![[BACK]](/icons/back.gif){kind=icon}
Up to [local] / src / usr.sbin / acme-client
Request diff between arbitrary revisions
Default branch: MAIN
Revision 1.32 / (download) - annotate - [select for diffs], Tue Aug 29 14:44:53 2023 UTC (9 months ago) by op
Branch: MAIN
CVS Tags: OPENBSD_7_5_BASE,
OPENBSD_7_5,
OPENBSD_7_4_BASE,
OPENBSD_7_4,
HEAD
Changes since 1.31: +1 -2 lines
Diff to previous 1.31 (colored)
acme-client: drop ecdsa.h, fix spacing and a typo in error message While here drop EC_KEY_set_asn1_flag(OPENSSL_EC_NAMED_CURVE). EC_KEY_new_by_curve_name() ends up calling EC_GROUP_new() which already sets the OPENSSL_EC_NAMED_CURVE flag on the group. (suggested by tb@) ok tb@
Revision 1.31 / (download) - annotate - [select for diffs], Mon Dec 19 11:16:52 2022 UTC (17 months, 1 week ago) by tb
Branch: MAIN
CVS Tags: OPENBSD_7_3_BASE,
OPENBSD_7_3
Changes since 1.30: +2 -2 lines
Diff to previous 1.30 (colored)
acme-client: fix copy-paste error in error message
Revision 1.30 / (download) - annotate - [select for diffs], Sun Dec 18 12:39:59 2022 UTC (17 months, 2 weeks ago) by tb
Branch: MAIN
Changes since 1.29: +6 -6 lines
Diff to previous 1.29 (colored)
acme-client: rename cc to sign_len in op_sign() requested by jsing
Revision 1.29 / (download) - annotate - [select for diffs], Sun Dec 18 12:35:26 2022 UTC (17 months, 2 weeks ago) by tb
Branch: MAIN
Changes since 1.28: +5 -3 lines
Diff to previous 1.28 (colored)
acme-client: fix openssl includes in acctproc.c We don't do PEM or random in here, but we use BN, EC, ECDSA, so include the relevant headers. errno.h was also missing.
Revision 1.28 / (download) - annotate - [select for diffs], Sun Dec 18 12:31:57 2022 UTC (17 months, 2 weeks ago) by tb
Branch: MAIN
Changes since 1.27: +7 -1 lines
Diff to previous 1.27 (colored)
acme-client: check EC signature length Make sure the size_t containing EC signature length is not truncated when passing it to d2i_ECDSA_SIG() as a long. This won't happen, but documents API quirks... requested by jsing
Revision 1.27 / (download) - annotate - [select for diffs], Sun Dec 18 12:27:58 2022 UTC (17 months, 2 weeks ago) by tb
Branch: MAIN
Changes since 1.26: +17 -24 lines
Diff to previous 1.26 (colored)
acme-client: simplify elliptic curve signatures
We can get the correct size of the signature using EVP_PKEY_bits() which
uses the order instead of the (strictly speaking incorrect) degree. Grab
the (r, s) out of the ECDSA signature with ECDSA_SIG_get0_{r,s}(), which
is a saner interface than EVP_SIG_get0(). Finally, do the zero padding
using BN_bn2binpad() which is simpler than the currently rather fiddly
solution.
ok jsing
Revision 1.26 / (download) - annotate - [select for diffs], Sun Dec 18 12:22:30 2022 UTC (17 months, 2 weeks ago) by tb
Branch: MAIN
Changes since 1.25: +18 -18 lines
Diff to previous 1.25 (colored)
acme-client: switch op_sign() to EVP_DigestSign() EVP_DigestSign() is a bit more ergonomic than the old EVP_Sign* family, it takes size_t instead of int and and it also allows allocating the memory needed instead of relying on some weird estimate. This again gets rid of a few stupid else if. ok jsing
Revision 1.25 / (download) - annotate - [select for diffs], Sun Dec 18 12:13:11 2022 UTC (17 months, 2 weeks ago) by tb
Branch: MAIN
Changes since 1.24: +9 -21 lines
Diff to previous 1.24 (colored)
acme-client: simplify op_thumbprint() We can EVP_Digest() into an array on the stack rather than doing a long dance and song with lots of ugly else if. ok jsing
Revision 1.24 / (download) - annotate - [select for diffs], Wed Dec 14 15:02:43 2022 UTC (17 months, 2 weeks ago) by tb
Branch: MAIN
Changes since 1.23: +2 -1 lines
Diff to previous 1.23 (colored)
Plug leak of ECDSA_SIG ok sthen
Revision 1.23 / (download) - annotate - [select for diffs], Fri Jan 14 09:20:18 2022 UTC (2 years, 4 months ago) by tb
Branch: MAIN
CVS Tags: OPENBSD_7_2_BASE,
OPENBSD_7_2,
OPENBSD_7_1_BASE,
OPENBSD_7_1
Changes since 1.22: +5 -5 lines
Diff to previous 1.22 (colored)
Fix acme-client build with opaque RSA
Revision 1.22 / (download) - annotate - [select for diffs], Thu Nov 18 17:26:43 2021 UTC (2 years, 6 months ago) by tb
Branch: MAIN
Changes since 1.21: +8 -8 lines
Diff to previous 1.21 (colored)
acme-client: use EVP_PKEY_base_id() In an upcoming libcrypto bump, EVP_PKEY will become opaque. In order to stop reaching inside EVP_PKEY, we must replace EVP_PKEY_type(pkey->type) with the equivalent EVP_PKEY_base_Id(pkey) in various places. ok florian
Revision 1.21 / (download) - annotate - [select for diffs], Thu May 13 07:10:57 2021 UTC (3 years ago) by tb
Branch: MAIN
CVS Tags: OPENBSD_7_0_BASE,
OPENBSD_7_0
Changes since 1.20: +5 -5 lines
Diff to previous 1.20 (colored)
acme-client: use EC_POINT_{get,set}_affine_cooordinates()
The versions with _GFp() suffix only exist for historical reasons.
Now that we have EC_POINT_{get,set}_affine_coordinates(), we should
stop using the old ones as they provide no benefit.
ok florian
Revision 1.20 / (download) - annotate - [select for diffs], Mon Jun 17 15:20:10 2019 UTC (4 years, 11 months ago) by tb
Branch: MAIN
CVS Tags: OPENBSD_6_9_BASE,
OPENBSD_6_9,
OPENBSD_6_8_BASE,
OPENBSD_6_8,
OPENBSD_6_7_BASE,
OPENBSD_6_7,
OPENBSD_6_6_BASE,
OPENBSD_6_6
Changes since 1.19: +2 -4 lines
Diff to previous 1.19 (colored)
One NULL-check before EVP_MD_CTX_free() was left in previous.
Revision 1.19 / (download) - annotate - [select for diffs], Mon Jun 17 15:03:34 2019 UTC (4 years, 11 months ago) by florian
Branch: MAIN
Changes since 1.18: +7 -9 lines
Diff to previous 1.18 (colored)
Use non-deprecated API; from Renaud Allard, thanks!
OK tb
Revision 1.18 / (download) - annotate - [select for diffs], Mon Jun 17 12:42:52 2019 UTC (4 years, 11 months ago) by florian
Branch: MAIN
Changes since 1.17: +177 -20 lines
Diff to previous 1.17 (colored)
Implement elliptic curve account keys.
OK benno
Input & OK tb
Revision 1.17 / (download) - annotate - [select for diffs], Mon Jun 17 08:59:33 2019 UTC (4 years, 11 months ago) by florian
Branch: MAIN
Changes since 1.16: +3 -3 lines
Diff to previous 1.16 (colored)
s/get1/get0/ in comments
Revision 1.16 / (download) - annotate - [select for diffs], Sun Jun 16 11:44:22 2019 UTC (4 years, 11 months ago) by florian
Branch: MAIN
Changes since 1.15: +3 -3 lines
Diff to previous 1.15 (colored)
Do not leak rsa keys; nobody is messing with the reference behind our
back so there is no need to get a copy.
Clue & probably OK tb
Revision 1.15 / (download) - annotate - [select for diffs], Wed Jun 12 11:09:25 2019 UTC (4 years, 11 months ago) by gilles
Branch: MAIN
Changes since 1.14: +5 -3 lines
Diff to previous 1.14 (colored)
use acme-client to sign certificated with ecdsa keys diff from Renaud Allard <renaud@allard.it>, ok to get in from florian@
Revision 1.14 / (download) - annotate - [select for diffs], Sat Jun 8 07:52:55 2019 UTC (4 years, 11 months ago) by florian
Branch: MAIN
Changes since 1.13: +7 -4 lines
Diff to previous 1.13 (colored)
Remove A and D flag, they are superfluous.
One could always use them on the command line and acme-client would do
the right thing.
Revision 1.13 / (download) - annotate - [select for diffs], Fri Jun 7 08:07:52 2019 UTC (4 years, 11 months ago) by florian
Branch: MAIN
Changes since 1.12: +33 -20 lines
Diff to previous 1.12 (colored)
Implement RFC 8555 "Automatic Certificate Management Environment (ACME)" to be able to talk to the v02 Let's Encrypt API. With this acme-client(1) will no longer be able to talk to the v01 API. Users must change the api url in /etc/acme-client.conf to https://acme-v02.api.letsencrypt.org/directory Existing accounts (and certs of course) stay valid and after the url change acme-client will be able to renew certs. Tested by Renaud Allard and benno Input & OK benno
Revision 1.12 / (download) - annotate - [select for diffs], Sat Jul 28 15:25:23 2018 UTC (5 years, 10 months ago) by tb
Branch: MAIN
CVS Tags: OPENBSD_6_5_BASE,
OPENBSD_6_5,
OPENBSD_6_4_BASE,
OPENBSD_6_4
Changes since 1.11: +2 -3 lines
Diff to previous 1.11 (colored)
Remove NULL checks before (most) libcrypto *_free() functions. From Ross L. Richardson, thanks! ok deraadt
Revision 1.11 / (download) - annotate - [select for diffs], Tue Jan 24 13:32:55 2017 UTC (7 years, 4 months ago) by jsing
Branch: MAIN
CVS Tags: OPENBSD_6_3_BASE,
OPENBSD_6_3,
OPENBSD_6_2_BASE,
OPENBSD_6_2,
OPENBSD_6_1_BASE,
OPENBSD_6_1
Changes since 1.10: +10 -10 lines
Diff to previous 1.10 (colored)
Make returns consistent and remove parentheses per style(9). Transformed with coccinelle. Requested by and ok tb@
Revision 1.10 / (download) - annotate - [select for diffs], Tue Jan 24 12:05:14 2017 UTC (7 years, 4 months ago) by jsing
Branch: MAIN
Changes since 1.9: +35 -35 lines
Diff to previous 1.9 (colored)
Replace comparisons between a constant or enum and an expression, with a comparison between the expression and the constant or enum. This significantly improves readability. Transformed with coccinelle. Requested by deraadt@
Revision 1.9 / (download) - annotate - [select for diffs], Tue Sep 13 17:13:37 2016 UTC (7 years, 8 months ago) by deraadt
Branch: MAIN
Changes since 1.8: +8 -8 lines
Diff to previous 1.8 (colored)
A small amount more KNF to make this easier on our eyes. Not going further than this. ok florian
Revision 1.8 / (download) - annotate - [select for diffs], Tue Sep 13 16:49:28 2016 UTC (7 years, 8 months ago) by deraadt
Branch: MAIN
Changes since 1.7: +19 -37 lines
Diff to previous 1.7 (colored)
hoist local variable initialization directly into the definitions, rather than doing it right afterwards. ok florian
Revision 1.7 / (download) - annotate - [select for diffs], Tue Sep 13 16:04:51 2016 UTC (7 years, 8 months ago) by deraadt
Branch: MAIN
Changes since 1.6: +3 -3 lines
Diff to previous 1.6 (colored)
Inconsistant use of case (value): idiom drives me nuts, I have no idea what purpose it was intended to serve.
Revision 1.6 / (download) - annotate - [select for diffs], Tue Sep 13 16:01:37 2016 UTC (7 years, 8 months ago) by deraadt
Branch: MAIN
Changes since 1.5: +1 -13 lines
Diff to previous 1.5 (colored)
RAND_status() and RAND_seed() are not needed, this is 2016.
Revision 1.5 / (download) - annotate - [select for diffs], Thu Sep 1 00:35:21 2016 UTC (7 years, 9 months ago) by florian
Branch: MAIN
Changes since 1.4: +1 -4 lines
Diff to previous 1.4 (colored)
we don't have config.h
Revision 1.4 / (download) - annotate - [select for diffs], Thu Sep 1 00:21:36 2016 UTC (7 years, 9 months ago) by deraadt
Branch: MAIN
Changes since 1.3: +4 -9 lines
Diff to previous 1.3 (colored)
Collapse krazy abstractions for other sandbox models, using chroot and pledge directly as needed. ok florian
Revision 1.3 / (download) - annotate - [select for diffs], Wed Aug 31 23:52:30 2016 UTC (7 years, 9 months ago) by benno
Branch: MAIN
Changes since 1.2: +11 -12 lines
Diff to previous 1.2 (colored)
whitespace
Revision 1.2 / (download) - annotate - [select for diffs], Wed Aug 31 22:42:19 2016 UTC (7 years, 9 months ago) by benno
Branch: MAIN
Changes since 1.1: +9 -9 lines
Diff to previous 1.1 (colored)
whitespace cleanup
Revision 1.1 / (download) - annotate - [select for diffs], Wed Aug 31 22:01:42 2016 UTC (7 years, 9 months ago) by florian
Branch: MAIN
Import Kristaps' letskencrypt and call it acme-client in tree. OK to get it in deraadt@ (and probably beck@) At least deraadt@, beck@ and otto@ are fine with the name and the disagreements stopped.