |
revoke -> revocate, to avoid alias ok florian
|
#
1.2 |
|
31-Aug-2016 |
florian |
store files in directories called acme
|
#
1.1 |
|
31-Aug-2016 |
florian |
Import Kristaps' letskencrypt and call it acme-client in tree. OK to get it in deraadt@ (and probably beck@)
At least deraadt@, beck@ and otto@ are fine with the name and the disagreements stopped.
|
#
1.44 |
|
09-Mar-2019 |
benno |
use temporary strings for calls to basename(), because it may change the contents of its argument (on other platforms). Also strdup() the result, because basename returns a pointer to static memory. ok florian@
|
#
1.43 |
|
08-Mar-2019 |
benno |
fix dirname usage in acme-client: dirname() can modify its argument (it does not on OpenBSD) so we need to us a copy of the string. In addition, copy the result of dirname() as well, because it's static storage and if we call dirname() again it will be overwritten. Original problem noted and fix suggested by Wolf (wolf AT wolfsden DOT cz) ok florian@
|
#
1.42 |
|
29-Jan-2019 |
benno |
add an extra check for existing "api ..." line in the config. move the check of existing "account ..." line from main.c to the parser. ok deraadt@
|
Revision tags: OPENBSD_6_4_BASE
|
#
1.41 |
|
30-Jul-2018 |
benno |
cleanup initialization of chngdir. inspired by Ross L Richardson. ok tb@
|
#
1.40 |
|
30-Jul-2018 |
benno |
replace exit() with return(), from Ross L Richardson. ok tb@ (previous 3 commits to main.c as well)
|
#
1.39 |
|
30-Jul-2018 |
benno |
replace warn() + exit() with err() From Ross L Richardson.
|
#
1.38 |
|
30-Jul-2018 |
benno |
line too long and whitespace. From Ross L Richardson.
|
#
1.37 |
|
30-Jul-2018 |
benno |
reorder option parsing to be alphabetical/same order as usage and manpage. From Ross L Richardson.
|
Revision tags: OPENBSD_6_3_BASE
|
#
1.36 |
|
27-Nov-2017 |
florian |
Deprecate agreement url config option and get the information from the directory call. This way we don't need to update the acme-client.conf file every time it changes. Still parse the option, ignore and warn about it for a release. Sysmerge should be able to handle the removal. "nice" deraadt@ OK benno
|
Revision tags: OPENBSD_6_2_BASE
|
#
1.35 |
|
27-May-2017 |
florian |
Use basename(3) instead of hand rolling it. Gets rid of double slashes, pointed out by Raf Czlonka (rczlonka at gmail), thanks!
OK benno
|
Revision tags: OPENBSD_6_1_BASE
|
#
1.34 |
|
23-Mar-2017 |
florian |
pull root check up, the parser will bomb out anyway OK benno
|
#
1.33 |
|
24-Jan-2017 |
jsing |
Make returns consistent and remove parentheses per style(9).
Transformed with coccinelle.
Requested by and ok tb@
|
#
1.32 |
|
24-Jan-2017 |
deraadt |
Complete jsing's coccinelle cleanup... by hand ok jsing
|
#
1.31 |
|
24-Jan-2017 |
deraadt |
errx() does not need extra newline
|
#
1.30 |
|
24-Jan-2017 |
jsing |
Replace comparisons between a constant or enum and an expression, with a comparison between the expression and the constant or enum. This significantly improves readability.
Transformed with coccinelle.
Requested by deraadt@
|
#
1.29 |
|
21-Jan-2017 |
jmc |
tweak previous;
|
#
1.28 |
|
21-Jan-2017 |
benno |
move config data structures mostly to TAILQs, because that way we preserve order.
ok florian@
|
#
1.27 |
|
21-Jan-2017 |
florian |
it is ok to only specify a full chain certificate OK benno
|
#
1.26 |
|
21-Jan-2017 |
benno |
add option 'domain full chain certificate "path"', revokation works, the fullchain file will be unlinked.
ok florian
|
#
1.25 |
|
21-Jan-2017 |
florian |
Implement domain chain certificate. OK benno
|
#
1.24 |
|
21-Jan-2017 |
florian |
Split certificate file from config file into certdir and certfile. This way we can still chroot to certdir but the the certificate file is not fixed to "cert.pem".
Writing of chain.pem and fullchain.pem is currently broken with this.
OK benno
|
#
1.23 |
|
21-Jan-2017 |
florian |
Remove backup option. This is not acme-client's business; also it gets in the way. OK benno
|
#
1.22 |
|
21-Jan-2017 |
florian |
We are only dealing with one domain on the command line OK benno
|
#
1.21 |
|
21-Jan-2017 |
florian |
typo; ok benno
|
#
1.20 |
|
21-Jan-2017 |
florian |
typo; ok benno
|
#
1.19 |
|
21-Jan-2017 |
benno |
acme-client use configuration file [5 of 5] implement new -n option to check and print configuration
ok florian
|
#
1.18 |
|
21-Jan-2017 |
benno |
acme-client use configuration file [4 of 5]
fix getopt()
ok florian
|
#
1.17 |
|
21-Jan-2017 |
benno |
acme-client use configuration file [3 of 5]
change command line options:
n -> A new Account key N -> D new Domain key
With this acme-client has these main usage patterns:
* create new Account Key and Domain Key and get a certificate:
acme-client -A -D www.example.com
* renew certificate:
acme-client www.example.com
* revoke certificate:
acme-client -r www.example.com
ok florian
|
#
1.16 |
|
21-Jan-2017 |
benno |
acme-client use configuration file [2 of 5]
- add challengedir option to config file - remove -C option from command line
ok florian
|
#
1.15 |
|
21-Jan-2017 |
benno |
acme-client use configuration file [1 of 5]
start using the configuration file and delete command line arguments:
-a agreement -> agreement url ... -c certdir -> domain certificate "path" -f accountkey -> account key "path" -k domainkey -> domain key "path" -s authority -> sign with "name"
new argument: -f configfile
the changes needed to use the new configuration are local to main.c for now. While the configuration could be passed directly to netproc(), keyproc() etc, the diff is smaller this way.
This also removes the multidir (-m) mode for now - specify different paths in each domain {} block instead.
ok florian
|
#
1.14 |
|
18-Sep-2016 |
benno |
add a config file parser to acme-client (unused at the moment, so that it can be worked on in the tree). ok florian@ deraadt@
|
#
1.13 |
|
13-Sep-2016 |
deraadt |
A small amount more KNF to make this easier on our eyes. Not going further than this. ok florian
|
#
1.12 |
|
13-Sep-2016 |
deraadt |
hoist local variable initialization directly into the definitions, rather than doing it right afterwards. ok florian
|
#
1.11 |
|
13-Sep-2016 |
deraadt |
Inconsistant use of case (value): idiom drives me nuts, I have no idea what purpose it was intended to serve.
|
#
1.10 |
|
01-Sep-2016 |
florian |
update usage(); pointed out by jmc@
|
#
1.9 |
|
01-Sep-2016 |
florian |
Implement table driven selection to which ACME authorities we can talk. Suggest by and OK deraadt, OK benno.
(Later on deraadt and benno discussed if this should be handled with a config file. This seems to be good enough for now. We can do a config file later.)
|
#
1.8 |
|
01-Sep-2016 |
florian |
we don't have config.h
|
#
1.7 |
|
01-Sep-2016 |
deraadt |
line wrap usage
|
#
1.6 |
|
01-Sep-2016 |
deraadt |
Collapse krazy abstractions for other sandbox models, using chroot and pledge directly as needed. ok florian
|
#
1.5 |
|
01-Sep-2016 |
benno |
knf
|
#
1.4 |
|
31-Aug-2016 |
benno |
whitespace
|
#
1.3 |
|
31-Aug-2016 |
deraadt |
revoke -> revocate, to avoid alias ok florian
|
#
1.2 |
|
31-Aug-2016 |
florian |
store files in directories called acme
|
#
1.1 |
|
31-Aug-2016 |
florian |
Import Kristaps' letskencrypt and call it acme-client in tree. OK to get it in deraadt@ (and probably beck@)
At least deraadt@, beck@ and otto@ are fine with the name and the disagreements stopped.
|
#
1.42 |
|
29-Jan-2019 |
benno |
add an extra check for existing "api ..." line in the config. move the check of existing "account ..." line from main.c to the parser. ok deraadt@
|
Revision tags: OPENBSD_6_4_BASE
|
#
1.41 |
|
30-Jul-2018 |
benno |
cleanup initialization of chngdir. inspired by Ross L Richardson. ok tb@
|
#
1.40 |
|
30-Jul-2018 |
benno |
replace exit() with return(), from Ross L Richardson. ok tb@ (previous 3 commits to main.c as well)
|
#
1.39 |
|
30-Jul-2018 |
benno |
replace warn() + exit() with err() From Ross L Richardson.
|
#
1.38 |
|
30-Jul-2018 |
benno |
line too long and whitespace. From Ross L Richardson.
|
#
1.37 |
|
30-Jul-2018 |
benno |
reorder option parsing to be alphabetical/same order as usage and manpage. From Ross L Richardson.
|
Revision tags: OPENBSD_6_3_BASE
|
#
1.36 |
|
27-Nov-2017 |
florian |
Deprecate agreement url config option and get the information from the directory call. This way we don't need to update the acme-client.conf file every time it changes. Still parse the option, ignore and warn about it for a release. Sysmerge should be able to handle the removal. "nice" deraadt@ OK benno
|
Revision tags: OPENBSD_6_2_BASE
|
#
1.35 |
|
27-May-2017 |
florian |
Use basename(3) instead of hand rolling it. Gets rid of double slashes, pointed out by Raf Czlonka (rczlonka at gmail), thanks!
OK benno
|
Revision tags: OPENBSD_6_1_BASE
|
#
1.34 |
|
23-Mar-2017 |
florian |
pull root check up, the parser will bomb out anyway OK benno
|
#
1.33 |
|
24-Jan-2017 |
jsing |
Make returns consistent and remove parentheses per style(9).
Transformed with coccinelle.
Requested by and ok tb@
|
#
1.32 |
|
24-Jan-2017 |
deraadt |
Complete jsing's coccinelle cleanup... by hand ok jsing
|
#
1.31 |
|
24-Jan-2017 |
deraadt |
errx() does not need extra newline
|
#
1.30 |
|
24-Jan-2017 |
jsing |
Replace comparisons between a constant or enum and an expression, with a comparison between the expression and the constant or enum. This significantly improves readability.
Transformed with coccinelle.
Requested by deraadt@
|
#
1.29 |
|
21-Jan-2017 |
jmc |
tweak previous;
|
#
1.28 |
|
21-Jan-2017 |
benno |
move config data structures mostly to TAILQs, because that way we preserve order.
ok florian@
|
#
1.27 |
|
21-Jan-2017 |
florian |
it is ok to only specify a full chain certificate OK benno
|
#
1.26 |
|
21-Jan-2017 |
benno |
add option 'domain full chain certificate "path"', revokation works, the fullchain file will be unlinked.
ok florian
|
#
1.25 |
|
21-Jan-2017 |
florian |
Implement domain chain certificate. OK benno
|
#
1.24 |
|
21-Jan-2017 |
florian |
Split certificate file from config file into certdir and certfile. This way we can still chroot to certdir but the the certificate file is not fixed to "cert.pem".
Writing of chain.pem and fullchain.pem is currently broken with this.
OK benno
|
#
1.23 |
|
21-Jan-2017 |
florian |
Remove backup option. This is not acme-client's business; also it gets in the way. OK benno
|
#
1.22 |
|
21-Jan-2017 |
florian |
We are only dealing with one domain on the command line OK benno
|
#
1.21 |
|
21-Jan-2017 |
florian |
typo; ok benno
|
#
1.20 |
|
21-Jan-2017 |
florian |
typo; ok benno
|
#
1.19 |
|
21-Jan-2017 |
benno |
acme-client use configuration file [5 of 5] implement new -n option to check and print configuration
ok florian
|
#
1.18 |
|
21-Jan-2017 |
benno |
acme-client use configuration file [4 of 5]
fix getopt()
ok florian
|
#
1.17 |
|
21-Jan-2017 |
benno |
acme-client use configuration file [3 of 5]
change command line options:
n -> A new Account key N -> D new Domain key
With this acme-client has these main usage patterns:
* create new Account Key and Domain Key and get a certificate:
acme-client -A -D www.example.com
* renew certificate:
acme-client www.example.com
* revoke certificate:
acme-client -r www.example.com
ok florian
|
#
1.16 |
|
21-Jan-2017 |
benno |
acme-client use configuration file [2 of 5]
- add challengedir option to config file - remove -C option from command line
ok florian
|
#
1.15 |
|
21-Jan-2017 |
benno |
acme-client use configuration file [1 of 5]
start using the configuration file and delete command line arguments:
-a agreement -> agreement url ... -c certdir -> domain certificate "path" -f accountkey -> account key "path" -k domainkey -> domain key "path" -s authority -> sign with "name"
new argument: -f configfile
the changes needed to use the new configuration are local to main.c for now. While the configuration could be passed directly to netproc(), keyproc() etc, the diff is smaller this way.
This also removes the multidir (-m) mode for now - specify different paths in each domain {} block instead.
ok florian
|
#
1.14 |
|
18-Sep-2016 |
benno |
add a config file parser to acme-client (unused at the moment, so that it can be worked on in the tree). ok florian@ deraadt@
|
#
1.13 |
|
13-Sep-2016 |
deraadt |
A small amount more KNF to make this easier on our eyes. Not going further than this. ok florian
|
#
1.12 |
|
13-Sep-2016 |
deraadt |
hoist local variable initialization directly into the definitions, rather than doing it right afterwards. ok florian
|
#
1.11 |
|
13-Sep-2016 |
deraadt |
Inconsistant use of case (value): idiom drives me nuts, I have no idea what purpose it was intended to serve.
|
#
1.10 |
|
01-Sep-2016 |
florian |
update usage(); pointed out by jmc@
|
#
1.9 |
|
01-Sep-2016 |
florian |
Implement table driven selection to which ACME authorities we can talk. Suggest by and OK deraadt, OK benno.
(Later on deraadt and benno discussed if this should be handled with a config file. This seems to be good enough for now. We can do a config file later.)
|
#
1.8 |
|
01-Sep-2016 |
florian |
we don't have config.h
|
#
1.7 |
|
01-Sep-2016 |
deraadt |
line wrap usage
|
#
1.6 |
|
01-Sep-2016 |
deraadt |
Collapse krazy abstractions for other sandbox models, using chroot and pledge directly as needed. ok florian
|
#
1.5 |
|
01-Sep-2016 |
benno |
knf
|
#
1.4 |
|
31-Aug-2016 |
benno |
whitespace
|
#
1.3 |
|
31-Aug-2016 |
deraadt |
revoke -> revocate, to avoid alias ok florian
|
#
1.2 |
|
31-Aug-2016 |
florian |
store files in directories called acme
|
#
1.1 |
|
31-Aug-2016 |
florian |
Import Kristaps' letskencrypt and call it acme-client in tree. OK to get it in deraadt@ (and probably beck@)
At least deraadt@, beck@ and otto@ are fine with the name and the disagreements stopped.
|
#
1.41 |
|
30-Jul-2018 |
benno |
cleanup initialization of chngdir. inspired by Ross L Richardson. ok tb@
|
#
1.40 |
|
30-Jul-2018 |
benno |
replace exit() with return(), from Ross L Richardson. ok tb@ (previous 3 commits to main.c as well)
|
#
1.39 |
|
30-Jul-2018 |
benno |
replace warn() + exit() with err() From Ross L Richardson.
|
#
1.38 |
|
30-Jul-2018 |
benno |
line too long and whitespace. From Ross L Richardson.
|
#
1.37 |
|
30-Jul-2018 |
benno |
reorder option parsing to be alphabetical/same order as usage and manpage. From Ross L Richardson.
|
Revision tags: OPENBSD_6_3_BASE
|
#
1.36 |
|
27-Nov-2017 |
florian |
Deprecate agreement url config option and get the information from the directory call. This way we don't need to update the acme-client.conf file every time it changes. Still parse the option, ignore and warn about it for a release. Sysmerge should be able to handle the removal. "nice" deraadt@ OK benno
|
Revision tags: OPENBSD_6_2_BASE
|
#
1.35 |
|
27-May-2017 |
florian |
Use basename(3) instead of hand rolling it. Gets rid of double slashes, pointed out by Raf Czlonka (rczlonka at gmail), thanks!
OK benno
|
Revision tags: OPENBSD_6_1_BASE
|
#
1.34 |
|
23-Mar-2017 |
florian |
pull root check up, the parser will bomb out anyway OK benno
|
#
1.33 |
|
24-Jan-2017 |
jsing |
Make returns consistent and remove parentheses per style(9).
Transformed with coccinelle.
Requested by and ok tb@
|
#
1.32 |
|
24-Jan-2017 |
deraadt |
Complete jsing's coccinelle cleanup... by hand ok jsing
|
#
1.31 |
|
24-Jan-2017 |
deraadt |
errx() does not need extra newline
|
#
1.30 |
|
24-Jan-2017 |
jsing |
Replace comparisons between a constant or enum and an expression, with a comparison between the expression and the constant or enum. This significantly improves readability.
Transformed with coccinelle.
Requested by deraadt@
|
#
1.29 |
|
21-Jan-2017 |
jmc |
tweak previous;
|
#
1.28 |
|
21-Jan-2017 |
benno |
move config data structures mostly to TAILQs, because that way we preserve order.
ok florian@
|
#
1.27 |
|
21-Jan-2017 |
florian |
it is ok to only specify a full chain certificate OK benno
|
#
1.26 |
|
21-Jan-2017 |
benno |
add option 'domain full chain certificate "path"', revokation works, the fullchain file will be unlinked.
ok florian
|
#
1.25 |
|
21-Jan-2017 |
florian |
Implement domain chain certificate. OK benno
|
#
1.24 |
|
21-Jan-2017 |
florian |
Split certificate file from config file into certdir and certfile. This way we can still chroot to certdir but the the certificate file is not fixed to "cert.pem".
Writing of chain.pem and fullchain.pem is currently broken with this.
OK benno
|
#
1.23 |
|
21-Jan-2017 |
florian |
Remove backup option. This is not acme-client's business; also it gets in the way. OK benno
|
#
1.22 |
|
21-Jan-2017 |
florian |
We are only dealing with one domain on the command line OK benno
|
#
1.21 |
|
21-Jan-2017 |
florian |
typo; ok benno
|
#
1.20 |
|
21-Jan-2017 |
florian |
typo; ok benno
|
#
1.19 |
|
21-Jan-2017 |
benno |
acme-client use configuration file [5 of 5] implement new -n option to check and print configuration
ok florian
|
#
1.18 |
|
21-Jan-2017 |
benno |
acme-client use configuration file [4 of 5]
fix getopt()
ok florian
|
#
1.17 |
|
21-Jan-2017 |
benno |
acme-client use configuration file [3 of 5]
change command line options:
n -> A new Account key N -> D new Domain key
With this acme-client has these main usage patterns:
* create new Account Key and Domain Key and get a certificate:
acme-client -A -D www.example.com
* renew certificate:
acme-client www.example.com
* revoke certificate:
acme-client -r www.example.com
ok florian
|
#
1.16 |
|
21-Jan-2017 |
benno |
acme-client use configuration file [2 of 5]
- add challengedir option to config file - remove -C option from command line
ok florian
|
#
1.15 |
|
21-Jan-2017 |
benno |
acme-client use configuration file [1 of 5]
start using the configuration file and delete command line arguments:
-a agreement -> agreement url ... -c certdir -> domain certificate "path" -f accountkey -> account key "path" -k domainkey -> domain key "path" -s authority -> sign with "name"
new argument: -f configfile
the changes needed to use the new configuration are local to main.c for now. While the configuration could be passed directly to netproc(), keyproc() etc, the diff is smaller this way.
This also removes the multidir (-m) mode for now - specify different paths in each domain {} block instead.
ok florian
|
#
1.14 |
|
18-Sep-2016 |
benno |
add a config file parser to acme-client (unused at the moment, so that it can be worked on in the tree). ok florian@ deraadt@
|
#
1.13 |
|
13-Sep-2016 |
deraadt |
A small amount more KNF to make this easier on our eyes. Not going further than this. ok florian
|
#
1.12 |
|
13-Sep-2016 |
deraadt |
hoist local variable initialization directly into the definitions, rather than doing it right afterwards. ok florian
|
#
1.11 |
|
13-Sep-2016 |
deraadt |
Inconsistant use of case (value): idiom drives me nuts, I have no idea what purpose it was intended to serve.
|
#
1.10 |
|
01-Sep-2016 |
florian |
update usage(); pointed out by jmc@
|
#
1.9 |
|
01-Sep-2016 |
florian |
Implement table driven selection to which ACME authorities we can talk. Suggest by and OK deraadt, OK benno.
(Later on deraadt and benno discussed if this should be handled with a config file. This seems to be good enough for now. We can do a config file later.)
|
#
1.8 |
|
01-Sep-2016 |
florian |
we don't have config.h
|
#
1.7 |
|
01-Sep-2016 |
deraadt |
line wrap usage
|
#
1.6 |
|
01-Sep-2016 |
deraadt |
Collapse krazy abstractions for other sandbox models, using chroot and pledge directly as needed. ok florian
|
#
1.5 |
|
01-Sep-2016 |
benno |
knf
|
#
1.4 |
|
31-Aug-2016 |
benno |
whitespace
|
#
1.3 |
|
31-Aug-2016 |
deraadt |
revoke -> revocate, to avoid alias ok florian
|
#
1.2 |
|
31-Aug-2016 |
florian |
store files in directories called acme
|
#
1.1 |
|
31-Aug-2016 |
florian |
Import Kristaps' letskencrypt and call it acme-client in tree. OK to get it in deraadt@ (and probably beck@)
At least deraadt@, beck@ and otto@ are fine with the name and the disagreements stopped.
|
#
1.36 |
|
27-Nov-2017 |
florian |
Deprecate agreement url config option and get the information from the directory call. This way we don't need to update the acme-client.conf file every time it changes. Still parse the option, ignore and warn about it for a release. Sysmerge should be able to handle the removal. "nice" deraadt@ OK benno
|
Revision tags: OPENBSD_6_2_BASE
|
#
1.35 |
|
27-May-2017 |
florian |
Use basename(3) instead of hand rolling it. Gets rid of double slashes, pointed out by Raf Czlonka (rczlonka at gmail), thanks!
OK benno
|
Revision tags: OPENBSD_6_1_BASE
|
#
1.34 |
|
23-Mar-2017 |
florian |
pull root check up, the parser will bomb out anyway OK benno
|
#
1.33 |
|
24-Jan-2017 |
jsing |
Make returns consistent and remove parentheses per style(9).
Transformed with coccinelle.
Requested by and ok tb@
|
#
1.32 |
|
24-Jan-2017 |
deraadt |
Complete jsing's coccinelle cleanup... by hand ok jsing
|
#
1.31 |
|
24-Jan-2017 |
deraadt |
errx() does not need extra newline
|
#
1.30 |
|
24-Jan-2017 |
jsing |
Replace comparisons between a constant or enum and an expression, with a comparison between the expression and the constant or enum. This significantly improves readability.
Transformed with coccinelle.
Requested by deraadt@
|
#
1.29 |
|
21-Jan-2017 |
jmc |
tweak previous;
|
#
1.28 |
|
21-Jan-2017 |
benno |
move config data structures mostly to TAILQs, because that way we preserve order.
ok florian@
|
#
1.27 |
|
21-Jan-2017 |
florian |
it is ok to only specify a full chain certificate OK benno
|
#
1.26 |
|
21-Jan-2017 |
benno |
add option 'domain full chain certificate "path"', revokation works, the fullchain file will be unlinked.
ok florian
|
#
1.25 |
|
21-Jan-2017 |
florian |
Implement domain chain certificate. OK benno
|
#
1.24 |
|
21-Jan-2017 |
florian |
Split certificate file from config file into certdir and certfile. This way we can still chroot to certdir but the the certificate file is not fixed to "cert.pem".
Writing of chain.pem and fullchain.pem is currently broken with this.
OK benno
|
#
1.23 |
|
21-Jan-2017 |
florian |
Remove backup option. This is not acme-client's business; also it gets in the way. OK benno
|
#
1.22 |
|
21-Jan-2017 |
florian |
We are only dealing with one domain on the command line OK benno
|
#
1.21 |
|
21-Jan-2017 |
florian |
typo; ok benno
|
#
1.20 |
|
21-Jan-2017 |
florian |
typo; ok benno
|
#
1.19 |
|
21-Jan-2017 |
benno |
acme-client use configuration file [5 of 5] implement new -n option to check and print configuration
ok florian
|
#
1.18 |
|
21-Jan-2017 |
benno |
acme-client use configuration file [4 of 5]
fix getopt()
ok florian
|
#
1.17 |
|
21-Jan-2017 |
benno |
acme-client use configuration file [3 of 5]
change command line options:
n -> A new Account key N -> D new Domain key
With this acme-client has these main usage patterns:
* create new Account Key and Domain Key and get a certificate:
acme-client -A -D www.example.com
* renew certificate:
acme-client www.example.com
* revoke certificate:
acme-client -r www.example.com
ok florian
|
#
1.16 |
|
21-Jan-2017 |
benno |
acme-client use configuration file [2 of 5]
- add challengedir option to config file - remove -C option from command line
ok florian
|
#
1.15 |
|
21-Jan-2017 |
benno |
acme-client use configuration file [1 of 5]
start using the configuration file and delete command line arguments:
-a agreement -> agreement url ... -c certdir -> domain certificate "path" -f accountkey -> account key "path" -k domainkey -> domain key "path" -s authority -> sign with "name"
new argument: -f configfile
the changes needed to use the new configuration are local to main.c for now. While the configuration could be passed directly to netproc(), keyproc() etc, the diff is smaller this way.
This also removes the multidir (-m) mode for now - specify different paths in each domain {} block instead.
ok florian
|
#
1.14 |
|
18-Sep-2016 |
benno |
add a config file parser to acme-client (unused at the moment, so that it can be worked on in the tree). ok florian@ deraadt@
|
#
1.13 |
|
13-Sep-2016 |
deraadt |
A small amount more KNF to make this easier on our eyes. Not going further than this. ok florian
|
#
1.12 |
|
13-Sep-2016 |
deraadt |
hoist local variable initialization directly into the definitions, rather than doing it right afterwards. ok florian
|
#
1.11 |
|
13-Sep-2016 |
deraadt |
Inconsistant use of case (value): idiom drives me nuts, I have no idea what purpose it was intended to serve.
|
#
1.10 |
|
01-Sep-2016 |
florian |
update usage(); pointed out by jmc@
|
#
1.9 |
|
01-Sep-2016 |
florian |
Implement table driven selection to which ACME authorities we can talk. Suggest by and OK deraadt, OK benno.
(Later on deraadt and benno discussed if this should be handled with a config file. This seems to be good enough for now. We can do a config file later.)
|
#
1.8 |
|
01-Sep-2016 |
florian |
we don't have config.h
|
#
1.7 |
|
01-Sep-2016 |
deraadt |
line wrap usage
|
#
1.6 |
|
01-Sep-2016 |
deraadt |
Collapse krazy abstractions for other sandbox models, using chroot and pledge directly as needed. ok florian
|
#
1.5 |
|
01-Sep-2016 |
benno |
knf
|
#
1.4 |
|
31-Aug-2016 |
benno |
whitespace
|
#
1.3 |
|
31-Aug-2016 |
deraadt |
revoke -> revocate, to avoid alias ok florian
|
#
1.2 |
|
31-Aug-2016 |
florian |
store files in directories called acme
|
#
1.1 |
|
31-Aug-2016 |
florian |
Import Kristaps' letskencrypt and call it acme-client in tree. OK to get it in deraadt@ (and probably beck@)
At least deraadt@, beck@ and otto@ are fine with the name and the disagreements stopped.
|