acmed

Commit Graph

Author	SHA1	Message	Date
Rodolphe Breard	f44d95e7b1	Remove the -D option from install In the Makefile, `make install` is used to create missing directories and install files into them. Until now, the -D option was used for this job. However, FreeBSD as an implementation of the install command that differs about this option. In order to remain compatible with FreeBSD, the -D option has been removed and replace by prior directory creation using the -d option, which is common to (most?) implementations. https://www.freebsd.org/cgi/man.cgi?query=install https://man.openbsd.org/install https://linux.die.net/man/1/install	4 years ago
Rodolphe Breard	b340ac778d	Make the account hooks optional	4 years ago
Rodolphe Breard	dc0603b9e7	Update the Travis CI configuration The `dist: xenial` has been added because, at the time, build was done using an old version of Ubuntu including an unsupported version of OpenSSL. Now that Xenial is the default build version, this option should be removed. See commit `261e0e50fd`	4 years ago
Rodolphe Breard	220f580d90	Use libc::time_t instead of i64 The use of i64 causes troubles in architectures that doesn't defines time_t as an i64. Fixes #37	4 years ago
Rodolphe Breard	04841e1773	Fix the account key rollover	4 years ago
Rodolphe Breard	8b2a32d671	Re-create accounts dropped by the endpoint The previous commit added a small regression: if an account has been dropped by the endpoint, it was not re-created. This commit fixes this.	4 years ago
Rodolphe Breard	9b12e88ae1	Allow accounts to be updated The previous strategy for accounts management on endpoints was to send an account creation request every time in order to retrieve the account URL. Although it works on most cases, the contact information or key update wasn't handled correctly. The only drawback of this new way of managing accounts is that, if the endpoints drops the account, ACMEd will fail to renew any certificate for this account on this endpoint. Previously, it would have simply created a new account. This should be fixed soon.	4 years ago
Rodolphe Breard	a9603528f4	Add questions about parallelization in the FAQ	4 years ago
Rodolphe Breard	51cfd49f08	Refactor the account management Until now, the account management was archaic and it was impossible to improve it without this heavy refactoring. Accounts are now disjoint from both certificates and endpoints. They have their own hooks and their own environment variables. They are stored in a binary file instead of the PEM exports of the private and public keys. This refactoring will allow account management to evolve into something more serious, with real key rollover, contact information update and so on.	4 years ago
Rodolphe Breard	32c1e986af	Fix invalid link in the CONTRIBUTING file	4 years ago
Rodolphe Breard	04a95dad26	Update the CONTRIBUTING file	4 years ago
Rodolphe Breard	69739d4703	Create a dedicated FileManager struct The certificate struct was bloated with file management data which therefore required the certificate to be passed in every storage function. In order to clean this, a new FileManager struct has been created.	4 years ago
Rodolphe Breard	3b7f41a7e8	Update the README	4 years ago
Rodolphe Breard	f126ee22d0	ACMEd v0.10.0	4 years ago
Rodolphe Breard	64e7d80f7c	Improve the CHANGELOG	4 years ago
Rodolphe Breard	a1ff1f6181	Raise a descriptive error for invalid identifier specifications An identifier must have one and only one type field (`dns` or `ip`). Rel #24	4 years ago
Rodolphe Breard	53d55af96e	Improve the FAQ	4 years ago
Rodolphe Breard	96cc42375e	Improve the FAQ	4 years ago
Rodolphe Breard	52fe2c60ba	Refactor the certificate key type management The previous system used a duplicated enum (`acmed::certificate::Algorithm`) and an imprecise identifier name (algorithm) for both the certificate configuration and post operation hook variable. The first one has been replaced by the `acme_common::crypto::KeyType` enum and the second renames `key_type`.	4 years ago
Rodolphe Breard	bea33179d7	Allow to specify the CSR's digest algorithm	4 years ago
Rodolphe Breard	e17e6d1174	Add the PID file name in the error message Rel #24	4 years ago
Rodolphe Breard	3ee3419676	Add missing commas	4 years ago
Rodolphe Breard	7292cc68ca	Fix the certificate generation tests	4 years ago
Rodolphe Breard	c5f1e90276	Add the `--crt-digest` option in tacd	4 years ago
Rodolphe Breard	f640688a3b	Refactor the hash function interface	4 years ago
Rodolphe Breard	c7263703d1	Improve the CLI Some default values were missing. Some descriptions has been rephrased.	4 years ago
Rodolphe Breard	b08da88bcf	Fix the conditional compilation	4 years ago
Rodolphe Breard	602d8c6cf6	Add the `--crt-signature-alg` option in tacd	4 years ago
Rodolphe Breard	4614d6c407	Add partial EdDSA support Currently, OpenSSL does not have the required `EVP_PKEY_get1_ED(25519\|448)` functions, hence EdDSA has been partially implemented and disabled. Once OpenSSL 3.0.0 is out and the `openssl` crates implements the bindings to those functions, full EdDSA implementation could be done and activated. Conditional compilation has been implemented using `rustc-cfg` instructions rather than features so it can be activated from the build script depending on whether or not the cryptographic library supports Ed25519 and Ed448. `7c664b1f1b`	4 years ago
Rodolphe Breard	a0f4928a73	Move the account key type and signing algorithm Those options are tied with the account and should therefore be defined in the associated section, not in the endpoint section.	4 years ago
Rodolphe Breard	9f6f10c67a	Fix the case	4 years ago
Rodolphe Breard	87f97ec334	Improve configuration error messages Rel #24	4 years ago
Rodolphe Breard	566d09a618	Warn on empty inclusion patterns	4 years ago
Rodolphe Breard	573442dbd2	Improve the logging of the renewal decision	4 years ago
Rodolphe Breard	2f39e798d1	Add Unix style globing for config file inclusion Close #6	4 years ago
Rodolphe Breard	25450aebbf	Implement IP identifiers RFC 8738: https://tools.ietf.org/html/rfc8738	4 years ago
Rodolphe Breard	43c9eee202	Remove a few unwrap	4 years ago
Rodolphe Breard	62db048a46	Allow to define a custom delay for renewal	4 years ago
Rodolphe Breard	387adc7c4f	Remove the useless calls to `map_err`	4 years ago
Rodolphe Breard	1e70b48a7f	Update the Travis CI configuration	4 years ago
Rodolphe Breard	ea02e90292	Fix the JWS tests	4 years ago
Rodolphe Breard	582593de29	Allow to specify the account key type and signature alg in the config	4 years ago
Rodolphe Breard	1350257300	Put Ed25519 support in a feature	4 years ago
Rodolphe Breard	9df6170b76	Update the rustc badge	4 years ago
Rodolphe Breard	636fbf9cf6	Refactor the JWS signature algorithm management Being tied with the key type, the signature algorithm should therefore be at the same place than the key type, hence `acme_common::crypto`. This reorganization will allow to specify the account key type as well as the signature algorithm in the configuration.	4 years ago
Rodolphe Breard	d7dbd58823	Move the hashing operation inside the signing function This hashing operation is part of the signing process itself and should therefore not be exposed outside of the signing function.	4 years ago
Rodolphe Breard	2403633d07	Replace an incorrect term in the README by the correct one	4 years ago
Rodolphe Breard	eabcddb0af	Add support for RSA 2048 account keys	4 years ago
Rodolphe Breard	42cf2d792b	Update the README's FAQ Closes #34 and closes #35	4 years ago
Rodolphe Breard	1ab5b4012e	Use the correct algorithm and hash function for JWK signatures Since there is currently no possibility to chose a different account key type, the current implementation only supports the ES256 algorithm. With the upcoming support of different key types, it had to be changed. This commit add support for ES384 although there is no configuration option that can activate the actual use of it through account keys using the NIST P-384 curve.	4 years ago

1 2 3 4 5 ...

284 Commits (f44d95e7b1637b4a20581de35cb52c35d955bac4) All Branches Search

284 Commits (f44d95e7b1637b4a20581de35cb52c35d955bac4)

All Branches