Commit Graph

  • 602d8c6cf6 Add the `--crt-signature-alg` option in tacd Rodolphe Breard 2020-08-26 14:12:04 +0200
  • 4614d6c407 Add partial EdDSA support Currently, OpenSSL does not have the required `EVP_PKEY_get1_ED(25519|448)` functions, hence EdDSA has been partially implemented and disabled. Once OpenSSL 3.0.0 is out and the `openssl` crates implements the bindings to those functions, full EdDSA implementation could be done and activated. Conditional compilation has been implemented using `rustc-cfg` instructions rather than features so it can be activated from the build script depending on whether or not the cryptographic library supports Ed25519 and Ed448. 7c664b1f1b Rodolphe Breard 2020-08-26 12:42:47 +0200
  • a0f4928a73 Move the account key type and signing algorithm Those options are tied with the account and should therefore be defined in the associated section, not in the endpoint section. Rodolphe Breard 2020-08-25 22:48:56 +0200
  • 9f6f10c67a Fix the case Rodolphe Breard 2020-08-25 21:50:28 +0200
  • 87f97ec334 Improve configuration error messages Rel #24 Rodolphe Breard 2020-08-25 21:34:55 +0200
  • 566d09a618 Warn on empty inclusion patterns Rodolphe Breard 2020-08-25 20:27:17 +0200
  • 573442dbd2 Improve the logging of the renewal decision Rodolphe Breard 2020-08-25 20:08:58 +0200
  • 2f39e798d1 Add Unix style globing for config file inclusion Close #6 Rodolphe Breard 2020-08-25 19:58:30 +0200
  • 25450aebbf Implement IP identifiers RFC 8738: https://tools.ietf.org/html/rfc8738 Rodolphe Breard 2020-08-25 18:52:30 +0200
  • 43c9eee202 Remove a few unwrap Rodolphe Breard 2020-08-24 16:25:22 +0200
  • 62db048a46 Allow to define a custom delay for renewal Rodolphe Breard 2020-08-24 15:37:59 +0200
  • 387adc7c4f Remove the useless calls to `map_err` Rodolphe Breard 2020-08-24 12:09:20 +0200
  • 1e70b48a7f Update the Travis CI configuration Rodolphe Breard 2020-08-24 10:37:10 +0200
  • ea02e90292 Fix the JWS tests Rodolphe Breard 2020-08-24 10:30:09 +0200
  • 582593de29 Allow to specify the account key type and signature alg in the config Rodolphe Breard 2020-08-23 20:23:19 +0200
  • 1350257300 Put Ed25519 support in a feature Rodolphe Breard 2020-08-23 10:17:29 +0200
  • 9df6170b76 Update the rustc badge Rodolphe Breard 2020-08-23 10:06:18 +0200
  • 636fbf9cf6 Refactor the JWS signature algorithm management Being tied with the key type, the signature algorithm should therefore be at the same place than the key type, hence `acme_common::crypto`. This reorganization will allow to specify the account key type as well as the signature algorithm in the configuration. Rodolphe Breard 2020-08-22 19:27:59 +0200
  • d7dbd58823 Move the hashing operation inside the signing function This hashing operation is part of the signing process itself and should therefore not be exposed outside of the signing function. Rodolphe Breard 2020-08-22 11:27:44 +0200
  • 2403633d07 Replace an incorrect term in the README by the correct one Rodolphe Breard 2020-08-22 10:48:46 +0200
  • eabcddb0af Add support for RSA 2048 account keys Rodolphe Breard 2020-08-21 18:20:07 +0200
  • 42cf2d792b Update the README's FAQ Closes #34 and closes #35 Rodolphe Breard 2020-08-20 17:43:54 +0200
  • 0d2baad941
    doc: Improvements to the RSA-2048 section #35 Brennan Kinney 2020-08-18 22:17:45 +1200
  • 1ab5b4012e Use the correct algorithm and hash function for JWK signatures Since there is currently no possibility to chose a different account key type, the current implementation only supports the ES256 algorithm. With the upcoming support of different key types, it had to be changed. This commit add support for ES384 although there is no configuration option that can activate the actual use of it through account keys using the NIST P-384 curve. Rodolphe Breard 2020-08-17 18:09:36 +0200
  • 9246550551 Update the CONTRIBUTING.md file Rodolphe Breard 2020-08-17 16:58:00 +0200
  • 88f83bafe4 Prepare the Cargo.toml files for a different crypto library Rodolphe Breard 2020-08-15 21:00:55 +0200
  • a5b59e7ba1 Refactor the Makefile The previous version of the Makefile used features which are specific to GNU Make and therefore does not works on BSD systems. This new version, which is much more simpler, works both on GNU Make and BSD Make (tested on FreeBSD 12.1). Rodolphe Breard 2020-08-02 13:14:24 +0200
  • f2e23b20fd ACMEd v0.9.0 v0.9.0 Rodolphe Breard 2020-08-01 17:49:45 +0200
  • c91cb82f07 Move the example service file into the contrib directory Rodolphe Breard 2020-08-01 17:44:32 +0200
  • d7693fc95f Update the change log Rodolphe Breard 2020-08-01 17:31:57 +0200
  • 3c21019cb5 Update the nix that dependabot forgot Rodolphe Breard 2020-07-27 21:05:29 +0200
  • d75b332d0d
    Merge pull request #32 from breard-r/dependabot/cargo/nix-0.18 Rodolphe Bréard 2020-07-27 20:42:24 +0200
  • 62026d82e3
    Merge pull request #31 from magiclen/master Rodolphe Bréard 2020-07-27 20:39:19 +0200
  • c8a2b3d37f
    Update nix requirement from 0.17 to 0.18 #32 dependabot-preview[bot] 2020-07-27 04:30:51 +0000
  • b25d01823a Fix the conflicts_with setting of the `acme-ext-file` option #31 Magic Len 2020-07-27 07:36:47 +0800
  • 09d01eefb5 Remove openssl calls from the acmed crate The TLS library is encapsulated by acme_common. Rodolphe Breard 2020-06-29 20:29:34 +0200
  • 501b1aa9d8 Replace `reqwest` by `attohttpc` Rodolphe Breard 2020-06-29 20:00:49 +0200
  • 094a9cea4e Update the CONTRIBUTING.md file Rodolphe Breard 2020-06-28 11:52:54 +0200
  • c8c4c7c919 Require Rust 1.40 The base64 does not compile on Rust 1.39 anymore. https://travis-ci.org/github/breard-r/acmed/builds/700636061 Rodolphe Breard 2020-06-21 21:15:28 +0200
  • 22d5081a3b Move the docker build script into a `contrib` directory rel #23 Rodolphe Breard 2020-06-21 20:32:32 +0200
  • 669f13dbce
    Merge pull request #23 from dbrgn/docker-build Rodolphe Bréard 2020-06-21 20:29:53 +0200
  • 1297c6547f Update the acmed.toml man page Rodolphe Breard 2020-06-12 18:02:48 +0200
  • 803ff6f16d List new planned features in the README Rodolphe Breard 2020-06-12 17:48:27 +0200
  • d2b46b538a Add the link to a relevant PR in the CONTRIBUTING.md file Rodolphe Breard 2020-06-12 17:47:47 +0200
  • ff1500d15d Fix issue link Rodolphe Breard 2020-06-12 12:28:32 +0200
  • a4e0ccfa51 Correctly handle certificate expiration on openssl The `openssl` crate now include methods to manipulate Asn1Time objects. Before this improvement, the certificate had to be parsed from the DER format using the `x509-parser` crate (which is therefore no longer required). https://github.com/sfackler/rust-openssl/pull/1173 https://github.com/sfackler/rust-openssl/issues/687 Rodolphe Breard 2020-06-12 12:24:55 +0200
  • cb5309ca00 Update the contribution suggestions on dependencies Rodolphe Breard 2020-06-12 11:42:16 +0200
  • da12bf93ba Add support for user and groups names Rodolphe Breard 2020-06-12 11:27:31 +0200
  • 21a133a778 Fix the Travis-CI configuration Rodolphe Breard 2020-06-12 11:16:53 +0200
  • 6a7c33d9cc Improve the FAQ readability Rodolphe Breard 2020-06-12 10:57:54 +0200
  • 942d0a9ba7 ACMEd v0.8.0 v0.8.0 Rodolphe Breard 2020-06-12 10:03:52 +0200
  • 5a06631e05 Cleanup the code Rodolphe Breard 2020-06-12 00:07:42 +0200
  • 41f2bda7d3 Format the code correctly Rodolphe Breard 2020-06-11 23:49:38 +0200
  • c498cadb14 Add threads based on endpoints Each endpoint can safely renew its certificates at the same time as other endpoints. Hence, this operation is now done within a new thread for each endpoint. Rodolphe Breard 2020-06-11 23:48:47 +0200
  • ef74e6c542 Update the README Rodolphe Breard 2020-06-11 22:40:27 +0200
  • 3c3dbc3c6c Update the minimal Rust version ACMEd can no longer compile on Rust 1.28 and lower because of the `ucd-trie` dependency. Rodolphe Breard 2020-06-11 21:37:00 +0200
  • 2222b99226 Bring the rate limit back Rodolphe Breard 2020-06-11 20:30:51 +0200
  • d80ad4af9d Merge branch 'master' of github.com:breard-r/acmed Rodolphe Breard 2020-06-11 19:07:08 +0200
  • 26ce6fdf40 Refactor the HTTP back-end Rodolphe Breard 2020-06-11 19:05:34 +0200
  • 7ed6be48db Update the x509-parser dependency Rodolphe Breard 2020-06-10 16:43:09 +0200
  • bfac454b92 Update the syslog dependency Rodolphe Breard 2020-06-10 16:39:43 +0200
  • b288f2b32c Add an independent endpoint structure Having the data relative to the endpoint in the certificate structure makes no sense. There is no way to share it across certificates which is sometimes needed. Also, having the other part of the endpoint data (mostly nonce and rate limit) in different places makes it difficult to maintain. Hence, the endpoint structure has been created. For now it is quite simple and does not handle every aspects of the endpoint, but this will be implemented in the future. Rodolphe Breard 2020-05-31 14:00:26 +0200
  • 5a3d249c44
    Merge pull request #27 from dbrgn/log-domains Rodolphe Bréard 2020-05-31 11:54:12 +0200
  • 49eccdcf82
    Merge pull request #30 from dbrgn/systemd Rodolphe Bréard 2020-05-31 11:46:07 +0200
  • c09a860590
    Merge pull request #28 from dbrgn/doc-cert-identification Rodolphe Bréard 2020-05-31 11:41:58 +0200
  • 52973b4b9e Remove the PID file after exit Fix #25 Rodolphe Breard 2020-05-29 13:12:30 +0200
  • 70db8e6dd9 Prevent unnecessary creation of a PID file When running in foreground, a PID file should be created only if the `--pid-file` option is specified. Rel #25 Rodolphe Breard 2020-05-29 13:00:20 +0200
  • eccac72460 Fix the default PID file name Rodolphe Breard 2020-05-29 12:48:29 +0200
  • 3603979ad2
    Merge pull request #26 from dbrgn/manpage-fixes Rodolphe Bréard 2020-05-29 12:25:15 +0200
  • fad514c1ee Add example systemd service file #30 Danilo Bargen 2020-05-29 03:08:48 +0200
  • 70d013254f Document how certificates are identified #28 Danilo Bargen 2020-05-29 01:38:56 +0200
  • 3e49c938ea Remove trailing period from logs #27 Danilo Bargen 2020-05-29 01:29:09 +0200
  • 972dd4d4be Log certificate domains before and after renewal Danilo Bargen 2020-05-29 01:14:10 +0200
  • bd3b7cc086 acmed.toml(5): Grammar fixes #26 Danilo Bargen 2020-05-29 01:02:19 +0200
  • 78683c5932 acmed.toml(5): Fix config key: hook_type -> type Danilo Bargen 2020-05-29 01:02:02 +0200
  • 9d36340374 Add build-docker.sh script #23 Danilo Bargen 2020-05-28 22:55:20 +0200
  • 2cec2e1594
    Update the travis-ci configuration Rodolphe Bréard 2020-05-12 11:12:37 +0200
  • 43127c8f80
    Update the Alpine Linux build instructions Rodolphe Bréard 2020-05-12 11:11:26 +0200
  • 51fabb38ea Remove threads Rodolphe Breard 2020-04-23 10:33:26 +0200
  • 2427d8eba4
    Merge pull request #22 from YanTHIERY/alpine Rodolphe Bréard 2020-04-16 18:55:41 +0200
  • 4b51b40a44 `Make install` now work with the busybox toolchain. #22 rollniak 2020-04-16 18:24:37 +0200
  • 6018e5da61 Add Alpine Linux instructions in the README Rodolphe Breard 2020-04-16 16:33:31 +0200
  • ebb5979f12 Add documentation about the system user Rodolphe Breard 2020-03-16 17:44:20 +0100
  • 8be37b7fc6 ACMEd v0.7.0 v0.7.0 Rodolphe Breard 2020-03-12 20:19:12 +0100
  • ffe1413113
    Update http_req requirement from 0.5 to 0.6 #19 dependabot-preview[bot] 2020-03-12 19:09:27 +0000
  • 39430009ac Add internationalized domain names support Rodolphe Breard 2020-03-12 19:55:47 +0100
  • 6d28742632 Add Rust 1.41.1 to the tests since 1.42.0 has been released Rodolphe Breard 2020-03-12 16:22:12 +0100
  • f5bdd08105 RFC 8737 has been released Rodolphe Breard 2020-03-12 12:33:17 +0100
  • 9eda92662d Allow --pid-file to be used with --foreground The PID file is now always written whether or not ACMEd is running in the foreground. Previously, it was written only when running in the background. Fix #7 Rodolphe Breard 2020-03-12 12:13:13 +0100
  • 39df1601d8 Format code Rodolphe Breard 2020-03-11 21:18:48 +0100
  • 9a436fc35f Remove superfluous characters in JSON In some situations, it has been found that a specific ACME server returns extra characters before and after the JSON, which is therefore invalid. Although this must be fixed in the server, ACMEd should gracefully ignore such erroneous characters instead of refusing the response. Rodolphe Breard 2020-03-11 21:10:36 +0100
  • e338469b7a Fix the type of the externalAccountRequired field Rodolphe Breard 2020-03-11 20:57:27 +0100
  • e6ff3b97ba Replace * by _ in file names Rodolphe Breard 2020-03-11 20:56:07 +0100
  • 6255587329 Display certificate TTL in days instead of seconds Rodolphe Breard 2020-03-11 20:21:37 +0100
  • 996ea85be4 Format code Rodolphe Breard 2020-03-11 17:11:53 +0100
  • 550348009b
    Merge pull request #11 from jpastuszek/wildcard_certs Rodolphe Bréard 2020-03-11 17:10:10 +0100
  • 7d227bbbc6
    Merge pull request #10 from jpastuszek/named_curve Rodolphe Bréard 2020-03-11 16:49:41 +0100
  • 4904d01e2d Update the base64 dependency Rodolphe Breard 2020-03-11 15:39:11 +0100
  • 101d6bbd4e Update the nix dependency in acme_common Rodolphe Breard 2020-03-11 15:37:35 +0100
  • b16b2e6b09 Remove the explicit dependency on the time crate Rodolphe Breard 2020-03-11 15:36:19 +0100