acmed

Commit Graph

Author	SHA1	Message	Date
Rodolphe Bréard	213d057d08	Fix the indentation	2 years ago
Rodolphe Bréard	e900138503	Inline the format args	2 years ago
Rodolphe Bréard	1afc6dc27e	Indent with tabs instead of spaces https://adamtuttle.codes/blog/2021/tabs-vs-spaces-its-an-accessibility-issue/	2 years ago
Rodolphe Bréard	717757c8e7	Remove the useless `let` bindings	2 years ago
Mateusz Poliwczak	083a8151fe	pad public key with zeros	2 years ago
Rodolphe Bréard	0d1fddd9d4	Stop using `libc::time_t` This type was used for the calculation of the certificate's expiration delay, which causes troubles on some 32 bits systems. Rel #59	3 years ago
Rodolphe Bréard	eceb61f9b6	Use a char instead of a string in `.replace()`	3 years ago
Rodolphe Bréard	835cfceb45	Remove unnecessary references	3 years ago
Rodolphe Bréard	32830cbd04	Add support for Ed25519 and Ed448 account keys and certificates Fixes #36	4 years ago
Rodolphe Breard	9e18254b73	Update the certificate's subject attributes	4 years ago
Rodolphe Breard	b75b8ba9f7	Prepare the code for an OpenSSL replacement The part of code that are specific to OpenSSL are now included only if the openssl feature is activated. The generic parts of code included in OpenSSL specific files has been moved out.	4 years ago
Rodolphe Breard	8477d927a1	Add support for NIST P-521 curve and ES512 signatures	4 years ago
Rodolphe Breard	1a1c1bed91	Allow to specify subject attributes for certificates	4 years ago
Rodolphe Breard	1267e09ecb	Dynamically retrieve the OpenSSL version	4 years ago
Rodolphe Breard	45ca322ea6	Add the HS256, HS384 and HS512 signature algorithms	4 years ago
Rodolphe Breard	30517d8b54	Add the HMAC computation in the HashFunction API	4 years ago
Rodolphe Breard	4eb0423da3	Reformat log messages	4 years ago
Rodolphe Breard	220f580d90	Use libc::time_t instead of i64 The use of i64 causes troubles in architectures that doesn't defines time_t as an i64. Fixes #37	5 years ago
Rodolphe Breard	51cfd49f08	Refactor the account management Until now, the account management was archaic and it was impossible to improve it without this heavy refactoring. Accounts are now disjoint from both certificates and endpoints. They have their own hooks and their own environment variables. They are stored in a binary file instead of the PEM exports of the private and public keys. This refactoring will allow account management to evolve into something more serious, with real key rollover, contact information update and so on.	5 years ago
Rodolphe Breard	bea33179d7	Allow to specify the CSR's digest algorithm	5 years ago
Rodolphe Breard	c5f1e90276	Add the `--crt-digest` option in tacd	5 years ago
Rodolphe Breard	f640688a3b	Refactor the hash function interface	5 years ago
Rodolphe Breard	b08da88bcf	Fix the conditional compilation	5 years ago
Rodolphe Breard	602d8c6cf6	Add the `--crt-signature-alg` option in tacd	5 years ago
Rodolphe Breard	4614d6c407	Add partial EdDSA support Currently, OpenSSL does not have the required `EVP_PKEY_get1_ED(25519\|448)` functions, hence EdDSA has been partially implemented and disabled. Once OpenSSL 3.0.0 is out and the `openssl` crates implements the bindings to those functions, full EdDSA implementation could be done and activated. Conditional compilation has been implemented using `rustc-cfg` instructions rather than features so it can be activated from the build script depending on whether or not the cryptographic library supports Ed25519 and Ed448. `7c664b1f1b`	5 years ago
Rodolphe Breard	25450aebbf	Implement IP identifiers RFC 8738: https://tools.ietf.org/html/rfc8738	5 years ago
Rodolphe Breard	387adc7c4f	Remove the useless calls to `map_err`	5 years ago
Rodolphe Breard	582593de29	Allow to specify the account key type and signature alg in the config	5 years ago
Rodolphe Breard	1350257300	Put Ed25519 support in a feature	5 years ago
Rodolphe Breard	636fbf9cf6	Refactor the JWS signature algorithm management Being tied with the key type, the signature algorithm should therefore be at the same place than the key type, hence `acme_common::crypto`. This reorganization will allow to specify the account key type as well as the signature algorithm in the configuration.	5 years ago
Rodolphe Breard	d7dbd58823	Move the hashing operation inside the signing function This hashing operation is part of the signing process itself and should therefore not be exposed outside of the signing function.	5 years ago
Rodolphe Breard	eabcddb0af	Add support for RSA 2048 account keys	5 years ago
Rodolphe Breard	1ab5b4012e	Use the correct algorithm and hash function for JWK signatures Since there is currently no possibility to chose a different account key type, the current implementation only supports the ES256 algorithm. With the upcoming support of different key types, it had to be changed. This commit add support for ES384 although there is no configuration option that can activate the actual use of it through account keys using the NIST P-384 curve.	5 years ago
Rodolphe Breard	501b1aa9d8	Replace `reqwest` by `attohttpc` `reqwest` is a very good crate, however ACMEd does not require most of its functionalities. For this job, `attohttpc` is also great and comes with much less dependencies. rel #1	5 years ago
Rodolphe Breard	a4e0ccfa51	Correctly handle certificate expiration on openssl The `openssl` crate now include methods to manipulate Asn1Time objects. Before this improvement, the certificate had to be parsed from the DER format using the `x509-parser` crate (which is therefore no longer required). https://github.com/sfackler/rust-openssl/pull/1173 https://github.com/sfackler/rust-openssl/issues/687	5 years ago
Rodolphe Breard	39df1601d8	Format code	5 years ago
Rodolphe Breard	996ea85be4	Format code	5 years ago
Rodolphe Breard	b16b2e6b09	Remove the explicit dependency on the time crate	5 years ago
Jakub Pastuszek	155feb345c	always use NAMED_CURVE format for EC key storage; fixes #9	5 years ago
Rodolphe Breard	f1f95c4d99	Display a more precise error message for unknown EC keys	5 years ago
Rodolphe Breard	55f4d3416b	Refactor the JWK implementation	6 years ago
Rodolphe Breard	4ea49512d6	Remove the standalone feature As discussed in #2, ring is not mature enough to replace OpenSSL. Hence, the standalone mode which has been made to implement such a replacement has to be removed until ring becomes usable.	6 years ago
Rodolphe Breard	84102922fa	Move KeyType to a dedicated module	6 years ago
Rodolphe Breard	70df290306	Rewrite the crypto keys abstraction Until now, the crypto key abstraction used two different type: PublicKey and PrivateKey. Unfortunately, it does not work with ring and should therefore be rewrote with a single type: KeyPair.	6 years ago
Rodolphe Breard	94f46d3776	Remove the bad OpenSSL ASN.1 time parsing	6 years ago
Rodolphe Breard	147370caa2	Add the standalone hash implementation	6 years ago
Rodolphe Breard	ea1183c18c	Create an abstraction around the hash functions rel #2	6 years ago
Rodolphe Breard	e42d242868	Remove useless closures	6 years ago
Rodolphe Breard	ff1b6d1aa7	Create an abstraction around the certificate As for public and private keys, the certificate should also be abstracted. rel #2	6 years ago
Rodolphe Breard	63e35712fe	Create an abstraction around public and private keys Since it is planned to add a "standalone" feature that will replace OpenSSL by crates not linking to any external library, it is required to abstract all the OpenSSL specific types. This is a huge work and therefore is divided in several steps. This first one is dedicated to public and private keys. rel #2	6 years ago

1 2

51 Commits (2d9fdb0ce375abdded5177511f1d580c6e06705d)