From a2e7dfe69b9b0470d79a8446ee57c123b802d529 Mon Sep 17 00:00:00 2001 From: Guilhem Moulin Date: Wed, 2 Mar 2016 22:21:40 +0100 Subject: wibble --- letsencrypt | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'letsencrypt') diff --git a/letsencrypt b/letsencrypt index 23659d5..2b0249c 100755 --- a/letsencrypt +++ b/letsencrypt @@ -410,6 +410,8 @@ sub acme_client($@) { die "connect: $!"; } + # use execve(2) rather than a Perl pseudo-process to ensure that the + # child doesn't have access to the parent's memory my @fileno = map { fileno($_) =~ /^(\d+)$/ ? $1 : die } ($CONFFILE, $client); # untaint fileno spawn({%$args{qw/in out/}, child => sub() { drop_privileges($conf->{user}, $conf->{group}, $args->{chdir} // '/'); @@ -448,8 +450,6 @@ sub spawn($@) { } else { open STDOUT, '>', '/dev/null' or die "Can't open /dev/null: $!"; } - # use execve(2) rather than a Perl pseudo-process to ensure that - # the child doesn't have access to the parent's memory exec { $exec[0] } @exec or die; } push @CLEANUP, sub() { -- cgit v1.2.3 From db187455ab02d725149a2ce0d5b9b1fb23d1de3c Mon Sep 17 00:00:00 2001 From: Guilhem Moulin Date: Sun, 27 Mar 2016 18:16:05 +0300 Subject: Change the default CA from LE's X1 to X3. --- letsencrypt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'letsencrypt') diff --git a/letsencrypt b/letsencrypt index 2b0249c..d11b569 100755 --- a/letsencrypt +++ b/letsencrypt @@ -604,7 +604,7 @@ elsif ($COMMAND eq 'new-cert') { }; # verify certificate validity against the CA - $conf->{CAfile} //= '/usr/share/letsencrypt-tiny/lets-encrypt-x1-cross-signed.pem'; + $conf->{CAfile} //= '/usr/share/letsencrypt-tiny/lets-encrypt-x3-cross-signed.pem'; if ($conf->{CAfile} ne '' and spawn({in => $x509}, 'openssl', 'verify', '-CAfile', $conf->{CAfile}, qw/-purpose sslserver -x509_strict/)) { print STDERR "[$s] Error: Received invalid X.509 certificate from ACME server!\n"; -- cgit v1.2.3