diff options
| -rw-r--r-- | usr.sbin/acme-client/acme-client.1 | 5 | ||||
| -rw-r--r-- | usr.sbin/acme-client/acme-client.conf.5 | 15 | ||||
| -rw-r--r-- | usr.sbin/acme-client/main.c | 22 | ||||
| -rw-r--r-- | usr.sbin/acme-client/parse.h | 3 | ||||
| -rw-r--r-- | usr.sbin/acme-client/parse.y | 15 |
5 files changed, 32 insertions, 28 deletions
diff --git a/usr.sbin/acme-client/acme-client.1 b/usr.sbin/acme-client/acme-client.1 index 81a77ec4e6a..489ee2f30a9 100644 --- a/usr.sbin/acme-client/acme-client.1 +++ b/usr.sbin/acme-client/acme-client.1 @@ -1,4 +1,4 @@ -.\" $OpenBSD: acme-client.1,v 1.12 2017/01/21 08:41:42 benno Exp $ +.\" $OpenBSD: acme-client.1,v 1.13 2017/01/21 08:43:09 benno Exp $ .\" .\" Copyright (c) 2016 Kristaps Dzonsons <kristaps@bsd.lv> .\" @@ -23,7 +23,6 @@ .Sh SYNOPSIS .Nm acme-client .Op Fl bFNnrv -.Op Fl C Ar challengedir .Op Fl f Ar configfile .Ar domain .Sh DESCRIPTION @@ -49,8 +48,6 @@ is the current Epoch. Any given backup uses the same Epoch time for all three certificates. If there are no certificates in place, this option does nothing. -.It Fl C Ar challengedir -The directory to register challenges. .It Fl F Force updating the certificate signature even if it's too soon. .It Fl f Ar configfile diff --git a/usr.sbin/acme-client/acme-client.conf.5 b/usr.sbin/acme-client/acme-client.conf.5 index 1883fb0e5ff..d06bac4c0e8 100644 --- a/usr.sbin/acme-client/acme-client.conf.5 +++ b/usr.sbin/acme-client/acme-client.conf.5 @@ -1,4 +1,4 @@ -.\" $OpenBSD: acme-client.conf.5,v 1.2 2016/09/18 21:53:41 jmc Exp $ +.\" $OpenBSD: acme-client.conf.5,v 1.3 2017/01/21 08:43:09 benno Exp $ .\" .\" Copyright (c) 2005 Esben Norby <norby@openbsd.org> .\" Copyright (c) 2004 Claudio Jeker <claudio@openbsd.org> @@ -17,7 +17,7 @@ .\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF .\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. .\" -.Dd $Mdocdate: September 18 2016 $ +.Dd $Mdocdate: January 21 2017 $ .Dt ACME-CLIENT.CONF 5 .Os .Sh NAME @@ -123,18 +123,21 @@ The private key file for which the certificate will be obtained. .It Ic domain certificate Ar file The filename of the certificate that will be issued. .It Ic sign with Ar authority -the certificate authority (as declared above in the +The certificate authority (as declared above in the .Sx AUTHORITIES section) to use for this domain is selected. +.It Ic challengedir Ar path +The directory in which the challenge file will be stored. .El .Pp An example domain declaration looks like this: .Bd -literal -offset indent domain example.com { - alternative names { secure.example.com } - domain key /etc/ssl/private/example.com.key - domain certificate /etc/ssl/example.com.crt + alternative names { secure.example.com www.example.com } + domain key "/etc/ssl/private/example.com.key" + domain certificate "/etc/ssl/example.com.crt" sign with letsencrypt + challengedir "/var/www/acme" } .Ed .Sh FILES diff --git a/usr.sbin/acme-client/main.c b/usr.sbin/acme-client/main.c index 9c62ca7ebbd..14f355a35b8 100644 --- a/usr.sbin/acme-client/main.c +++ b/usr.sbin/acme-client/main.c @@ -1,4 +1,4 @@ -/* $Id: main.c,v 1.15 2017/01/21 08:41:42 benno Exp $ */ +/* $Id: main.c,v 1.16 2017/01/21 08:43:09 benno Exp $ */ /* * Copyright (c) 2016 Kristaps Dzonsons <kristaps@bsd.lv> * @@ -54,16 +54,11 @@ main(int argc, char *argv[]) struct domain_c *domain = NULL; struct altname_c *ac; - while (-1 != (c = getopt(argc, argv, "bFnNrvf:C:"))) + while (-1 != (c = getopt(argc, argv, "bFnNrvf:"))) switch (c) { case 'b': backup = 1; break; - case 'C': - free(chngdir); - if (NULL == (chngdir = strdup(optarg))) - err(EXIT_FAILURE, "strdup"); - break; case 'f': if (NULL == (conffile = strdup(optarg))) err(EXIT_FAILURE, "strdup"); @@ -141,8 +136,10 @@ main(int argc, char *argv[]) /* XXX replace with existance check in parse.y */ err(EXIT_FAILURE, "no account key in config?"); } - if (NULL == chngdir) + if (domain->challengedir == NULL) chngdir = strdup(WWW_DIR); + else + chngdir = domain->challengedir; if (NULL == chngdir) err(EXIT_FAILURE, "strdup"); @@ -170,7 +167,7 @@ main(int argc, char *argv[]) } if (-1 == access(chngdir, R_OK)) { - warnx("%s: -C directory must exist", chngdir); + warnx("%s: challenge directory must exist", chngdir); ne++; } @@ -397,16 +394,11 @@ main(int argc, char *argv[]) checkexit(pids[COMP_DNS], COMP_DNS) + checkexit(pids[COMP_REVOKE], COMP_REVOKE); - free(acctkey); - free(chngdir); free(alts); return (COMP__MAX != rc ? EXIT_FAILURE : (2 == c ? EXIT_SUCCESS : 2)); usage: fprintf(stderr, - "usage: acme-client [-bFnNrv] [-C challengedir]\n" - " [-f file] domain\n"); - free(acctkey); - free(chngdir); + "usage: acme-client [-bFnNrv] [-f file] domain\n"); return (EXIT_FAILURE); } diff --git a/usr.sbin/acme-client/parse.h b/usr.sbin/acme-client/parse.h index c5d3b65d596..2f89420e646 100644 --- a/usr.sbin/acme-client/parse.h +++ b/usr.sbin/acme-client/parse.h @@ -1,4 +1,4 @@ -/* $OpenBSD: parse.h,v 1.2 2017/01/21 08:41:42 benno Exp $ */ +/* $OpenBSD: parse.h,v 1.3 2017/01/21 08:43:09 benno Exp $ */ /* * Copyright (c) 2016 Sebastian Benoit <benno@openbsd.org> * @@ -43,6 +43,7 @@ struct domain_c { char *key; char *cert; char *auth; + char *challengedir; }; struct altname_c { diff --git a/usr.sbin/acme-client/parse.y b/usr.sbin/acme-client/parse.y index d46c1220476..49e2504a0f1 100644 --- a/usr.sbin/acme-client/parse.y +++ b/usr.sbin/acme-client/parse.y @@ -1,4 +1,4 @@ -/* $OpenBSD: parse.y,v 1.5 2017/01/21 08:41:42 benno Exp $ */ +/* $OpenBSD: parse.y,v 1.6 2017/01/21 08:43:09 benno Exp $ */ /* * Copyright (c) 2016 Kristaps Dzonsons <kristaps@bsd.lv> @@ -92,7 +92,7 @@ typedef struct { %} %token AUTHORITY AGREEMENT URL API ACCOUNT -%token DOMAIN ALTERNATIVE NAMES CERT KEY SIGN WITH +%token DOMAIN ALTERNATIVE NAMES CERT KEY SIGN WITH CHALLENGEDIR %token YES NO %token INCLUDE %token ERROR @@ -298,6 +298,16 @@ domainoptsl : ALTERNATIVE NAMES '{' altname_l '}' } domain->auth = s; } + | CHALLENGEDIR STRING { + char *s; + if (domain->challengedir != NULL) { + yyerror("duplicate challengedir"); + YYERROR; + } + if ((s = strdup($2)) == NULL) + err(EXIT_FAILURE, "strdup"); + domain->challengedir = s; + } ; altname_l : altname comma altname_l @@ -366,6 +376,7 @@ lookup(char *s) {"api", API}, {"authority", AUTHORITY}, {"certificate", CERT}, + {"challengedir", CHALLENGEDIR}, {"domain", DOMAIN}, {"include", INCLUDE}, {"key", KEY}, |