Rodolphe Breard
b08da88bcf
Fix the conditional compilation
4 years ago
Rodolphe Breard
602d8c6cf6
Add the `--crt-signature-alg` option in tacd
4 years ago
Rodolphe Breard
4614d6c407
Add partial EdDSA support
Currently, OpenSSL does not have the required
`EVP_PKEY_get1_ED(25519|448)` functions, hence EdDSA has been partially
implemented and disabled. Once OpenSSL 3.0.0 is out and the `openssl`
crates implements the bindings to those functions, full EdDSA
implementation could be done and activated.
Conditional compilation has been implemented using `rustc-cfg`
instructions rather than features so it can be activated from the build
script depending on whether or not the cryptographic library supports
Ed25519 and Ed448.
7c664b1f1b
4 years ago
Rodolphe Breard
a0f4928a73
Move the account key type and signing algorithm
Those options are tied with the account and should therefore be defined
in the associated section, not in the endpoint section.
4 years ago
Rodolphe Breard
9f6f10c67a
Fix the case
4 years ago
Rodolphe Breard
87f97ec334
Improve configuration error messages
Rel #24
4 years ago
Rodolphe Breard
566d09a618
Warn on empty inclusion patterns
4 years ago
Rodolphe Breard
573442dbd2
Improve the logging of the renewal decision
4 years ago
Rodolphe Breard
2f39e798d1
Add Unix style globing for config file inclusion
Close #6
4 years ago
Rodolphe Breard
25450aebbf
Implement IP identifiers
RFC 8738: https://tools.ietf.org/html/rfc8738
4 years ago
Rodolphe Breard
43c9eee202
Remove a few unwrap
4 years ago
Rodolphe Breard
62db048a46
Allow to define a custom delay for renewal
4 years ago
Rodolphe Breard
387adc7c4f
Remove the useless calls to `map_err`
4 years ago
Rodolphe Breard
1e70b48a7f
Update the Travis CI configuration
4 years ago
Rodolphe Breard
ea02e90292
Fix the JWS tests
4 years ago
Rodolphe Breard
582593de29
Allow to specify the account key type and signature alg in the config
4 years ago
Rodolphe Breard
1350257300
Put Ed25519 support in a feature
4 years ago
Rodolphe Breard
9df6170b76
Update the rustc badge
4 years ago
Rodolphe Breard
636fbf9cf6
Refactor the JWS signature algorithm management
Being tied with the key type, the signature algorithm should therefore
be at the same place than the key type, hence `acme_common::crypto`.
This reorganization will allow to specify the account key type as well
as the signature algorithm in the configuration.
4 years ago
Rodolphe Breard
d7dbd58823
Move the hashing operation inside the signing function
This hashing operation is part of the signing process itself and should
therefore not be exposed outside of the signing function.
4 years ago
Rodolphe Breard
2403633d07
Replace an incorrect term in the README by the correct one
4 years ago
Rodolphe Breard
eabcddb0af
Add support for RSA 2048 account keys
4 years ago
Rodolphe Breard
42cf2d792b
Update the README's FAQ
Closes #34 and closes #35
4 years ago
Rodolphe Breard
1ab5b4012e
Use the correct algorithm and hash function for JWK signatures
Since there is currently no possibility to chose a different account key
type, the current implementation only supports the ES256 algorithm. With
the upcoming support of different key types, it had to be changed. This
commit add support for ES384 although there is no configuration option
that can activate the actual use of it through account keys using the
NIST P-384 curve.
4 years ago
Rodolphe Breard
9246550551
Update the CONTRIBUTING.md file
rel #2 and #33
4 years ago
Rodolphe Breard
88f83bafe4
Prepare the Cargo.toml files for a different crypto library
4 years ago
Rodolphe Breard
a5b59e7ba1
Refactor the Makefile
The previous version of the Makefile used features which are specific to
GNU Make and therefore does not works on BSD systems. This new version,
which is much more simpler, works both on GNU Make and BSD Make (tested
on FreeBSD 12.1).
4 years ago
Rodolphe Breard
f2e23b20fd
ACMEd v0.9.0
4 years ago
Rodolphe Breard
c91cb82f07
Move the example service file into the contrib directory
4 years ago
Rodolphe Breard
d7693fc95f
Update the change log
4 years ago
Rodolphe Breard
3c21019cb5
Update the nix that dependabot forgot
4 years ago
Rodolphe Bréard
d75b332d0d
Merge pull request #32 from breard-r/dependabot/cargo/nix-0.18
Update nix requirement from 0.17 to 0.18
4 years ago
Rodolphe Bréard
62026d82e3
Merge pull request #31 from magiclen/master
Fix the conflicts_with setting of the `acme-ext-file` option
4 years ago
dependabot-preview[bot]
c8a2b3d37f
Update nix requirement from 0.17 to 0.18
Updates the requirements on [nix](https://github.com/nix-rust/nix ) to permit the latest version.
- [Release notes](https://github.com/nix-rust/nix/releases )
- [Changelog](https://github.com/nix-rust/nix/blob/master/CHANGELOG.md )
- [Commits](https://github.com/nix-rust/nix/compare/v0.17.0...v0.18.0 )
Signed-off-by: dependabot-preview[bot] <support@dependabot.com>
4 years ago
Magic Len
b25d01823a
Fix the conflicts_with setting of the `acme-ext-file` option
4 years ago
Rodolphe Breard
09d01eefb5
Remove openssl calls from the acmed crate
The TLS library is encapsulated by acme_common.
4 years ago
Rodolphe Breard
501b1aa9d8
Replace `reqwest` by `attohttpc`
`reqwest` is a very good crate, however ACMEd does not require most of
its functionalities. For this job, `attohttpc` is also great and comes
with much less dependencies.
rel #1
4 years ago
Rodolphe Breard
094a9cea4e
Update the CONTRIBUTING.md file
4 years ago
Rodolphe Breard
c8c4c7c919
Require Rust 1.40
The base64 does not compile on Rust 1.39 anymore.
https://travis-ci.org/github/breard-r/acmed/builds/700636061
4 years ago
Rodolphe Breard
22d5081a3b
Move the docker build script into a `contrib` directory
rel #23
4 years ago
Rodolphe Bréard
669f13dbce
Merge pull request #23 from dbrgn/docker-build
Add build-docker.sh script
4 years ago
Rodolphe Breard
1297c6547f
Update the acmed.toml man page
4 years ago
Rodolphe Breard
803ff6f16d
List new planned features in the README
4 years ago
Rodolphe Breard
d2b46b538a
Add the link to a relevant PR in the CONTRIBUTING.md file
4 years ago
Rodolphe Breard
ff1500d15d
Fix issue link
4 years ago
Rodolphe Breard
a4e0ccfa51
Correctly handle certificate expiration on openssl
The `openssl` crate now include methods to manipulate Asn1Time objects.
Before this improvement, the certificate had to be parsed from the DER
format using the `x509-parser` crate (which is therefore no longer
required).
https://github.com/sfackler/rust-openssl/pull/1173
https://github.com/sfackler/rust-openssl/issues/687
4 years ago
Rodolphe Breard
cb5309ca00
Update the contribution suggestions on dependencies
4 years ago
Rodolphe Breard
da12bf93ba
Add support for user and groups names
4 years ago
Rodolphe Breard
21a133a778
Fix the Travis-CI configuration
4 years ago
Rodolphe Breard
6a7c33d9cc
Improve the FAQ readability
4 years ago