This project provides binaries without any link to Rust or Cargo. It is
just normal binaries that appears to be written in Rust. Therefore, it
does not makes any sense to distribute them in a Rust-specific registry.
Furthermore, such publication would not include the man pages
installation may not respect some distribution-specific policies.
If several certificates uses the same account and this account doesn't
exists yet, they will both try to create it, resulting in a race
condition. This commit solves the problem by creating the account key
pair at startup. Account creation on the endpoint is not subject to a
race condition since the request does not differ from the one used to
retrieve the account id.
Fix#3
As discussed in #2, ring is not mature enough to replace OpenSSL. Hence,
the standalone mode which has been made to implement such a replacement
has to be removed until ring becomes usable.
Until now, the crypto key abstraction used two different type: PublicKey
and PrivateKey. Unfortunately, it does not work with ring and should
therefore be rewrote with a single type: KeyPair.
Because ring does not currently support RSA keys generation, the default
algo must be adapted depending on whether or not the standalone feature
is activated.
Since it is planned to add a "standalone" feature that will replace
OpenSSL by crates not linking to any external library, it is required to
abstract all the OpenSSL specific types. This is a huge work and
therefore is divided in several steps. This first one is dedicated to
public and private keys.
rel #2
Sometimes, grep is used to find the TODO comments. Without the proper
explanation, it is hard to know what it refers to (-C / --context may
produce a too large output).
There is use-cases where a command's standard input should be filled
with a file's content. In order to stay consistent with the names of the
other fields, `stdin` is now the field which accepts such a path.
`stdin_str` has been created in order to also support the use of a raw
string.
Cleaning hooks after the certificate has been retrieved is a mistake
since a failure somewhere in the process will prevent all called hook to
be cleaned. With the current implementation, only the currently failed
hook is left without being cleaned.
Sometimes, you want hooks to use different parameters depending on the
certificate. In order to achieve this, it is now now possible to
configure environment variables at certificate scope.
Thanks to this, the default hooks have been rewrote in order to use
cover more use cases.