diff options
Diffstat (limited to 'Changelog')
-rw-r--r-- | Changelog | 34 |
1 files changed, 34 insertions, 0 deletions
@@ -1,3 +1,35 @@ +lacme (0.8.1) upstream; + + + lacme-accountd: improve log messages and refactor logging logic. + + lacme-accountd: refuse to sign JWS with an invalid Protected Header. + + lacme: don't write certificate(-chain) file on chown/chmod failure. + + lacme: default mode for certificate(-chain) creation is 0644 minus + umask restrictions. Also, always spawn the client with umask 0022 so + a starting lacme(8) with a restrictive umask doesn't impede serving + challenge files. + + lacme: add 'owner' resp. 'mode' as (prefered) alias for 'chown' resp. + 'chmod'. + + lacme: split certificates using Net::SSLeay::PEM_* instead of calling + openssl. + + lacme: pass a temporary JSON file with the client configuration to + the internal client, so it doesn't have to parse the INI file again. + - lacme: in the [accountd] config, let lacme-accountd(1) do the + %-expansion for 'config', not lacme(8) when building the command. + - lacme-accountd: don't log debug messages unless --debug is set. + - lacme: when getpwnam()/getgrnam()'s errno is 0, exclude it from error + messages. + - tests/drop-privileges: ensure failure to drop privileges yields an + error instead of retaining root priviliges. + - tests/cert-install: include tests for failing chown(2) due to unknown + user/group name. + - lacme: ignore empty values in settings 'chown', 'chmod', 'certificate' + and 'certificate-chain'. + - lacme: return an error when the 'mode'/'chown' isn't a number. + - Makefile: replace '$(dir $@)' with '$(@D)'. + - Test suite: Adjust against current Let's Encrypt staging environment. + + -- Guilhem Moulin <guilhem@fripost.org> Wed, 25 Jan 2023 03:23:51 +0100 + lacme (0.8.0) upstream; * Breaking change: 'challenge-directory' now needs to be set to an @@ -218,6 +250,8 @@ lacme (0.2) upstream; directories. New default "lacme-certs.conf lacme-certs.conf.d/". - Minor manpage fixes - More useful message upon Validation Challenge failure. + - If restricting access via umask() fails, don't include errno in the + error message as it's not set on failure. -- Guilhem Moulin <guilhem@guilhem.org> Sat, 03 Dec 2016 16:40:56 +0100 |