aboutsummaryrefslogtreecommitdiffstats
path: root/tests/cert-install
Commit message (Collapse)AuthorAgeFiles
* Pass `-in /dev/stdin` option to openssl(1) to avoid warning with recent ↵Guilhem Moulin2024-06-131
| | | | | | | | | | versions. OpenSSL 3.2 from Debian sid spews Warning: Reading certificate from stdin since no -in or -new option is given without an explicit `-in /dev/stdin`.
* t/cert-install: Ensure the subjectName is lowercase.Guilhem Moulin2024-06-131
| | | | | | | | | Domain names are case insensitive so it shouldn't matter, but Let's Encrypt (staging) ACME server fails with 400 Bad Request (Invalid identifiers requested :: Cannot issue for "YXJCTT7S6K2RQLVO.lacme-test.guilhem.org": Domain name contains an invalid character) if the sub-domain part of the subjectName is left all-caps.
* lacme: Add 'owner' resp. 'mode' as (prefered) alias for 'chown' resp. 'chmod'.Guilhem Moulin2021-02-241
|
* lacme: Default mode for certificate(-chain) creation is 0644 minus umask ↵Guilhem Moulin2021-02-241
| | | | | | | | restrictions. Also, always spawn the client with umask 0022 so a starting lacme(8) with a restrictive umask doesn't impede serving challenge response files.
* lacme: Don't write certificate(-chain) file on chown/chmod failure.Guilhem Moulin2021-02-241
| | | | | | | | | Otherwise we end up with files with mode 0644 owned by root:root, and subsequent lacme(8) invocations will likely not renew them for a while. This change also saves a chown(2) call. And the new logic (chown resp. chmod from root:root resp. 0600) is safe if we ever include private key material in there too.
* tests/cert-install: Include tests for failing chown(2).Guilhem Moulin2021-02-241
| | | | Due to unknown user/group name.
* tab damageGuilhem Moulin2021-02-241
|
* typofixGuilhem Moulin2021-02-241
|
* Add test suite against Let's Encrypt's staging environment.Guilhem Moulin2021-02-201
https://letsencrypt.org/docs/staging-environment/
generated by cgit v1.2.3 (git 2.25.1) at 2024-11-04 23:13:18 +0000