aboutsummaryrefslogtreecommitdiffstats
path: root/lacme-accountd
diff options
context:
space:
mode:
Diffstat (limited to 'lacme-accountd')
-rwxr-xr-xlacme-accountd7
1 files changed, 6 insertions, 1 deletions
diff --git a/lacme-accountd b/lacme-accountd
index d8c96b0..a842bce 100755
--- a/lacme-accountd
+++ b/lacme-accountd
@@ -125,7 +125,7 @@ do {
open $LOG, ">>", $1 or die "Can't open $1: $!";
}
error("Invalid section(s): ".join(', ', keys %$h)) if %$h;
- my %h = map { $_ => delete $h2->{$_} } qw/privkey gpg socket logfile quiet/;
+ my %h = map { $_ => delete $h2->{$_} } qw/privkey gpg socket logfile keyid quiet/;
error("Unknown option(s): ".join(', ', keys %$h2)) if %$h2;
$h{quiet} = lc $h{quiet} eq 'yes' ? 1 : 0 if defined $h{quiet};
$OPTS{$_} //= $h{$_} foreach grep {defined $h{$_}} keys %h;
@@ -183,6 +183,11 @@ if ($OPTS{privkey} =~ /\A(file|gpg):(\p{Print}+)\z/) {
# use of SHA-256 digest in the thumbprint is hardcoded, see RFC 8555 sec. 8.1
$JWK_STR = JSON::->new->utf8->canonical->encode(\%jwk);
$extra_greeting{"jwk-thumbprint"} = encode_base64url(sha256($JWK_STR));
+
+ if ((my $kid = $OPTS{keyid} // "") ne "") {
+ $extra_greeting{kid} = $kid;
+ $JWK_STR = "{}";
+ }
$EXTRA_GREETING_STR = JSON::->new->encode(\%extra_greeting);
}
else {