diff options
Diffstat (limited to 'client')
-rwxr-xr-x | client | 23 |
1 files changed, 9 insertions, 14 deletions
@@ -43,7 +43,7 @@ use warnings; # instance own by another user and created with umask 0177) is not a # problem since SOCKET_FD can be bound as root prior to the execve(2). -our $VERSION = '0.8.0'; +our $VERSION = '0.8.1'; my $PROTOCOL_VERSION = 1; my $NAME = 'lacme-client'; @@ -56,8 +56,6 @@ use Date::Parse (); use LWP::UserAgent (); use JSON (); -use Config::Tiny (); - # Clean up PATH $ENV{PATH} = join ':', qw{/usr/bin /bin}; delete @ENV{qw/IFS CDPATH ENV BASH_ENV/}; @@ -87,13 +85,13 @@ do { if (defined (my $extra = $2)) { my $h = eval { JSON::->new->decode($extra) }; if ($@ or !defined $h) { - print STDERR "WARN: Ignoring extra greeting data from accountd \"$extra\"\n"; + print STDERR "Warning: Ignoring extra greeting data from accountd \"$extra\"\n"; } else { print STDERR "Received extra greeting data from accountd: $extra\n" if $ENV{DEBUG}; ($JWK_thumbprint, $ALG, $KID) = @$h{qw/jwk-thumbprint alg kid/}; } } - my $jwk_str = $S->getline() // die "ERROR: No JWK from lacme-accountd\n"; + my $jwk_str = $S->getline() // die "Error: No JWK from lacme-accountd\n"; $JWK = JSON::->new->decode($jwk_str); $JWK_thumbprint //= encode_base64url(sha256(json()->encode($JWK))); # SHA-256 is hardcoded, see RFC 8555 sec. 8.1 $ALG //= "RS256"; @@ -107,11 +105,7 @@ do { my $CONFIG = do { my $conf = do { local $/ = undef; <$CONFFILE> }; - close $CONFFILE or die "close: $!"; - my $h = Config::Tiny::->read_string($conf) or die Config::Tiny::->errstr()."\n"; - $h->{_} //= {}; - $h->{client}->{$_} //= $h->{_}->{$_} foreach keys %{$h->{_}}; # add defaults - $h->{client}; + JSON::->new->decode($conf); }; my $UA = do { my %args = %$CONFIG; @@ -210,7 +204,7 @@ sub acme2($$;$) { $payload = defined $payload ? encode_base64url(json()->encode($payload)) : ""; $S->printflush($protected, ".", $payload, "\r\n"); - my $sig = $S->getline() // die "ERROR: No response from lacme-accountd\n"; + my $sig = $S->getline() // die "Error: lost connection with lacme-accountd\n"; $sig =~ s/\r\n\z// or die; undef $NONCE; # consume the nonce @@ -249,7 +243,7 @@ sub acme_resource($%) { if ($r eq "newAccount" or ($r eq "revokeCert" and !defined $KID)) { # per RFC 8555 sec. 6.2 these requests MUST have a JWK - print STDERR "WARNING: lacme-accountd supplied an empty JWK; try removing 'keyid' ", + print STDERR "Warning: lacme-accountd supplied an empty JWK; try removing 'keyid' ", "setting from lacme-accountd.conf if the ACME resource request fails.\n" unless %$JWK; return acme2($uri, {jwk => $JWK}, \%payload); @@ -338,11 +332,12 @@ elsif ($COMMAND eq 'newOrder') { my $keyAuthorization = $challenge->{token}.'.'.$JWK_thumbprint; # serve $keyAuthorization at http://$domain/.well-known/acme-challenge/$challenge->{token} - if (sysopen(my $fh, $challenge->{token}, O_CREAT|O_EXCL|O_WRONLY, 0644)) { + if (sysopen(my $fh, $challenge->{token}, O_CREAT|O_EXCL|O_WRONLY)) { + # note: the file is created mode 0666 minus umask restrictions $fh->print($keyAuthorization); $fh->close() or die "close: $!"; } elsif ($! == EEXIST) { - print STDERR "WARNING: File exists: $challenge->{token}\n"; + print STDERR "Warning: File exists: $challenge->{token}\n"; } else { die "open($challenge->{token}): $!"; } |