aboutsummaryrefslogtreecommitdiffstats
path: root/client
Commit message (Collapse)AuthorAgeFiles
* accountd: Pass JWA and JWK thumbprint via extended greeting data.Guilhem Moulin2021-02-211
| | | | | | | | | | | | | | | Passing the JWA to the ACME client is required if we want to support account keys other than RSA. As of 0.7 both lacme-accountd(1) and lacme(8) hardcode “RS256” (SHA256withRSA per RFC 7518 sec. A.1). Passing the JWK thumbprint is handy as it gives more flexibility if RFC 8555 sec. 8.1 were to be updated with another digest algorithm (it's currently hardcoded to SHA-256). A single lacme-account(1) instance might be used to sign requests from many clients, and it's easier to upgrade a single ‘lacme-accountd’ than many ‘lacme’. Moreover, in some restricted environments lacme-accountd might hide the JWK from the client to prevent ‘newAccount’ requests (such as contact updates); passing its thumbprint is enough for ‘newOrder’ requests.
* Make the ACME API server URL configurable at build time.Guilhem Moulin2021-02-211
|
* Consolidate error messages for consistency.Guilhem Moulin2021-02-181
|
* client: avoid "Use of uninitialized value in pattern match (m//)" perl warnings.Guilhem Moulin2021-02-181
| | | | When the accountd socket can't be reached.
* client: use "lacme-client/$VERSION" as User-Agent header.Guilhem Moulin2021-02-181
|
* typofixGuilhem Moulin2021-02-181
|
* Bump copyright years.Guilhem Moulin2021-02-151
|
* client: fail immediately when the accountd is unreachable.Guilhem Moulin2021-02-121
|
* Replace Types::Serialiser::true with JSON::true.Guilhem Moulin2021-02-121
| | | | This removes the dependency on Types::Serialiser.
* Raise client timeout from 10 to 30s.Guilhem Moulin2021-02-121
|
* Use upstream certicate chain instead of an hardcoded one.upstream/0.7Guilhem Moulin2020-11-261
| | | | | | | | | | | | | This is a breaking change. The certificate indicated by 'CAfile' is no longer used as is in 'certificate-chain' (along with the leaf cert). The chain returned by the ACME v2 endpoint is used instead. This allows for more flexbility with respect to key/CA rotation, cf. https://letsencrypt.org/2020/11/06/own-two-feet.html and https://community.letsencrypt.org/t/beginning-issuance-from-r3/139018 Moreover 'CAfile' now defaults to @@datadir@@/lacme/ca-certificates.crt which is a concatenation of all known active CA certificates (which includes the previous default).
* Upgrade links to secure HTTP.Guilhem Moulin2020-08-041
|
* lacme: new option 'account --deactivate'Guilhem Moulin2019-08-211
| | | | For client-initiated account deactivation. See RFC 8555 sec. 7.3.6.
* Issue GET and POST-as-GET requests (RFC 8555 sec. 6.3)Guilhem Moulin2019-08-211
| | | | | For the authorizations, order and certificate URLs. See RFC 8555 sec. 7.1.
* Link to RFC 8555 instead of the ACME I-D URL.Guilhem Moulin2019-08-211
|
* lacme, client: new dependency Date::Parse.Guilhem Moulin2019-01-211
|
* client: poll order URL instead of each authz URL successively.Guilhem Moulin2019-01-211
| | | | We were blocking on https://github.com/letsencrypt/boulder/issues/3530 .
* Use ACME v2 endpointsGuilhem Moulin2018-04-271
| | | | https://tools.ietf.org/html/draft-ietf-acme-acme-12
* Update copyright infoupstream/0.3Guilhem Moulin2017-07-091
|
* Specify minimum required Perl versions.Guilhem Moulin2017-07-011
|
* Ensure fdopen is called with an integer.Guilhem Moulin2017-07-011
|
* Remove potential race when creating ACME challenge response files.Guilhem Moulin2017-06-291
|
* wibbleGuilhem Moulin2017-02-191
|
* Honor Retry-After headers for certificate issuance and challenge responses.Guilhem Moulin2016-06-301
|
* More useful message upon Validation Challenge failure.Guilhem Moulin2016-06-301
| | | | | Format the problem document if the JSON has an “error” key. Cf. section 7 “Identifier Validation Challenges”.
* Add the short description in headers and manpages.Guilhem Moulin2016-06-141
|
* accountd: Don't mention "Let's Encrypt" in log messages.Guilhem Moulin2016-06-141
|
* Rename ‘letsencrypt-tiny’ to ‘lacme’.Guilhem Moulin2016-06-131
|
* Refactoring to use the account key manager.Guilhem Moulin2016-03-021
|
* acme-slave → client; acme-webserver → webserverGuilhem Moulin2015-12-181