diff options
Diffstat (limited to 'lacme')
| -rwxr-xr-x | lacme | 13 |
1 files changed, 7 insertions, 6 deletions
@@ -18,6 +18,7 @@ # along with this program. If not, see <http://www.gnu.org/licenses/>. #---------------------------------------------------------------------- +use v5.14.2; use strict; use warnings; @@ -30,9 +31,9 @@ use File::Temp (); use Getopt::Long qw/:config posix_default no_ignore_case gnu_getopt auto_version/; use List::Util 'first'; use POSIX (); -use Socket qw/AF_UNIX AF_INET AF_INET6 PF_UNIX PF_INET PF_INET6 PF_UNSPEC - INADDR_ANY IN6ADDR_ANY IPPROTO_IPV6 - SOCK_STREAM SOL_SOCKET SO_REUSEADDR SHUT_RDWR/; +use Socket 1.95 qw/AF_UNIX AF_INET AF_INET6 PF_UNIX PF_INET PF_INET6 PF_UNSPEC + INADDR_ANY IN6ADDR_ANY IPPROTO_IPV6 + SOCK_STREAM SOL_SOCKET SO_REUSEADDR SHUT_RDWR/; use Config::Tiny (); use Net::SSLeay (); @@ -96,7 +97,7 @@ do { map {$_ => undef} qw/server timeout SSL_verify SSL_version SSL_cipher_list/ }, webserver => { - listen => '/var/run/lacme.socket', + listen => '/var/run/lacme-www.socket', 'challenge-directory' => undef, user => 'www-data', group => 'www-data', @@ -532,7 +533,7 @@ sub acme_client($@) { # child doesn't have access to the parent's memory my @fileno = map { fileno($_) =~ /^(\d+)$/ ? $1 : die } ($CONFFILE, $client); # untaint fileno set_FD_CLOEXEC($client, 1); - my $rv = spawn({%$args{qw/in out/}, child => sub() { + my $rv = spawn({in => $args->{in}, out => $args->{out}, child => sub() { drop_privileges($conf->{user}, $conf->{group}, $args->{chdir} // '/'); set_FD_CLOEXEC($_, 0) foreach ($CONFFILE, $client); seek($CONFFILE, SEEK_SET, 0) or die "Can't seek: $!"; @@ -723,7 +724,7 @@ elsif ($COMMAND eq 'new-cert') { } # generate the CSR - my $csr = gen_csr(%$conf{qw/certificate-key subject subjectAltName keyUsage hash/}) // do { + my $csr = gen_csr(map {$_ => $conf->{$_}} qw/certificate-key subject subjectAltName keyUsage hash/) // do { print STDERR "[$s] Warning: Couldn't generate CSR, skipping\n"; $rv = 1; next; |