lacme: new option 'account --deactivate'

For client-initiated account deactivation.  See RFC 8555 sec. 7.3.6.

3 files changed, 5 insertions, 1 deletions

diff --git a/Changelog b/Changelog
index 0f74a85..2ede6b7 100644
--- a/Changelog
+++ b/Changelog
@@ -1,6 +1,8 @@
 lacme (0.6) UNRELEASED
 
  + client: poll order URL instead of each authz URL successively.
+ + lacme: new option 'account --deactivate' for client-initiated account
+   deactivation, see RFC 8555 sec. 7.3.6.
  - lacme, client: new dependency Date::Parse, don't parse RFC 3339
    datetime strings from X.509 certs manually.
  - lacme: assume that the iptables(1) binaries are under /usr/sbin not
diff --git a/client b/client
index b567516..2eebbf0 100755
--- a/client
+++ b/client
@@ -244,6 +244,7 @@ if ($COMMAND eq 'account') {
     my %h = ( contact => \@ARGV ) if @ARGV;
     $h{onlyReturnExisting}   = Types::Serialiser::true unless $flags & 0x01;
     $h{termsOfServiceAgreed} = Types::Serialiser::true if     $flags & 0x02;
+    $h{status}               = "deactivated"           if     $flags & 0x04;
 
     print STDERR "Requesting new registration ".(@ARGV ? ("for ".join(', ', @ARGV)) : "")."\n"
         if $flags & 0x01;
diff --git a/lacme b/lacme
index 1c5761c..d5e8933 100755
--- a/lacme
+++ b/lacme
@@ -63,7 +63,7 @@ sub usage(;$$) {
     }
     exit $rv;
 }
-usage(1) unless GetOptions(\%OPTS, qw/config=s config-certs=s@ socket=s register tos-agreed min-days=i quiet|q debug help|h/);
+usage(1) unless GetOptions(\%OPTS, qw/config=s config-certs=s@ socket=s register tos-agreed deactivate min-days=i quiet|q debug help|h/);
 usage(0) if $OPTS{help};
 
 $COMMAND = shift(@ARGV) // usage(1, "Missing command");
@@ -625,6 +625,7 @@ if ($COMMAND eq 'account') {
     my $flags = 0;
     $flags |= 1 if $OPTS{'register'};
     $flags |= 2 if $OPTS{'tos-agreed'};
+    $flags |= 4 if $OPTS{'deactivate'};
     exit acme_client({out => \*STDOUT}, $flags, @ARGV);
 }