| Commit message (Collapse) | Author | Age | Files | |
|---|---|---|---|---|
| * | Add (self-signed) ISRG Roots to the CA bundle. | Guilhem Moulin | 2021-02-15 | 2 |
| | | | | | | | | | | | | | | | | This allows us to fully validate provided X.509 chains using that self-contained bundle, regardless of which CAs is marqued as trusted under /etc/ssl/certs. Also, remove cross-signed intermediate CAs from the bundle as they're useless in a self-contained bundle. Also, remove decomissioned intermediate CAs Authority X3 and X4 from the bundle. This change bumps the minimum OpenSSL version to 1.1.0 (for verify(1ssl)'s ‘-trusted’ and ‘-show_chain’ options). | |||
| * | Use upstream certicate chain instead of an hardcoded one.upstream/0.7 | Guilhem Moulin | 2020-11-26 | 8 |
| | | | | | | | | | | | | | | This is a breaking change. The certificate indicated by 'CAfile' is no longer used as is in 'certificate-chain' (along with the leaf cert). The chain returned by the ACME v2 endpoint is used instead. This allows for more flexbility with respect to key/CA rotation, cf. https://letsencrypt.org/2020/11/06/own-two-feet.html and https://community.letsencrypt.org/t/beginning-issuance-from-r3/139018 Moreover 'CAfile' now defaults to @@datadir@@/lacme/ca-certificates.crt which is a concatenation of all known active CA certificates (which includes the previous default). | |||
| * | Move X.509 certs to a separate directory. | Guilhem Moulin | 2016-06-14 | 4 |
 |
index : lacme | |
| Small ACME client written with process isolation and minimal privileges in mind | Guilhem Moulin |
| aboutsummaryrefslogtreecommitdiffstats |