Tree: ffa4485c27

dependabot/add-v2-config-file

dependabot/cargo/anyhow-1.0.81

dependabot/cargo/async-process-2.1.0

dependabot/cargo/clap-4.5.3

dependabot/cargo/log-0.4.21

dependabot/cargo/nix-0.28.0

dependabot/cargo/openssl-0.10.64

dependabot/cargo/reqwest-0.11.27

dependabot/cargo/serde-1.0.197

dependabot/cargo/serde_json-1.0.114

dependabot/cargo/thiserror-1.0.58

main

v0.1.0

v0.10.0

v0.11.0

v0.12.0

v0.13.0

v0.14.0

v0.15.0

v0.16.0

v0.17.0

v0.18.0

v0.19.0

v0.2.0

v0.2.1

v0.20.0

v0.21.0

v0.22.0

v0.22.1

v0.22.2

v0.23.0

v0.3.0

v0.4.0

v0.5.0

v0.6.0

v0.6.1

v0.7.0

v0.8.0

v0.9.0

Branches Tags

${ item.name }

Create tag ${ searchTerm }

Create branch ${ searchTerm }

from 'ffa4485c27'

${ noResults }

Commit Graph

76 Commits (ffa4485c276d1a6bf0ae0c95643a10642a3b1c9b)

Author	SHA1	Message	Date
Rodolphe Breard	ffa4485c27	Updating nom to the latest stable version	5 years ago
Rodolphe Breard	d186f5c10a	Define the default algo in acme_common Because ring does not currently support RSA keys generation, the default algo must be adapted depending on whether or not the standalone feature is activated.	6 years ago
Rodolphe Breard	11771469d1	Fix the CSR	6 years ago
Rodolphe Breard	51c8d6a0b7	Prepare the build tools for the standalone feature	6 years ago
Rodolphe Breard	ea1183c18c	Create an abstraction around the hash functions rel #2	6 years ago
Rodolphe Breard	ff1b6d1aa7	Create an abstraction around the certificate As for public and private keys, the certificate should also be abstracted. rel #2	6 years ago
Rodolphe Breard	63e35712fe	Create an abstraction around public and private keys Since it is planned to add a "standalone" feature that will replace OpenSSL by crates not linking to any external library, it is required to abstract all the OpenSSL specific types. This is a huge work and therefore is divided in several steps. This first one is dedicated to public and private keys. rel #2	6 years ago
Rodolphe Breard	f2be8baebe	ACMEd 0.6.0	6 years ago
Rodolphe Breard	78738c16a6	Update dependencies	6 years ago
Rodolphe Breard	1e6aba52dc	Add rate limits for HTTPS requests	6 years ago
Rodolphe Breard	dfed0d9c0b	Remove some useless stuff from the default config file	6 years ago
Rodolphe Breard	1cffa14c20	Renew certificates in parallel	6 years ago
Rodolphe Breard	08c9410028	Improve the logging format In order to renew different certificate at the same time, log messages must display which certificate they are referring to.	6 years ago
Rodolphe Breard	cd5f8d9e0d	Improve some comments Sometimes, grep is used to find the TODO comments. Without the proper explanation, it is hard to know what it refers to (-C / --context may produce a too large output).	6 years ago
Rodolphe Breard	4303ed61d7	Allow to give a file path in a hook's stdin There is use-cases where a command's standard input should be filled with a file's content. In order to stay consistent with the names of the other fields, `stdin` is now the field which accepts such a path. `stdin_str` has been created in order to also support the use of a raw string.	6 years ago
Rodolphe Breard	89660b6cd2	Improve the --version option	6 years ago
Rodolphe Breard	75f79bcef5	Clean the hooks right after the current challenge has been validated Cleaning hooks after the certificate has been retrieved is a mistake since a failure somewhere in the process will prevent all called hook to be cleaned. With the current implementation, only the currently failed hook is left without being cleaned.	6 years ago
Rodolphe Breard	b31a689b26	Fix the http-01-echo default hook	6 years ago
Rodolphe Breard	9c497994d8	Add an option to stop or continue after a failed hook	6 years ago
Rodolphe Breard	6177fffb7e	ACMEd 0.5.0	6 years ago
Rodolphe Breard	c06cb6aad7	Add env variable definition in the global section	6 years ago
Rodolphe Breard	d24c78ee17	Allow to configure per-domain environment variables	6 years ago
Rodolphe Breard	626921271b	Fix the tls-alpn-01-tacd-unix hook name	6 years ago
Rodolphe Breard	8d9ef17e1c	Allow to configure environment variables for a given certificate Sometimes, you want hooks to use different parameters depending on the certificate. In order to achieve this, it is now now possible to configure environment variables at certificate scope. Thanks to this, the default hooks have been rewrote in order to use cover more use cases.	6 years ago
Rodolphe Breard	03850d20e6	Add environment variables to hook templates	6 years ago
Rodolphe Breard	b7c3e4d381	Add default hooks	6 years ago
Rodolphe Breard	7eed211434	Allow the config file to include other files	6 years ago
Rodolphe Breard	2eff6cd799	Display a warning when fetching order or an authorization Orders and authorization can both contain an error which can, for example, help an user to fix a broken hook. It is therefore very useful to display it. Plus, when pooling one of those objects, having an error does not mean we should stop pooling since the error may be temporary.	6 years ago
Rodolphe Breard	d1d393f7a6	ACMEd 0.4.0	6 years ago
Rodolphe Breard	cd391ffdaf	Fix the OpenSSL time parsing ACMEd was not able to parse some possible time representation, which could cause a certificate not being renewed at all. This commit support all current known outputs. https://github.com/openssl/openssl/blob/master/crypto/asn1/a_time.c	6 years ago
Rodolphe Breard	d0783970c8	Renew a certificate that does not include all domains At some point, someone may add new domains to an existing certificate. In such case, this certificate should be renewed as soon as possible instead of upon expiration.	6 years ago
Rodolphe Breard	a59a909cc6	Format code	6 years ago
Rodolphe Breard	a0e3c80e51	Add the is_clean_hook variable to challenge hooks	6 years ago
Rodolphe Breard	2d5e3969e1	Add the is_success variable to post-operation hooks	6 years ago
Rodolphe Breard	5e252d8b17	Forbid unknown configuration fields If a configuration field has a typo in its name, the configuration should show an error message instead of silently ignoring this field, which could create unwanted behavior.	6 years ago
Rodolphe Breard	548f96e18c	Remove the undocumented ChallengeHookData::algorithm field	6 years ago
Rodolphe Breard	04fe98be75	Fix the example config file	6 years ago
Rodolphe Breard	163bb86d5d	Remove the now unused challenge field in the example config file	6 years ago
Rodolphe Breard	0e15cc69e4	Fix the syntax error in the example configuration file	6 years ago
Rodolphe Breard	80e91cecd1	v0.3.0	6 years ago
Rodolphe Breard	644484cb31	Change the hook and domains definitions The previous system was too limited when it comes to flexibility using hooks. This limitation came from the false idea that, for a given certificate, all challenges must be validated with the same method. In order to prove that false, domains in a certificate can now make use of any challenge type available. In order to be more flexible, hooks are now given a type and are defined in the same registry (instead of 6). Each one will be called when considered relevant based on its type.	6 years ago
Rodolphe Breard	447d1f848f	Add an option to specify new trusted root certificates Sometimes, it is not possible to use certificates signed by a known certificate authority. Hence, in order to prevent a TLS error, it is required to explicitly add a new trusted root certificate. This is the case with Pebble, which provides the certificate. https://github.com/letsencrypt/pebble#avoiding-client-https-errors	6 years ago
Rodolphe Breard	b8aa782dd2	Use the native openssl methods for SAN construction The openssl crate does support having multiple DNS entries in the SAN extension, there is no need to re-implement it.	6 years ago
Rodolphe Breard	eb7bc09134	Move the logs to the acme_common lib	6 years ago
Rodolphe Breard	d549c3db5a	Move the daemonize role to acme_common	6 years ago
Rodolphe Breard	a0d8944682	Move common items to a dedicated lib In a near future, ACMEd will be composed of several binaries which will use some common functions and structures.	6 years ago
Rodolphe Breard	406bcd94d5	Update the README path	6 years ago
Rodolphe Breard	0a7deb4cdc	Add tls-alpn-01 challenge support Although the standardization is still a draft, this challenge is already supported by Let's Encrypt. https://datatracker.ietf.org/doc/draft-ietf-acme-tls-alpn/	6 years ago
Rodolphe Breard	84d2c94bad	Use the base64-encoded account name for file names The account public and private keys are stored in files with names derives from the account name itself. Because the account name may contain characters incompatible with a file name, it needs to be sanitized. Additionally, the account files does not need to be publicly accessed, therefore their name should only be deterministic. This last property allows to use a simple solution for sanitation: encode the name in base64. This way, it is deterministic, unique for each account and only contains safe characters. Note the base64 variant used is, as for the ACME protocol, the one with the URL and filename safe alphabet https://tools.ietf.org/html/rfc4648#section-5	6 years ago
Rodolphe Breard	2c7b716584	Retry request rejected with a recoverable error Some errors, like the badNonce one, are recoverable. Hence, the client is expected to retry. ACMEd will now re-send the associated request until it succeed or the max retries number is reached. Each retry is preceded by a small waiting time in order to let the server recover in case it was faulty.	6 years ago