Mirror
/
acmed
mirror of https://github.com/breard-r/acmed.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
263 Commits
13 Branches
28 Tags
2.5 MiB
Tree: 3ee3419676
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '3ee3419676'
${ noResults }
acmed/tacd/src/main.rs

193 lines
6.6 KiB
Raw Normal View History

Add a dummy tacd standalone server Even if the tacd server might be one of the last thing implemented using ring, it should not block the compilation.
6 years ago
Remove the standalone feature As discussed in #2, ring is not mature enough to replace OpenSSL. Hence, the standalone mode which has been made to implement such a replacement has to be removed until ring becomes usable.
6 years ago
Add the `--crt-digest` option in tacd
4 years ago
Add tacd, a daemon for the tls-alpn-01 challenge ACMEd should and will remain as simple as possible and let the user alone take care of the challenge validation. However, this philosophy does not forbid the project itself to distribute additional tools that are designed to improve the user experience. Because the TLS-ALPN ecosystem is currently very slim, adding tacd is really benefic to ACMEd.
6 years ago
Improve the CLI Some default values were missing. Some descriptions has been rephrased.
4 years ago
Remove the PID file after exit Fix #25
5 years ago
Add tacd, a daemon for the tls-alpn-01 challenge ACMEd should and will remain as simple as possible and let the user alone take care of the challenge validation. However, this philosophy does not forbid the project itself to distribute additional tools that are designed to improve the user experience. Because the TLS-ALPN ecosystem is currently very slim, adding tacd is really benefic to ACMEd.
6 years ago
Fix the default PID file name
5 years ago
Add tacd, a daemon for the tls-alpn-01 challenge ACMEd should and will remain as simple as possible and let the user alone take care of the challenge validation. However, this philosophy does not forbid the project itself to distribute additional tools that are designed to improve the user experience. Because the TLS-ALPN ecosystem is currently very slim, adding tacd is really benefic to ACMEd.
6 years ago
Add partial EdDSA support Currently, OpenSSL does not have the required `EVP_PKEY_get1_ED(25519|448)` functions, hence EdDSA has been partially implemented and disabled. Once OpenSSL 3.0.0 is out and the `openssl` crates implements the bindings to those functions, full EdDSA implementation could be done and activated. Conditional compilation has been implemented using `rustc-cfg` instructions rather than features so it can be activated from the build script depending on whether or not the cryptographic library supports Ed25519 and Ed448. https://github.com/openssl/openssl/commit/7c664b1f1b5f60bf896f5fdea5c08c401c541dfe
4 years ago
Add the `--crt-digest` option in tacd
4 years ago
Add tacd, a daemon for the tls-alpn-01 challenge ACMEd should and will remain as simple as possible and let the user alone take care of the challenge validation. However, this philosophy does not forbid the project itself to distribute additional tools that are designed to improve the user experience. Because the TLS-ALPN ecosystem is currently very slim, adding tacd is really benefic to ACMEd.
6 years ago
Fix the "foregroung" typo I made the typo once and then copy/pasted it everywhere.
5 years ago
Prevent unnecessary creation of a PID file When running in foreground, a PID file should be created only if the `--pid-file` option is specified. Rel #25
5 years ago
Add tacd, a daemon for the tls-alpn-01 challenge ACMEd should and will remain as simple as possible and let the user alone take care of the challenge validation. However, this philosophy does not forbid the project itself to distribute additional tools that are designed to improve the user experience. Because the TLS-ALPN ecosystem is currently very slim, adding tacd is really benefic to ACMEd.
6 years ago
Add internationalized domain names support
5 years ago
Add tacd, a daemon for the tls-alpn-01 challenge ACMEd should and will remain as simple as possible and let the user alone take care of the challenge validation. However, this philosophy does not forbid the project itself to distribute additional tools that are designed to improve the user experience. Because the TLS-ALPN ecosystem is currently very slim, adding tacd is really benefic to ACMEd.
6 years ago
Add the `--crt-signature-alg` option in tacd
4 years ago
Add the `--crt-digest` option in tacd
4 years ago
Add tacd, a daemon for the tls-alpn-01 challenge ACMEd should and will remain as simple as possible and let the user alone take care of the challenge validation. However, this philosophy does not forbid the project itself to distribute additional tools that are designed to improve the user experience. Because the TLS-ALPN ecosystem is currently very slim, adding tacd is really benefic to ACMEd.
6 years ago
Add a dummy tacd standalone server Even if the tacd server might be one of the last thing implemented using ring, it should not block the compilation.
6 years ago
Add tacd, a daemon for the tls-alpn-01 challenge ACMEd should and will remain as simple as possible and let the user alone take care of the challenge validation. However, this philosophy does not forbid the project itself to distribute additional tools that are designed to improve the user experience. Because the TLS-ALPN ecosystem is currently very slim, adding tacd is really benefic to ACMEd.
6 years ago
Add the `--crt-signature-alg` option in tacd
4 years ago
Add the `--crt-digest` option in tacd
4 years ago
Improve the CLI Some default values were missing. Some descriptions has been rephrased.
4 years ago
Add tacd, a daemon for the tls-alpn-01 challenge ACMEd should and will remain as simple as possible and let the user alone take care of the challenge validation. However, this philosophy does not forbid the project itself to distribute additional tools that are designed to improve the user experience. Because the TLS-ALPN ecosystem is currently very slim, adding tacd is really benefic to ACMEd.
6 years ago
Improve the CLI Some default values were missing. Some descriptions has been rephrased.
4 years ago
Add tacd, a daemon for the tls-alpn-01 challenge ACMEd should and will remain as simple as possible and let the user alone take care of the challenge validation. However, this philosophy does not forbid the project itself to distribute additional tools that are designed to improve the user experience. Because the TLS-ALPN ecosystem is currently very slim, adding tacd is really benefic to ACMEd.
6 years ago
Improve the CLI Some default values were missing. Some descriptions has been rephrased.
4 years ago
Add missing commas
4 years ago
Add tacd, a daemon for the tls-alpn-01 challenge ACMEd should and will remain as simple as possible and let the user alone take care of the challenge validation. However, this philosophy does not forbid the project itself to distribute additional tools that are designed to improve the user experience. Because the TLS-ALPN ecosystem is currently very slim, adding tacd is really benefic to ACMEd.
6 years ago
Add missing commas
4 years ago
Add tacd, a daemon for the tls-alpn-01 challenge ACMEd should and will remain as simple as possible and let the user alone take care of the challenge validation. However, this philosophy does not forbid the project itself to distribute additional tools that are designed to improve the user experience. Because the TLS-ALPN ecosystem is currently very slim, adding tacd is really benefic to ACMEd.
6 years ago
Add missing commas
4 years ago
Add tacd, a daemon for the tls-alpn-01 challenge ACMEd should and will remain as simple as possible and let the user alone take care of the challenge validation. However, this philosophy does not forbid the project itself to distribute additional tools that are designed to improve the user experience. Because the TLS-ALPN ecosystem is currently very slim, adding tacd is really benefic to ACMEd.
6 years ago
Add missing commas
4 years ago
Add tacd, a daemon for the tls-alpn-01 challenge ACMEd should and will remain as simple as possible and let the user alone take care of the challenge validation. However, this philosophy does not forbid the project itself to distribute additional tools that are designed to improve the user experience. Because the TLS-ALPN ecosystem is currently very slim, adding tacd is really benefic to ACMEd.
6 years ago
Add missing commas
4 years ago
Add tacd, a daemon for the tls-alpn-01 challenge ACMEd should and will remain as simple as possible and let the user alone take care of the challenge validation. However, this philosophy does not forbid the project itself to distribute additional tools that are designed to improve the user experience. Because the TLS-ALPN ecosystem is currently very slim, adding tacd is really benefic to ACMEd.
6 years ago
Add the `--crt-signature-alg` option in tacd
4 years ago
Add missing commas
4 years ago
Add the `--crt-signature-alg` option in tacd
4 years ago
Add the `--crt-digest` option in tacd
4 years ago
Add missing commas
4 years ago
Add the `--crt-digest` option in tacd
4 years ago
Add tacd, a daemon for the tls-alpn-01 challenge ACMEd should and will remain as simple as possible and let the user alone take care of the challenge validation. However, this philosophy does not forbid the project itself to distribute additional tools that are designed to improve the user experience. Because the TLS-ALPN ecosystem is currently very slim, adding tacd is really benefic to ACMEd.
6 years ago
Improve the CLI Some default values were missing. Some descriptions has been rephrased.
4 years ago
Add missing commas
4 years ago
Add tacd, a daemon for the tls-alpn-01 challenge ACMEd should and will remain as simple as possible and let the user alone take care of the challenge validation. However, this philosophy does not forbid the project itself to distribute additional tools that are designed to improve the user experience. Because the TLS-ALPN ecosystem is currently very slim, adding tacd is really benefic to ACMEd.
6 years ago
Improve the CLI Some default values were missing. Some descriptions has been rephrased.
4 years ago
Add tacd, a daemon for the tls-alpn-01 challenge ACMEd should and will remain as simple as possible and let the user alone take care of the challenge validation. However, this philosophy does not forbid the project itself to distribute additional tools that are designed to improve the user experience. Because the TLS-ALPN ecosystem is currently very slim, adding tacd is really benefic to ACMEd.
6 years ago
Fix the "foregroung" typo I made the typo once and then copy/pasted it everywhere.
5 years ago
Add tacd, a daemon for the tls-alpn-01 challenge ACMEd should and will remain as simple as possible and let the user alone take care of the challenge validation. However, this philosophy does not forbid the project itself to distribute additional tools that are designed to improve the user experience. Because the TLS-ALPN ecosystem is currently very slim, adding tacd is really benefic to ACMEd.
6 years ago
Add missing commas
4 years ago
Add tacd, a daemon for the tls-alpn-01 challenge ACMEd should and will remain as simple as possible and let the user alone take care of the challenge validation. However, this philosophy does not forbid the project itself to distribute additional tools that are designed to improve the user experience. Because the TLS-ALPN ecosystem is currently very slim, adding tacd is really benefic to ACMEd.
6 years ago
Improve the CLI Some default values were missing. Some descriptions has been rephrased.
4 years ago
Add tacd, a daemon for the tls-alpn-01 challenge ACMEd should and will remain as simple as possible and let the user alone take care of the challenge validation. However, this philosophy does not forbid the project itself to distribute additional tools that are designed to improve the user experience. Because the TLS-ALPN ecosystem is currently very slim, adding tacd is really benefic to ACMEd.
6 years ago
Improve the CLI Some default values were missing. Some descriptions has been rephrased.
4 years ago
Add missing commas
4 years ago
Add tacd, a daemon for the tls-alpn-01 challenge ACMEd should and will remain as simple as possible and let the user alone take care of the challenge validation. However, this philosophy does not forbid the project itself to distribute additional tools that are designed to improve the user experience. Because the TLS-ALPN ecosystem is currently very slim, adding tacd is really benefic to ACMEd.
6 years ago
Improve the CLI Some default values were missing. Some descriptions has been rephrased.
4 years ago
Add tacd, a daemon for the tls-alpn-01 challenge ACMEd should and will remain as simple as possible and let the user alone take care of the challenge validation. However, this philosophy does not forbid the project itself to distribute additional tools that are designed to improve the user experience. Because the TLS-ALPN ecosystem is currently very slim, adding tacd is really benefic to ACMEd.
6 years ago
Remove the PID file after exit Fix #25
5 years ago
Add tacd, a daemon for the tls-alpn-01 challenge ACMEd should and will remain as simple as possible and let the user alone take care of the challenge validation. However, this philosophy does not forbid the project itself to distribute additional tools that are designed to improve the user experience. Because the TLS-ALPN ecosystem is currently very slim, adding tacd is really benefic to ACMEd.
6 years ago
  1. mod openssl_server;
  3. use crate::openssl_server::start as server_start;
  4. use acme_common::crypto::{HashFunction, KeyType, X509Certificate};
  5. use acme_common::error::Error;
  6. use acme_common::logs::{set_log_system, DEFAULT_LOG_LEVEL};
  7. use acme_common::{clean_pid_file, to_idna};
  8. use clap::{App, Arg, ArgMatches};
  9. use log::{debug, error, info};
  10. use std::fs::File;
  11. use std::io::{self, Read};
  13. const APP_NAME: &str = env!("CARGO_PKG_NAME");
  14. const APP_VERSION: &str = env!("CARGO_PKG_VERSION");
  15. const DEFAULT_PID_FILE: &str = "/var/run/tacd.pid";
  16. const DEFAULT_LISTEN_ADDR: &str = "127.0.0.1:5001";
  17. const DEFAULT_CRT_KEY_TYPE: KeyType = KeyType::EcdsaP256;
  18. const DEFAULT_CRT_DIGEST: HashFunction = HashFunction::Sha256;
  19. const ALPN_ACME_PROTO_NAME: &[u8] = b"\x0aacme-tls/1";
  21. fn read_line(path: Option<&str>) -> Result<String, Error> {
  22. let mut input = String::new();
  23. match path {
  24. Some(p) => File::open(p)?.read_to_string(&mut input)?,
  25. None => io::stdin().read_line(&mut input)?,
  26. };
  27. let line = input.trim().to_string();
  28. Ok(line)
  29. }
  31. fn get_acme_value(cnf: &ArgMatches, opt: &str, opt_file: &str) -> Result<String, Error> {
  32. match cnf.value_of(opt) {
  33. Some(v) => Ok(v.to_string()),
  34. None => {
  35. debug!(
  36. "Reading {} from {}",
  37. opt,
  38. cnf.value_of(opt_file).unwrap_or("stdin")
  39. );
  40. read_line(cnf.value_of(opt_file))
  41. }
  42. }
  43. }
  45. fn init(cnf: &ArgMatches) -> Result<(), Error> {
  46. acme_common::init_server(
  47. cnf.is_present("foreground"),
  48. cnf.value_of("pid-file"),
  49. DEFAULT_PID_FILE,
  50. );
  51. let domain = get_acme_value(cnf, "domain", "domain-file")?;
  52. let domain = to_idna(&domain)?;
  53. let ext = get_acme_value(cnf, "acme-ext", "acme-ext-file")?;
  54. let listen_addr = cnf.value_of("listen").unwrap_or(DEFAULT_LISTEN_ADDR);
  55. let crt_signature_alg = match cnf.value_of("crt-signature-alg") {
  56. Some(alg) => alg.parse()?,
  57. None => DEFAULT_CRT_KEY_TYPE,
  58. };
  59. let crt_digest = match cnf.value_of("crt-digest") {
  60. Some(alg) => alg.parse()?,
  61. None => DEFAULT_CRT_DIGEST,
  62. };
  63. let (pk, cert) = X509Certificate::from_acme_ext(&domain, &ext, crt_signature_alg, crt_digest)?;
  64. info!("Starting {} on {} for {}", APP_NAME, listen_addr, domain);
  65. server_start(listen_addr, &cert, &pk)?;
  66. Ok(())
  67. }
  69. fn main() {
  70. let default_crt_key_type = DEFAULT_CRT_KEY_TYPE.to_string();
  71. let default_crt_digest = DEFAULT_CRT_DIGEST.to_string();
  72. let default_log_level = DEFAULT_LOG_LEVEL.to_string().to_lowercase();
  73. let matches = App::new(APP_NAME)
  74. .version(APP_VERSION)
  75. .arg(
  76. Arg::with_name("listen")
  77. .long("listen")
  78. .short("l")
  79. .help("Host and port to listen on")
  80. .takes_value(true)
  81. .value_name("host:port|unix:path")
  82. .default_value(&DEFAULT_LISTEN_ADDR),
  83. )
  84. .arg(
  85. Arg::with_name("domain")
  86. .long("domain")
  87. .short("d")
  88. .help("The domain that is being validated")
  89. .takes_value(true)
  90. .value_name("STRING")
  91. .conflicts_with("domain-file"),
  92. )
  93. .arg(
  94. Arg::with_name("domain-file")
  95. .long("domain-file")
  96. .help("File from which is read the domain that is being validated")
  97. .takes_value(true)
  98. .value_name("FILE")
  99. .conflicts_with("domain"),
  100. )
  101. .arg(
  102. Arg::with_name("acme-ext")
  103. .long("acme-ext")
  104. .short("e")
  105. .help("The acmeIdentifier extension to set in the self-signed certificate")
  106. .takes_value(true)
  107. .value_name("STRING")
  108. .conflicts_with("acme-ext-file"),
  109. )
  110. .arg(
  111. Arg::with_name("acme-ext-file")
  112. .long("acme-ext-file")
  113. .help("File from which is read the acmeIdentifier extension to set in the self-signed certificate")
  114. .takes_value(true)
  115. .value_name("FILE")
  116. .conflicts_with("acme-ext"),
  117. )
  118. .arg(
  119. Arg::with_name("crt-signature-alg")
  120. .long("crt-signature-alg")
  121. .help("The certificate's signature algorithm")
  122. .takes_value(true)
  123. .value_name("STRING")
  124. .possible_values(&KeyType::list_possible_values())
  125. .default_value(&default_crt_key_type),
  126. )
  127. .arg(
  128. Arg::with_name("crt-digest")
  129. .long("crt-digest")
  130. .help("The certificate's digest algorithm")
  131. .takes_value(true)
  132. .value_name("STRING")
  133. .possible_values(&HashFunction::list_possible_values())
  134. .default_value(&default_crt_digest),
  135. )
  136. .arg(
  137. Arg::with_name("log-level")
  138. .long("log-level")
  139. .help("Specify the log level")
  140. .takes_value(true)
  141. .value_name("LEVEL")
  142. .possible_values(&["error", "warn", "info", "debug", "trace"])
  143. .default_value(&default_log_level),
  144. )
  145. .arg(
  146. Arg::with_name("to-syslog")
  147. .long("log-syslog")
  148. .help("Sends log messages via syslog")
  149. .conflicts_with("to-stderr"),
  150. )
  151. .arg(
  152. Arg::with_name("to-stderr")
  153. .long("log-stderr")
  154. .help("Prints log messages to the standard error output")
  155. .conflicts_with("to-syslog"),
  156. )
  157. .arg(
  158. Arg::with_name("foreground")
  159. .long("foreground")
  160. .short("f")
  161. .help("Runs in the foreground"),
  162. )
  163. .arg(
  164. Arg::with_name("pid-file")
  165. .long("pid-file")
  166. .help("Path to the PID file")
  167. .takes_value(true)
  168. .value_name("FILE")
  169. .default_value(&DEFAULT_PID_FILE),
  170. )
  171. .get_matches();
  173. match set_log_system(
  174. matches.value_of("log-level"),
  175. matches.is_present("log-syslog"),
  176. matches.is_present("to-stderr"),
  177. ) {
  178. Ok(_) => {}
  179. Err(e) => {
  180. eprintln!("Error: {}", e);
  181. std::process::exit(2);
  182. }
  183. };
  185. match init(&matches) {
  186. Ok(_) => {}
  187. Err(e) => {
  188. error!("{}", e);
  189. let _ = clean_pid_file(matches.value_of("pid-file"));
  190. std::process::exit(1);
  191. }
  192. };
  193. }