Mirror
/
acmed
mirror of https://github.com/breard-r/acmed.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
141 Commits
12 Branches
27 Tags
2.2 MiB
Tree: c5fee08581
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from 'c5fee08581'
${ noResults }
acmed/tacd/src/main.rs

155 lines
5.0 KiB
Raw Normal View History

Add a dummy tacd standalone server Even if the tacd server might be one of the last thing implemented using ring, it should not block the compilation.
6 years ago
Remove the standalone feature As discussed in #2, ring is not mature enough to replace OpenSSL. Hence, the standalone mode which has been made to implement such a replacement has to be removed until ring becomes usable.
5 years ago
Create an abstraction around the certificate As for public and private keys, the certificate should also be abstracted. rel #2
6 years ago
Add tacd, a daemon for the tls-alpn-01 challenge ACMEd should and will remain as simple as possible and let the user alone take care of the challenge validation. However, this philosophy does not forbid the project itself to distribute additional tools that are designed to improve the user experience. Because the TLS-ALPN ecosystem is currently very slim, adding tacd is really benefic to ACMEd.
6 years ago
Create an abstraction around the certificate As for public and private keys, the certificate should also be abstracted. rel #2
6 years ago
Add tacd, a daemon for the tls-alpn-01 challenge ACMEd should and will remain as simple as possible and let the user alone take care of the challenge validation. However, this philosophy does not forbid the project itself to distribute additional tools that are designed to improve the user experience. Because the TLS-ALPN ecosystem is currently very slim, adding tacd is really benefic to ACMEd.
6 years ago
Add a dummy tacd standalone server Even if the tacd server might be one of the last thing implemented using ring, it should not block the compilation.
6 years ago
Add tacd, a daemon for the tls-alpn-01 challenge ACMEd should and will remain as simple as possible and let the user alone take care of the challenge validation. However, this philosophy does not forbid the project itself to distribute additional tools that are designed to improve the user experience. Because the TLS-ALPN ecosystem is currently very slim, adding tacd is really benefic to ACMEd.
6 years ago
Allow tacd to listen on a unix socket
6 years ago
Add tacd, a daemon for the tls-alpn-01 challenge ACMEd should and will remain as simple as possible and let the user alone take care of the challenge validation. However, this philosophy does not forbid the project itself to distribute additional tools that are designed to improve the user experience. Because the TLS-ALPN ecosystem is currently very slim, adding tacd is really benefic to ACMEd.
6 years ago
  1. mod openssl_server;
  3. use crate::openssl_server::start as server_start;
  4. use acme_common::crypto::X509Certificate;
  5. use acme_common::error::Error;
  6. use clap::{App, Arg, ArgMatches};
  7. use log::{debug, error, info};
  8. use std::fs::File;
  9. use std::io::{self, Read};
  11. const APP_NAME: &str = env!("CARGO_PKG_NAME");
  12. const APP_VERSION: &str = env!("CARGO_PKG_VERSION");
  13. const DEFAULT_PID_FILE: &str = "/var/run/admed.pid";
  14. const DEFAULT_LISTEN_ADDR: &str = "127.0.0.1:5001";
  15. const ALPN_ACME_PROTO_NAME: &[u8] = b"\x0aacme-tls/1";
  17. fn read_line(path: Option<&str>) -> Result<String, Error> {
  18. let mut input = String::new();
  19. match path {
  20. Some(p) => File::open(p)?.read_to_string(&mut input)?,
  21. None => io::stdin().read_line(&mut input)?,
  22. };
  23. let line = input.trim().to_string();
  24. Ok(line)
  25. }
  27. fn get_acme_value(cnf: &ArgMatches, opt: &str, opt_file: &str) -> Result<String, Error> {
  28. match cnf.value_of(opt) {
  29. Some(v) => Ok(v.to_string()),
  30. None => {
  31. debug!(
  32. "Reading {} from {}",
  33. opt,
  34. cnf.value_of(opt_file).unwrap_or("stdin")
  35. );
  36. read_line(cnf.value_of(opt_file))
  37. }
  38. }
  39. }
  41. fn init(cnf: &ArgMatches) -> Result<(), Error> {
  42. acme_common::init_server(
  43. cnf.is_present("foregroung"),
  44. cnf.value_of("pid-file").unwrap_or(DEFAULT_PID_FILE),
  45. );
  46. let domain = get_acme_value(cnf, "domain", "domain-file")?;
  47. let ext = get_acme_value(cnf, "acme-ext", "acme-ext-file")?;
  48. let listen_addr = cnf.value_of("listen").unwrap_or(DEFAULT_LISTEN_ADDR);
  49. let (pk, cert) = X509Certificate::from_acme_ext(&domain, &ext)?;
  50. info!("Starting {} on {} for {}", APP_NAME, listen_addr, domain);
  51. server_start(listen_addr, &cert, &pk)?;
  52. Ok(())
  53. }
  55. fn main() {
  56. let matches = App::new(APP_NAME)
  57. .version(APP_VERSION)
  58. .arg(
  59. Arg::with_name("listen")
  60. .long("listen")
  61. .short("l")
  62. .help("Specifies the host and port to listen on")
  63. .takes_value(true)
  64. .value_name("host:port|unix:path"),
  65. )
  66. .arg(
  67. Arg::with_name("domain")
  68. .long("domain")
  69. .short("d")
  70. .help("The domain that is being validated")
  71. .takes_value(true)
  72. .value_name("STRING")
  73. .conflicts_with("domain-file")
  74. )
  75. .arg(
  76. Arg::with_name("domain-file")
  77. .long("domain-file")
  78. .help("File from which is read the domain that is being validated")
  79. .takes_value(true)
  80. .value_name("FILE")
  81. .conflicts_with("domain")
  82. )
  83. .arg(
  84. Arg::with_name("acme-ext")
  85. .long("acme-ext")
  86. .short("e")
  87. .help("The acmeIdentifier extension to set in the self-signed certificate")
  88. .takes_value(true)
  89. .value_name("STRING")
  90. .conflicts_with("acme-ext-file")
  91. )
  92. .arg(
  93. Arg::with_name("acme-ext-file")
  94. .long("acme-ext-file")
  95. .help("File from which is read the acmeIdentifier extension to set in the self-signed certificate")
  96. .takes_value(true)
  97. .value_name("FILE")
  98. .conflicts_with("acme-ext-file")
  99. )
  100. .arg(
  101. Arg::with_name("log-level")
  102. .long("log-level")
  103. .help("Specify the log level")
  104. .takes_value(true)
  105. .value_name("LEVEL")
  106. .possible_values(&["error", "warn", "info", "debug", "trace"]),
  107. )
  108. .arg(
  109. Arg::with_name("to-syslog")
  110. .long("log-syslog")
  111. .help("Sends log messages via syslog")
  112. .conflicts_with("to-stderr"),
  113. )
  114. .arg(
  115. Arg::with_name("to-stderr")
  116. .long("log-stderr")
  117. .help("Prints log messages to the standard error output")
  118. .conflicts_with("log-syslog"),
  119. )
  120. .arg(
  121. Arg::with_name("foregroung")
  122. .long("foregroung")
  123. .short("f")
  124. .help("Runs in the foregroung"),
  125. )
  126. .arg(
  127. Arg::with_name("pid-file")
  128. .long("pid-file")
  129. .help("Specifies the location of the PID file")
  130. .takes_value(true)
  131. .value_name("FILE")
  132. .conflicts_with("foregroung"),
  133. )
  134. .get_matches();
  136. match acme_common::logs::set_log_system(
  137. matches.value_of("log-level"),
  138. matches.is_present("log-syslog"),
  139. matches.is_present("to-stderr"),
  140. ) {
  141. Ok(_) => {}
  142. Err(e) => {
  143. eprintln!("Error: {}", e);
  144. std::process::exit(2);
  145. }
  146. };
  148. match init(&matches) {
  149. Ok(_) => {}
  150. Err(e) => {
  151. error!("{}", e);
  152. std::process::exit(1);
  153. }
  154. };
  155. }