Mirror
/
acmed
mirror of https://github.com/breard-r/acmed.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

Commit Graph

  • 914bdf8a8d
         Update nix requirement from 0.18 to 0.19 #40 dependabot-preview[bot] 2020-10-13 04:27:27 +0000
  • cdc8f79853 Update the attohttpc dependency Finishes the job initiated in #39 Rodolphe Breard 2020-10-12 22:46:54 +0200
  • c0383a1ad9
         Merge pull request #39 from breard-r/dependabot/cargo/attohttpc-0.16 Rodolphe Bréard 2020-10-12 21:44:48 +0200
  • a02df167c5
         Update attohttpc requirement from 0.15 to 0.16 #39 dependabot-preview[bot] 2020-10-12 04:29:03 +0000
  • 913199c106 Update the Rust versions in the CI Rodolphe Breard 2020-10-10 23:30:13 +0200
  • f520c05544 Update the base64 dependency Rodolphe Breard 2020-10-10 23:23:14 +0200
  • 44c6f99456 ACMEd v0.12.0 v0.13.0 Rodolphe Breard 2020-10-10 23:03:23 +0200
  • 1d80066c56 Improve the build system Rodolphe Breard 2020-10-10 22:06:14 +0200
  • 82674904c1 Allow to specify a target in the Makefile Rodolphe Breard 2020-10-10 21:14:07 +0200
  • 41d343eeaa Remove the acme_common build script's warning Rodolphe Breard 2020-10-10 20:15:46 +0200
  • 8c0d208fe5 Add the `openssl_vendored` feature rel #4 Rodolphe Breard 2020-10-10 20:14:31 +0200
  • 9ec48e7e03 Add the `root_certificates` parameter Being able to define root certificates in the command line is not enough for two reasons: 1. It is always global, you cannot define a root certificate for a specific endpoint. 2. Daemon scripts and unit files are not meant to be changed every time you need to add a root certificate. Rodolphe Breard 2020-10-10 18:57:36 +0200
  • 48179d19ed Refactor the JWS protected header generation Rodolphe Breard 2020-10-08 21:48:52 +0200
  • d1901bea91 Update the CONTRIBUTING.md file Rodolphe Breard 2020-10-06 20:10:48 +0200
  • b75b8ba9f7 Prepare the code for an OpenSSL replacement The part of code that are specific to OpenSSL are now included only if the openssl feature is activated. The generic parts of code included in OpenSSL specific files has been moved out. Rodolphe Breard 2020-10-06 20:06:32 +0200
  • d1a344a171 Reorder the Cargo.toml Rodolphe Breard 2020-10-03 22:38:20 +0200
  • fc71b90822 Include packaging in the CONTRIBUTING.md file Rodolphe Breard 2020-09-27 19:20:23 +0200
  • d9fdc8cb08 Fix the man pages syntax Rodolphe Breard 2020-09-27 00:08:09 +0200
  • de6561cd24 ACMEd v0.12.0 v0.12.0 Rodolphe Breard 2020-09-26 16:44:45 +0200
  • 0db5e6898f Stop to require the `orders` field on account creation RFC 8555 states that: - when an account is successfully created, the server "returns this account object" (section 7.3); - the `orders` field in account objects is mandatory (section 7.1.2). Rodolphe Breard 2020-09-26 16:17:23 +0200
  • 0c8b0d3e53 Log HTTP responses and POST requests Rodolphe Breard 2020-09-26 14:31:09 +0200
  • 8477d927a1 Add support for NIST P-521 curve and ES512 signatures Rodolphe Breard 2020-09-20 11:09:14 +0200
  • 53a6eff1eb Fix the new order request Rodolphe Breard 2020-09-19 23:59:38 +0200
  • 1a1c1bed91 Allow to specify subject attributes for certificates Rodolphe Breard 2020-09-19 20:22:00 +0200
  • 2dee1cce4c Remove nonce scoping from the planned features Rodolphe Breard 2020-09-19 17:04:01 +0200
  • 0456737458 ACMEd v0.11.0 v0.11.0 Rodolphe Breard 2020-09-19 12:07:47 +0200
  • 2e526f63e2 Update the CHANGELOG Rodolphe Breard 2020-09-19 11:54:18 +0200
  • 3c173bcf13 Create a new account if the external account has changed Rodolphe Breard 2020-09-19 11:46:19 +0200
  • bb47e04558 Improve the binary's long version Rodolphe Breard 2020-09-13 21:23:47 +0200
  • 1267e09ecb Dynamically retrieve the OpenSSL version Rodolphe Breard 2020-09-13 20:44:31 +0200
  • 51ff3fb9f8 Fix the test_account_new test Rodolphe Breard 2020-09-12 19:30:46 +0200
  • 8c116f0b55 Add external account binding Rodolphe Breard 2020-09-12 19:13:02 +0200
  • 875a403485 Add the b64_decode function Rodolphe Breard 2020-09-12 15:55:17 +0200
  • 45ca322ea6 Add the HS256, HS384 and HS512 signature algorithms Rodolphe Breard 2020-09-12 15:18:49 +0200
  • 30517d8b54 Add the HMAC computation in the HashFunction API Rodolphe Breard 2020-09-12 15:15:34 +0200
  • 4eb0423da3 Reformat log messages Rodolphe Breard 2020-09-08 19:29:20 +0200
  • 35fc59f761 Remove the signature algorithm from the key hash The key hash is responsible for the initiation of a key rollover on endpoints. Therefore, it should differ only when such an action is required, which is only if the key pair has changed. For this, hashing the public key is sufficient. Adding the signature algorithm will generate unnecessary key rollovers. Rodolphe Breard 2020-09-08 18:11:51 +0200
  • f44d95e7b1 Remove the -D option from install In the Makefile, `make install` is used to create missing directories and install files into them. Until now, the -D option was used for this job. However, FreeBSD as an implementation of the install command that differs about this option. In order to remain compatible with FreeBSD, the -D option has been removed and replace by prior directory creation using the -d option, which is common to (most?) implementations. https://www.freebsd.org/cgi/man.cgi?query=install https://man.openbsd.org/install https://linux.die.net/man/1/install Rodolphe Breard 2020-09-06 14:37:36 +0200
  • b340ac778d Make the account hooks optional Rodolphe Breard 2020-09-06 12:15:04 +0200
  • dc0603b9e7 Update the Travis CI configuration The `dist: xenial` has been added because, at the time, build was done using an old version of Ubuntu including an unsupported version of OpenSSL. Now that Xenial is the default build version, this option should be removed. See commit 261e0e50fd Rodolphe Breard 2020-09-04 20:11:15 +0200
  • 220f580d90 Use libc::time_t instead of i64 The use of i64 causes troubles in architectures that doesn't defines time_t as an i64. Fixes #37 Rodolphe Breard 2020-09-04 20:07:38 +0200
  • 04841e1773 Fix the account key rollover Rodolphe Breard 2020-09-01 20:30:19 +0200
  • 8b2a32d671 Re-create accounts dropped by the endpoint Rodolphe Breard 2020-09-01 18:23:28 +0200
  • 9b12e88ae1 Allow accounts to be updated The previous strategy for accounts management on endpoints was to send an account creation request every time in order to retrieve the account URL. Although it works on most cases, the contact information or key update wasn't handled correctly. Rodolphe Breard 2020-09-01 16:01:56 +0200
  • a9603528f4 Add questions about parallelization in the FAQ Rodolphe Breard 2020-09-01 11:15:45 +0200
  • 51cfd49f08 Refactor the account management Rodolphe Breard 2020-09-01 00:48:39 +0200
  • 32c1e986af Fix invalid link in the CONTRIBUTING file Rodolphe Breard 2020-08-30 11:18:01 +0200
  • 04a95dad26 Update the CONTRIBUTING file Rodolphe Breard 2020-08-30 11:16:57 +0200
  • 69739d4703 Create a dedicated FileManager struct The certificate struct was bloated with file management data which therefore required the certificate to be passed in every storage function. In order to clean this, a new FileManager struct has been created. Rodolphe Breard 2020-08-28 17:44:32 +0200
  • 3b7f41a7e8 Update the README Rodolphe Breard 2020-08-28 00:16:44 +0200
  • f126ee22d0 ACMEd v0.10.0 v0.10.0 Rodolphe Breard 2020-08-27 11:42:41 +0200
  • 64e7d80f7c Improve the CHANGELOG Rodolphe Breard 2020-08-27 11:29:44 +0200
  • a1ff1f6181 Raise a descriptive error for invalid identifier specifications An identifier must have one and only one type field (`dns` or `ip`). Rel #24 Rodolphe Breard 2020-08-27 00:02:26 +0200
  • 53d55af96e Improve the FAQ Rodolphe Breard 2020-08-26 20:21:34 +0200
  • 96cc42375e Improve the FAQ Rodolphe Breard 2020-08-26 20:02:04 +0200
  • 52fe2c60ba Refactor the certificate key type management The previous system used a duplicated enum (`acmed::certificate::Algorithm`) and an imprecise identifier name (algorithm) for both the certificate configuration and post operation hook variable. The first one has been replaced by the `acme_common::crypto::KeyType` enum and the second renames `key_type`. Rodolphe Breard 2020-08-26 19:45:51 +0200
  • bea33179d7 Allow to specify the CSR's digest algorithm Rodolphe Breard 2020-08-26 19:16:04 +0200
  • e17e6d1174 Add the PID file name in the error message Rel #24 Rodolphe Breard 2020-08-26 17:39:37 +0200
  • 3ee3419676 Add missing commas Rodolphe Breard 2020-08-26 17:38:57 +0200
  • 7292cc68ca Fix the certificate generation tests Rodolphe Breard 2020-08-26 16:12:18 +0200
  • c5f1e90276 Add the `--crt-digest` option in tacd Rodolphe Breard 2020-08-26 16:09:07 +0200
  • f640688a3b Refactor the hash function interface Rodolphe Breard 2020-08-26 15:43:09 +0200
  • c7263703d1 Improve the CLI Some default values were missing. Some descriptions has been rephrased. Rodolphe Breard 2020-08-26 14:40:15 +0200
  • b08da88bcf Fix the conditional compilation Rodolphe Breard 2020-08-26 14:12:37 +0200
  • 602d8c6cf6 Add the `--crt-signature-alg` option in tacd Rodolphe Breard 2020-08-26 14:12:04 +0200
  • 4614d6c407 Add partial EdDSA support Currently, OpenSSL does not have the required `EVP_PKEY_get1_ED(25519|448)` functions, hence EdDSA has been partially implemented and disabled. Once OpenSSL 3.0.0 is out and the `openssl` crates implements the bindings to those functions, full EdDSA implementation could be done and activated. Conditional compilation has been implemented using `rustc-cfg` instructions rather than features so it can be activated from the build script depending on whether or not the cryptographic library supports Ed25519 and Ed448. 7c664b1f1b Rodolphe Breard 2020-08-26 12:42:47 +0200
  • a0f4928a73 Move the account key type and signing algorithm Those options are tied with the account and should therefore be defined in the associated section, not in the endpoint section. Rodolphe Breard 2020-08-25 22:48:56 +0200
  • 9f6f10c67a Fix the case Rodolphe Breard 2020-08-25 21:50:28 +0200
  • 87f97ec334 Improve configuration error messages Rel #24 Rodolphe Breard 2020-08-25 21:34:55 +0200
  • 566d09a618 Warn on empty inclusion patterns Rodolphe Breard 2020-08-25 20:27:17 +0200
  • 573442dbd2 Improve the logging of the renewal decision Rodolphe Breard 2020-08-25 20:08:58 +0200
  • 2f39e798d1 Add Unix style globing for config file inclusion Close #6 Rodolphe Breard 2020-08-25 19:58:30 +0200
  • 25450aebbf Implement IP identifiers RFC 8738: https://tools.ietf.org/html/rfc8738 Rodolphe Breard 2020-08-25 18:52:30 +0200
  • 43c9eee202 Remove a few unwrap Rodolphe Breard 2020-08-24 16:25:22 +0200
  • 62db048a46 Allow to define a custom delay for renewal Rodolphe Breard 2020-08-24 15:37:59 +0200
  • 387adc7c4f Remove the useless calls to `map_err` Rodolphe Breard 2020-08-24 12:09:20 +0200
  • 1e70b48a7f Update the Travis CI configuration Rodolphe Breard 2020-08-24 10:37:10 +0200
  • ea02e90292 Fix the JWS tests Rodolphe Breard 2020-08-24 10:30:09 +0200
  • 582593de29 Allow to specify the account key type and signature alg in the config Rodolphe Breard 2020-08-23 20:23:19 +0200
  • 1350257300 Put Ed25519 support in a feature Rodolphe Breard 2020-08-23 10:17:29 +0200
  • 9df6170b76 Update the rustc badge Rodolphe Breard 2020-08-23 10:06:18 +0200
  • 636fbf9cf6 Refactor the JWS signature algorithm management Being tied with the key type, the signature algorithm should therefore be at the same place than the key type, hence `acme_common::crypto`. This reorganization will allow to specify the account key type as well as the signature algorithm in the configuration. Rodolphe Breard 2020-08-22 19:27:59 +0200
  • d7dbd58823 Move the hashing operation inside the signing function This hashing operation is part of the signing process itself and should therefore not be exposed outside of the signing function. Rodolphe Breard 2020-08-22 11:27:44 +0200
  • 2403633d07 Replace an incorrect term in the README by the correct one Rodolphe Breard 2020-08-22 10:48:46 +0200
  • eabcddb0af Add support for RSA 2048 account keys Rodolphe Breard 2020-08-21 18:20:07 +0200
  • 42cf2d792b Update the README's FAQ Closes #34 and closes #35 Rodolphe Breard 2020-08-20 17:43:54 +0200
  • 0d2baad941
         doc: Improvements to the RSA-2048 section #35 Brennan Kinney 2020-08-18 22:17:45 +1200
  • 1ab5b4012e Use the correct algorithm and hash function for JWK signatures Since there is currently no possibility to chose a different account key type, the current implementation only supports the ES256 algorithm. With the upcoming support of different key types, it had to be changed. This commit add support for ES384 although there is no configuration option that can activate the actual use of it through account keys using the NIST P-384 curve. Rodolphe Breard 2020-08-17 18:09:36 +0200
  • 9246550551 Update the CONTRIBUTING.md file Rodolphe Breard 2020-08-17 16:58:00 +0200
  • 88f83bafe4 Prepare the Cargo.toml files for a different crypto library Rodolphe Breard 2020-08-15 21:00:55 +0200
  • a5b59e7ba1 Refactor the Makefile The previous version of the Makefile used features which are specific to GNU Make and therefore does not works on BSD systems. This new version, which is much more simpler, works both on GNU Make and BSD Make (tested on FreeBSD 12.1). Rodolphe Breard 2020-08-02 13:14:24 +0200
  • f2e23b20fd ACMEd v0.9.0 v0.9.0 Rodolphe Breard 2020-08-01 17:49:45 +0200
  • c91cb82f07 Move the example service file into the contrib directory Rodolphe Breard 2020-08-01 17:44:32 +0200
  • d7693fc95f Update the change log Rodolphe Breard 2020-08-01 17:31:57 +0200
  • 3c21019cb5 Update the nix that dependabot forgot Rodolphe Breard 2020-07-27 21:05:29 +0200
  • d75b332d0d
         Merge pull request #32 from breard-r/dependabot/cargo/nix-0.18 Rodolphe Bréard 2020-07-27 20:42:24 +0200
  • 62026d82e3
         Merge pull request #31 from magiclen/master Rodolphe Bréard 2020-07-27 20:39:19 +0200
  • c8a2b3d37f
         Update nix requirement from 0.17 to 0.18 #32 dependabot-preview[bot] 2020-07-27 04:30:51 +0000
  • b25d01823a Fix the conflicts_with setting of the `acme-ext-file` option #31 Magic Len 2020-07-27 07:36:47 +0800
  • 09d01eefb5 Remove openssl calls from the acmed crate The TLS library is encapsulated by acme_common. Rodolphe Breard 2020-06-29 20:29:34 +0200