lacme/client, branch v0.8.3 Small ACME client written with process isolation and minimal privileges in mind Prepare new release v0.8.3. 2024-06-13T15:39:34+00:00 Guilhem Moulin guilhem@fripost.org 2024-06-13T15:39:34+00:00 ce6a95d172dbefd0e310c46e0a0d9c56d19e34ca 






Prepare new release v0.8.2.
2023-04-25T18:06:22+00:00

Guilhem Moulin
guilhem@fripost.org

2023-04-25T18:06:22+00:00

c80a2530eb014b34a314e078fec2589bc7969e33












client: Handle "ready" → "processing" → "valid" status change during newOrder.
2023-04-25T09:11:03+00:00

Guilhem Moulin
guilhem@fripost.org

2023-04-25T08:51:36+00:00

53238c70f7a12e233a6ca83cf2b50168e5b9592e

Instead of just "ready" → "valid", which may be what we observe when the
server is fast enough, but according to RFC 8555 sec. 7.1.6 the state
actually transitions via "processing" state and we need to account for
that.

It appears Let's Encrypt staging environment now has different timing
conditions and lacme is unable to request certificates due to this
issue.

Thanks to Alexander Borkowski for the report!





Instead of just "ready" → "valid", which may be what we observe when the
server is fast enough, but according to RFC 8555 sec. 7.1.6 the state
actually transitions via "processing" state and we need to account for
that.

It appears Let's Encrypt staging environment now has different timing
conditions and lacme is unable to request certificates due to this
issue.

Thanks to Alexander Borkowski for the report!







Prepare new release v0.8.1.
2023-01-25T02:23:51+00:00

Guilhem Moulin
guilhem@fripost.org

2023-01-25T02:23:51+00:00

b3af3526b293f396da02a6276ea86ca17dcd2d03












lacme: pass a temporary JSON file with the client configuration to the internal client.
2021-02-25T09:30:22+00:00

Guilhem Moulin
guilhem@fripost.org

2021-02-25T00:41:59+00:00

9a8f705eddd18ccc9a24fe0e7efe6b5a87b2be09

So it doesn't have to parse the INI file again.  Also, while lacme.conf
is world-readable by default, one might restrict permissions and add
private information in there, not realizing that everything, including
comments, will be readable by the client.





So it doesn't have to parse the INI file again.  Also, while lacme.conf
is world-readable by default, one might restrict permissions and add
private information in there, not realizing that everything, including
comments, will be readable by the client.







lacme: Default mode for certificate(-chain) creation is 0644 minus umask restrictions.
2021-02-24T20:32:01+00:00

Guilhem Moulin
guilhem@fripost.org

2021-02-24T20:01:12+00:00

c612a7ff44995f4f9c39fa0fb68470d90c88decf

Also, always spawn the client with umask 0022 so a starting lacme(8)
with a restrictive umask doesn't impede serving challenge response
files.





Also, always spawn the client with umask 0022 so a starting lacme(8)
with a restrictive umask doesn't impede serving challenge response
files.







Consolidate error messages.
2021-02-22T23:20:32+00:00

Guilhem Moulin
guilhem@fripost.org

2021-02-22T23:20:32+00:00

af5e3d794fc2f83f6cc3b5ddff386dad5463707d












Prepare new release v0.8.0.
2021-02-22T02:19:57+00:00

Guilhem Moulin
guilhem@fripost.org

2021-02-22T02:19:57+00:00

3eba02ef820a393bd5781be9f8fcda1611ae7c3d












client: Print Terms of Service URL for 'account' command.
2021-02-22T00:05:06+00:00

Guilhem Moulin
guilhem@fripost.org

2021-02-22T00:04:58+00:00

ed85b6a6740028ce9ce821975a534f696eabd8ed












lacme-accountd(1): new setting 'keyid'.
2021-02-21T23:14:51+00:00

Guilhem Moulin
guilhem@fripost.org

2021-02-21T17:49:14+00:00

9898b1877ce2973bbc336921969bd7f16d3698fa

This saves a round trip and provides a safeguard against malicious
clients.





This saves a round trip and provides a safeguard against malicious
clients.