| Commit message (Collapse) | Author | Age | Files |
|
|
|
|
| |
This saves a round trip and provides a safeguard against malicious
clients.
|
| |
|
|
|
|
| |
Prefixed with a timestamp.
|
|
|
|
|
| |
It's an internal flag, but can be useful for authorized_keys(5)
restrictions.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
lacme(8): for --config=, --socket=, --config-certs= (and ‘socket’/
‘config-certs’/‘challenge-directory’ configuration options *before*
privilege drop; and for the [accountd] section ‘command’/‘config’
configuration options *after* privilege drop).
lacme-accountd(1): for --config=, --socket= and --privkey= (and
‘socket’/‘privkey’ configuration options).
This also changes the default configuration file location. lacme(8) and
lacme-accountd(1) now respectively use /etc/lacme/lacme.conf resp.
/etc/lacme/lacme-accountd.conf when running as root, and
$XDG_CONFIG_HOME/lacme/lacme.conf resp. $XDG_CONFIG_HOME/lacme/lacme-accountd.conf
when running as a normal user. There is no fallback to /etc anymore.
|
| |
|
|
|
|
| |
And add a test case for this.
|
|
|
|
|
| |
Instead, treat it as an empty file. This makes it possible to use
lacme-accountd(1) without configuration file under ~/.config/lacme.
|
|
|
|
|
|
|
| |
This is a breaking change: lacme(8) resp. lacme-accountd(1) no longer
consider ./lacme.conf resp. ./lacme-accountd.conf as default location
for the configuration file. Doing so has security implications when
running these program from insecure directories.
|
|
|
|
| |
symmetrically-encrypted private key.
|
| |
|
|
|
|
|
| |
* Also suggest a command to generate an ECDSA key not just RSA.
* Hint at which key algorithms are supported.
|
| |
|
| |
|
| |
|
|
|
|
| |
As it's a system command, see hier(7) for details.
|
|
Honor BUILD_DOCDIR and DESTDIR variables.
|