diff --git a/acmed/src/config.rs b/acmed/src/config.rs index 9ef437f..f21d5ec 100644 --- a/acmed/src/config.rs +++ b/acmed/src/config.rs @@ -147,6 +147,13 @@ impl Config { } } + pub fn get_cert_file_ext(&self) -> Option { + match &self.global { + Some(g) => g.cert_file_ext.to_owned(), + None => None, + } + } + pub fn get_pk_file_mode(&self) -> u32 { match &self.global { Some(g) => match g.pk_file_mode { @@ -170,6 +177,13 @@ impl Config { None => None, } } + + pub fn get_pk_file_ext(&self) -> Option { + match &self.global { + Some(g) => g.pk_file_ext.to_owned(), + None => None, + } + } } #[derive(Clone, Deserialize)] @@ -179,6 +193,7 @@ pub struct GlobalOptions { pub cert_file_group: Option, pub cert_file_mode: Option, pub cert_file_user: Option, + pub cert_file_ext: Option, pub certificates_directory: Option, #[serde(default)] pub env: HashMap, @@ -186,6 +201,7 @@ pub struct GlobalOptions { pub pk_file_group: Option, pub pk_file_mode: Option, pub pk_file_user: Option, + pub pk_file_ext: Option, pub random_early_renew: Option, pub renew_delay: Option, pub root_certificates: Option>, diff --git a/acmed/src/main_event_loop.rs b/acmed/src/main_event_loop.rs index c81dbf9..8befdb7 100644 --- a/acmed/src/main_event_loop.rs +++ b/acmed/src/main_event_loop.rs @@ -57,9 +57,11 @@ impl MainEventLoop { cert_file_mode: cnf.get_cert_file_mode(), cert_file_owner: cnf.get_cert_file_user(), cert_file_group: cnf.get_cert_file_group(), + cert_file_ext: cnf.get_cert_file_ext(), pk_file_mode: cnf.get_pk_file_mode(), pk_file_owner: cnf.get_pk_file_user(), pk_file_group: cnf.get_pk_file_group(), + pk_file_ext: cnf.get_pk_file_ext(), hooks: acc .get_hooks(&cnf)? .iter() @@ -91,9 +93,11 @@ impl MainEventLoop { cert_file_mode: cnf.get_cert_file_mode(), cert_file_owner: cnf.get_cert_file_user(), cert_file_group: cnf.get_cert_file_group(), + cert_file_ext: cnf.get_cert_file_ext(), pk_file_mode: cnf.get_pk_file_mode(), pk_file_owner: cnf.get_pk_file_user(), pk_file_group: cnf.get_pk_file_group(), + pk_file_ext: cnf.get_pk_file_ext(), hooks: hooks .iter() .filter(|h| !h.hook_type.is_disjoint(&file_hooks)) diff --git a/acmed/src/storage.rs b/acmed/src/storage.rs index 37d8719..4fbbf1f 100644 --- a/acmed/src/storage.rs +++ b/acmed/src/storage.rs @@ -22,9 +22,11 @@ pub struct FileManager { pub cert_file_mode: u32, pub cert_file_owner: Option, pub cert_file_group: Option, + pub cert_file_ext: Option, pub pk_file_mode: u32, pub pk_file_owner: Option, pub pk_file_group: Option, + pub pk_file_ext: Option, pub hooks: Vec, pub env: HashMap, } @@ -93,17 +95,22 @@ fn get_file_full_path( FileType::PrivateKey => &fm.crt_directory, FileType::Certificate => &fm.crt_directory, }; + let ext = match file_type { + FileType::Account => "bin".to_string(), + FileType::PrivateKey => fm.pk_file_ext.clone().unwrap_or("pem".to_string()), + FileType::Certificate => fm.cert_file_ext.clone().unwrap_or("pem".to_string()), + }; let file_name = match file_type { FileType::Account => format!( "{account}.{file_type}.{ext}", account = b64_encode(&fm.account_name), file_type = file_type, - ext = "bin" + ext = ext ), FileType::PrivateKey | FileType::Certificate => { let fmt_data = CertFileFormat { key_type: fm.crt_key_type.to_string(), - ext: "pem".into(), + ext, file_type: file_type.to_string(), name: fm.crt_name.to_owned(), }; diff --git a/man/en/acmed.toml.5 b/man/en/acmed.toml.5 index a518053..7d1d459 100644 --- a/man/en/acmed.toml.5 +++ b/man/en/acmed.toml.5 @@ -136,9 +136,10 @@ element, is used. Default is Possible variables are: .Bl -tag .It Ic ext Ar string -File extension. Currently, only -.Dq pem -is supported. +File extension. See +.Xr cert_file_ext +and +.Xr pk_file_ext .It Ic file_type Ar string Contains .Dq pk @@ -285,6 +286,8 @@ for more details. Specify the user who will own newly-created certificates files. See .Xr chown 2 for more details. +.It Cm cert_file_ext Ft string +Specify the file extension of certificate files. .It Cm certificates_directory Ar string Specify the directory where the certificates and their associated private keys are stored. .It Ic env Ar table @@ -307,6 +310,8 @@ for more details. Specify the user who will own newly-created private-key files. See .Xr chown 2 for more details. +.It Cm pk_file_ext Ft string +Specify the file extension of private-key files. .It Cm random_early_renew Ar string Period of time before the usual certificate renewal, in which the certificate will renew at a random time. This is useful for when you want to even out your certificate orders when you're dealing with very large numbers of certificates. The format is described in the