![[BACK]](/icons/back.gif){kind=icon}
Up to [local] / src / usr.sbin / acme-client
Request diff between arbitrary revisions
Default branch: MAIN
Revision 1.35 / (download) - annotate - [select for diffs], Sun Apr 28 10:09:25 2024 UTC (6 weeks ago) by tb
Branch: MAIN
CVS Tags: HEAD
Changes since 1.34: +2 -3 lines
Diff to previous 1.34 (colored)
Remove unused url from netproc() Leftover from when RFC 8555 support was added. ok florian
Revision 1.34 / (download) - annotate - [select for diffs], Sun Apr 28 08:29:56 2024 UTC (6 weeks ago) by florian
Branch: MAIN
Changes since 1.33: +6 -21 lines
Diff to previous 1.33 (colored)
Don't filter dangerous characters by hand when strvisx(3) is right there. segfault reported by sthen, which was most likely caused by buf_dump(). OK tb
Revision 1.33 / (download) - annotate - [select for diffs], Wed Dec 14 18:32:26 2022 UTC (17 months, 3 weeks ago) by florian
Branch: MAIN
CVS Tags: OPENBSD_7_5_BASE,
OPENBSD_7_5,
OPENBSD_7_4_BASE,
OPENBSD_7_4,
OPENBSD_7_3_BASE,
OPENBSD_7_3
Changes since 1.32: +4 -4 lines
Diff to previous 1.32 (colored)
The argument to ctype functions must be EOF or representable as an unsigned char. Casting to int is particularly useless because that's what the compiler already does. We need to prevent sign extension, not write down that we want sign extension. OK deraadt, millert, kn
Revision 1.32 / (download) - annotate - [select for diffs], Wed Nov 9 19:11:14 2022 UTC (19 months ago) by mbuhl
Branch: MAIN
Changes since 1.31: +2 -1 lines
Diff to previous 1.31 (colored)
nreq could leak a http get request in case a redirect without location header was received. OK deraadt
Revision 1.31 / (download) - annotate - [select for diffs], Tue Aug 24 10:07:30 2021 UTC (2 years, 9 months ago) by benno
Branch: MAIN
CVS Tags: OPENBSD_7_2_BASE,
OPENBSD_7_2,
OPENBSD_7_1_BASE,
OPENBSD_7_1,
OPENBSD_7_0_BASE,
OPENBSD_7_0
Changes since 1.30: +3 -3 lines
Diff to previous 1.30 (colored)
fix outdated comments, from Emil Engler, thanks.
Revision 1.30 / (download) - annotate - [select for diffs], Mon Jul 12 15:09:20 2021 UTC (2 years, 10 months ago) by beck
Branch: MAIN
Changes since 1.29: +2 -2 lines
Diff to previous 1.29 (colored)
Change the error reporting pattern throughout the tree when unveil fails to report the path that the failure occured on. Suggested by deraadt@ after some tech discussion. Work done and verified by Ashton Fagg <ashton@fagg.id.au> ok deraadt@ semarie@ claudio@
Revision 1.29 / (download) - annotate - [select for diffs], Thu Dec 24 08:17:49 2020 UTC (3 years, 5 months ago) by florian
Branch: MAIN
CVS Tags: OPENBSD_6_9_BASE,
OPENBSD_6_9
Changes since 1.28: +7 -2 lines
Diff to previous 1.28 (colored)
First fulfil all challenges then tell the CA that it should check. For http-01 this doesn't matter but I think this will be nicer for dns-01 because there are propagation delays to consider and it will be better to just put everything in DNS and then wait then wait after each challenge. Testing & OK sthen
Revision 1.28 / (download) - annotate - [select for diffs], Mon Sep 14 16:00:17 2020 UTC (3 years, 8 months ago) by florian
Branch: MAIN
CVS Tags: OPENBSD_6_8_BASE,
OPENBSD_6_8
Changes since 1.27: +6 -6 lines
Diff to previous 1.27 (colored)
We need to be able to provide contact information to use the buypass.com acme api. From Bartosz Kuzma (bartosz.kuzma AT release11.com), thanks! OK beck, deraadt
Revision 1.27 / (download) - annotate - [select for diffs], Mon Sep 14 13:49:13 2020 UTC (3 years, 8 months ago) by florian
Branch: MAIN
Changes since 1.26: +15 -3 lines
Diff to previous 1.26 (colored)
Report what's wrong when account creation fails instead of a generic http error. OK beck
Revision 1.26 / (download) - annotate - [select for diffs], Sun May 10 17:34:07 2020 UTC (4 years, 1 month ago) by florian
Branch: MAIN
Changes since 1.25: +18 -4 lines
Diff to previous 1.25 (colored)
In case the order fails print the human readable reason from the challenge objects that the server hopefully provides. input & OK deraadt OK beck, benno
Revision 1.25 / (download) - annotate - [select for diffs], Sun Aug 11 19:44:25 2019 UTC (4 years, 10 months ago) by florian
Branch: MAIN
CVS Tags: OPENBSD_6_7_BASE,
OPENBSD_6_7,
OPENBSD_6_6_BASE,
OPENBSD_6_6
Changes since 1.24: +2 -2 lines
Diff to previous 1.24 (colored)
In let's encrypt v1 we had to track a challenge for every domain in the certificate we were requesting. This is no longer true in v2 and we have to free the amount of challenges the server told us to fullfill. OK benno
Revision 1.24 / (download) - annotate - [select for diffs], Sat Jun 8 10:38:03 2019 UTC (5 years ago) by florian
Branch: MAIN
Changes since 1.23: +2 -3 lines
Diff to previous 1.23 (colored)
remove unused variable
Revision 1.23 / (download) - annotate - [select for diffs], Fri Jun 7 08:07:52 2019 UTC (5 years ago) by florian
Branch: MAIN
Changes since 1.22: +281 -204 lines
Diff to previous 1.22 (colored)
Implement RFC 8555 "Automatic Certificate Management Environment (ACME)" to be able to talk to the v02 Let's Encrypt API. With this acme-client(1) will no longer be able to talk to the v01 API. Users must change the api url in /etc/acme-client.conf to https://acme-v02.api.letsencrypt.org/directory Existing accounts (and certs of course) stay valid and after the url change acme-client will be able to renew certs. Tested by Renaud Allard and benno Input & OK benno
Revision 1.22 / (download) - annotate - [select for diffs], Fri Feb 1 10:16:04 2019 UTC (5 years, 4 months ago) by benno
Branch: MAIN
CVS Tags: OPENBSD_6_5_BASE,
OPENBSD_6_5
Changes since 1.21: +12 -38 lines
Diff to previous 1.21 (colored)
fix comments and clean up whitespace ok florian@
Revision 1.21 / (download) - annotate - [select for diffs], Fri Feb 1 10:14:28 2019 UTC (5 years, 4 months ago) by benno
Branch: MAIN
Changes since 1.20: +25 -14 lines
Diff to previous 1.20 (colored)
if not all challenges were validated, retry again. Found and fix suggested by "Thomas L.", tom AT longshine AT web DOT de, Thanks! ok florian@
Revision 1.20 / (download) - annotate - [select for diffs], Thu Jan 31 15:55:48 2019 UTC (5 years, 4 months ago) by benno
Branch: MAIN
Changes since 1.19: +4 -4 lines
Diff to previous 1.19 (colored)
make struct chng.status a enum for readability. ok florian@
Revision 1.19 / (download) - annotate - [select for diffs], Thu Nov 29 14:25:07 2018 UTC (5 years, 6 months ago) by tedu
Branch: MAIN
Changes since 1.18: +2 -2 lines
Diff to previous 1.18 (colored)
update for libtls default cert changes. bonus: this exposed a few missing const qualifiers.
Revision 1.18 / (download) - annotate - [select for diffs], Tue Nov 6 20:40:49 2018 UTC (5 years, 7 months ago) by jsing
Branch: MAIN
Changes since 1.17: +3 -2 lines
Diff to previous 1.17 (colored)
Use TLS_CA_CERT_FILE instead of a separate define. ok beck@ bluhm@ tb@
Revision 1.17 / (download) - annotate - [select for diffs], Wed Aug 8 17:47:44 2018 UTC (5 years, 10 months ago) by deraadt
Branch: MAIN
CVS Tags: OPENBSD_6_4_BASE,
OPENBSD_6_4
Changes since 1.16: +6 -1 lines
Diff to previous 1.16 (colored)
In netproc process, unveil to only expose the CA file. ok florian
Revision 1.16 / (download) - annotate - [select for diffs], Wed Mar 14 12:28:25 2018 UTC (6 years, 2 months ago) by florian
Branch: MAIN
CVS Tags: OPENBSD_6_3_BASE,
OPENBSD_6_3
Changes since 1.15: +34 -2 lines
Diff to previous 1.15 (colored)
letsencrypt responded with a 301 redirect when requesting the chain certificate for some time. While they stopped doing so it seems best to follow redirects anyway. More status codes pointed out by & OK sthen OK benno
Revision 1.15 / (download) - annotate - [select for diffs], Tue Feb 6 05:08:27 2018 UTC (6 years, 4 months ago) by florian
Branch: MAIN
Changes since 1.14: +9 -9 lines
Diff to previous 1.14 (colored)
move malloc check up so that it actually works. OK benno
Revision 1.14 / (download) - annotate - [select for diffs], Mon Nov 27 01:58:52 2017 UTC (6 years, 6 months ago) by florian
Branch: MAIN
Changes since 1.13: +5 -5 lines
Diff to previous 1.13 (colored)
Deprecate agreement url config option and get the information from the directory call. This way we don't need to update the acme-client.conf file every time it changes. Still parse the option, ignore and warn about it for a release. Sysmerge should be able to handle the removal. "nice" deraadt@ OK benno
Revision 1.13 / (download) - annotate - [select for diffs], Tue Jan 24 13:32:55 2017 UTC (7 years, 4 months ago) by jsing
Branch: MAIN
CVS Tags: OPENBSD_6_2_BASE,
OPENBSD_6_2,
OPENBSD_6_1_BASE,
OPENBSD_6_1
Changes since 1.12: +43 -43 lines
Diff to previous 1.12 (colored)
Make returns consistent and remove parentheses per style(9). Transformed with coccinelle. Requested by and ok tb@
Revision 1.12 / (download) - annotate - [select for diffs], Tue Jan 24 12:05:14 2017 UTC (7 years, 4 months ago) by jsing
Branch: MAIN
Changes since 1.11: +64 -64 lines
Diff to previous 1.11 (colored)
Replace comparisons between a constant or enum and an expression, with a comparison between the expression and the constant or enum. This significantly improves readability. Transformed with coccinelle. Requested by deraadt@
Revision 1.11 / (download) - annotate - [select for diffs], Sat Jan 21 08:41:42 2017 UTC (7 years, 4 months ago) by benno
Branch: MAIN
Changes since 1.10: +5 -4 lines
Diff to previous 1.10 (colored)
acme-client use configuration file [1 of 5]
start using the configuration file and delete command line arguments:
-a agreement -> agreement url ...
-c certdir -> domain certificate "path"
-f accountkey -> account key "path"
-k domainkey -> domain key "path"
-s authority -> sign with "name"
new argument:
-f configfile
the changes needed to use the new configuration are local to main.c for now.
While the configuration could be passed directly to netproc(), keyproc() etc,
the diff is smaller this way.
This also removes the multidir (-m) mode for now - specify different paths in
each domain {} block instead.
ok florian
Revision 1.10 / (download) - annotate - [select for diffs], Tue Oct 4 15:49:42 2016 UTC (7 years, 8 months ago) by jsing
Branch: MAIN
Changes since 1.9: +11 -1 lines
Diff to previous 1.9 (colored)
Avoid a potential MITM - calling tls_config_insecure_noverify() is a bad idea, so stop doing that. Instead, use a single tls_config, set it up and configure the CA file to use while we still have rpath, then drop rpath. This also avoids creating a new tls_config for each and every HTTPS connection, which is unnecessary. ok benno@ florian@
Revision 1.9 / (download) - annotate - [select for diffs], Tue Oct 4 15:41:07 2016 UTC (7 years, 8 months ago) by jsing
Branch: MAIN
Changes since 1.8: +2 -2 lines
Diff to previous 1.8 (colored)
s/letsencrypt/ACME/
Revision 1.8 / (download) - annotate - [select for diffs], Tue Sep 13 17:13:37 2016 UTC (7 years, 8 months ago) by deraadt
Branch: MAIN
Changes since 1.7: +17 -19 lines
Diff to previous 1.7 (colored)
A small amount more KNF to make this easier on our eyes. Not going further than this. ok florian
Revision 1.7 / (download) - annotate - [select for diffs], Tue Sep 13 16:49:28 2016 UTC (7 years, 8 months ago) by deraadt
Branch: MAIN
Changes since 1.6: +16 -29 lines
Diff to previous 1.6 (colored)
hoist local variable initialization directly into the definitions, rather than doing it right afterwards. ok florian
Revision 1.6 / (download) - annotate - [select for diffs], Thu Sep 1 12:17:00 2016 UTC (7 years, 9 months ago) by florian
Branch: MAIN
Changes since 1.5: +3 -6 lines
Diff to previous 1.5 (colored)
Implement table driven selection to which ACME authorities we can talk. Suggest by and OK deraadt, OK benno. (Later on deraadt and benno discussed if this should be handled with a config file. This seems to be good enough for now. We can do a config file later.)
Revision 1.5 / (download) - annotate - [select for diffs], Thu Sep 1 00:35:22 2016 UTC (7 years, 9 months ago) by florian
Branch: MAIN
Changes since 1.4: +1 -4 lines
Diff to previous 1.4 (colored)
we don't have config.h
Revision 1.4 / (download) - annotate - [select for diffs], Thu Sep 1 00:21:36 2016 UTC (7 years, 9 months ago) by deraadt
Branch: MAIN
Changes since 1.3: +4 -10 lines
Diff to previous 1.3 (colored)
Collapse krazy abstractions for other sandbox models, using chroot and pledge directly as needed. ok florian
Revision 1.3 / (download) - annotate - [select for diffs], Wed Aug 31 23:36:16 2016 UTC (7 years, 9 months ago) by benno
Branch: MAIN
Changes since 1.2: +67 -67 lines
Diff to previous 1.2 (colored)
whitespace
Revision 1.2 / (download) - annotate - [select for diffs], Wed Aug 31 22:57:36 2016 UTC (7 years, 9 months ago) by deraadt
Branch: MAIN
Changes since 1.1: +3 -3 lines
Diff to previous 1.1 (colored)
revoke -> revocate, to avoid alias ok florian
Revision 1.1 / (download) - annotate - [select for diffs], Wed Aug 31 22:01:42 2016 UTC (7 years, 9 months ago) by florian
Branch: MAIN
Import Kristaps' letskencrypt and call it acme-client in tree. OK to get it in deraadt@ (and probably beck@) At least deraadt@, beck@ and otto@ are fine with the name and the disagreements stopped.