diff options
| author | Guilhem Moulin <guilhem@fripost.org> | 2015-12-18 12:59:55 +0100 |
|---|---|---|
| committer | Guilhem Moulin <guilhem@fripost.org> | 2015-12-18 13:03:18 +0100 |
| commit | 739348125542fda01a8dbafc816dfa240786e6e6 (patch) | |
| tree | b24e086db57822921899c09f16929d7040faaaa5 | |
| parent | 1f1e4d85ffec1f13d88740a6fa8edb05696607d2 (diff) | |
Add a long description.
| -rw-r--r-- | debian/control | 10 |
1 files changed, 10 insertions, 0 deletions
diff --git a/debian/control b/debian/control index 2dcd758..856f30d 100644 --- a/debian/control +++ b/debian/control @@ -15,3 +15,13 @@ Depends: ${misc:Depends}, ${perl:Depends}, openssl, netcat-openbsd | netcat-traditional Recommends: liblwp-protocol-https-perl, socat Description: Tiny ACME client for Let's Encrypt + This tiny ACME client written is with process isolation and minimal privileges + in mind. It is divided into three components: + 1. the "master" process, which runs as root and is the only component + with access to the private key material (both account and server keys); + 2. the actual ACME client, which runs as a separated user ID, builds ACME + requests and dialogues with the remote ACME server (data to be signed is + written to a pipe shared with the master process, which replies with its + SHA-256 signature); and + 3. an optional webserver, which runs as www-data:www-data and listen on port + 80 to server ACME challenges. |