Age | Commit message (Collapse) | Author | |
---|---|---|---|
2017-01-23 | Remove incomplete "forced nexthop" support. | Jeremie Courreges-Anglas | |
Discussed with claudio@ | |||
2017-01-21 | Use MD disklabel position. | Martin Natano | |
2017-01-21 | tweak previous; | Jason McIntyre | |
2017-01-21 | find the first authority works better this way, now that we use a tailq | Sebastian Benoit | |
ok florian@ | |||
2017-01-21 | move config data structures mostly to TAILQs, because that way we | Sebastian Benoit | |
preserve order. ok florian@ | |||
2017-01-21 | it is ok to only specify a full chain certificate | Florian Obser | |
OK benno | |||
2017-01-21 | updated include paths for recently moved virtio stuff | Mike Larkin | |
2017-01-21 | dont print config if its broken | Sebastian Benoit | |
ok florian@ | |||
2017-01-21 | it's chain certificate not certificate chain | Florian Obser | |
2017-01-21 | Enforce minimum config in the parser. | Florian Obser | |
Based on a diff by & OK benno@ | |||
2017-01-21 | Switch include of virtio header from dev/pci/ to dev/pv/ | Reyk Floeter | |
2017-01-21 | The POSIX APIs that that sockaddrs all ignore the s*_len field in the | Philip Guenther | |
incoming socket, so userspace doesn't need to set it unless it has its own reasons for tracking the size along with the sockaddr. ok phessler@ deraadt@ florian@ | |||
2017-01-21 | Having a 'case 256:' in a switch (<uchar>) {} is bad on principle | Kenneth R Westerback | |
and makes gcc unhappy. In-line the single use #define, eliminate the 256: case and remove a now unneeded local variable. ok guenther@ | |||
2017-01-21 | Improve Documentation | Sebastian Benoit | |
ok florian | |||
2017-01-21 | add option 'domain full chain certificate "path"', | Sebastian Benoit | |
revokation works, the fullchain file will be unlinked. ok florian | |||
2017-01-21 | document default challengedir "/var/www/acme" | Sebastian Benoit | |
2017-01-21 | see also acme-client.conf(5) suggested by millert and Raf Czlonka | Sebastian Benoit | |
ok florian | |||
2017-01-21 | Implement domain chain certificate. | Florian Obser | |
OK benno | |||
2017-01-21 | Split certificate file from config file into certdir and certfile. | Florian Obser | |
This way we can still chroot to certdir but the the certificate file is not fixed to "cert.pem". Writing of chain.pem and fullchain.pem is currently broken with this. OK benno | |||
2017-01-21 | remove unused vars; OK benno | Florian Obser | |
2017-01-21 | Remove backup option. This is not acme-client's business; also it gets | Florian Obser | |
in the way. OK benno | |||
2017-01-21 | We are only dealing with one domain on the command line | Florian Obser | |
OK benno | |||
2017-01-21 | Accommodate gcc's suggestion that assignments used as truth values | Kenneth R Westerback | |
should be enclosed in parentheses. ok deraadt@ | |||
2017-01-21 | typo; ok benno | Florian Obser | |
2017-01-21 | kill remote with fire, we need to handle this differently | Florian Obser | |
OK benno | |||
2017-01-21 | typo; ok benno | Florian Obser | |
2017-01-21 | acme-client use configuration file [5 of 5] | Sebastian Benoit | |
implement new -n option to check and print configuration ok florian | |||
2017-01-21 | acme-client use configuration file [4 of 5] | Sebastian Benoit | |
fix getopt() ok florian | |||
2017-01-21 | acme-client use configuration file [3 of 5] | Sebastian Benoit | |
change command line options: n -> A new Account key N -> D new Domain key With this acme-client has these main usage patterns: * create new Account Key and Domain Key and get a certificate: acme-client -A -D www.example.com * renew certificate: acme-client www.example.com * revoke certificate: acme-client -r www.example.com ok florian | |||
2017-01-21 | acme-client use configuration file [2 of 5] | Sebastian Benoit | |
- add challengedir option to config file - remove -C option from command line ok florian | |||
2017-01-21 | acme-client use configuration file [1 of 5] | Sebastian Benoit | |
start using the configuration file and delete command line arguments: -a agreement -> agreement url ... -c certdir -> domain certificate "path" -f accountkey -> account key "path" -k domainkey -> domain key "path" -s authority -> sign with "name" new argument: -f configfile the changes needed to use the new configuration are local to main.c for now. While the configuration could be passed directly to netproc(), keyproc() etc, the diff is smaller this way. This also removes the multidir (-m) mode for now - specify different paths in each domain {} block instead. ok florian | |||
2017-01-21 | Nuke whitespace foolish enough to expose itself during the great | Kenneth R Westerback | |
"warning:" rectification. | |||
2017-01-20 | work on making log.c similar in all daemons: | Sebastian Benoit | |
reduce the (mostly whitespace) differences so that log.c's can be diffed easily. need to set verbose in main() when option -d is used. ok florian@ | |||
2017-01-20 | work on making log.c similar in all daemons: | Sebastian Benoit | |
reduce the (mostly whitespace) differences so that log.c's can be diffed easily. disclaimer change ok henning@. ok krw@ jmatthew@ | |||
2017-01-20 | work on making log.c similar in all daemons: | Sebastian Benoit | |
move daemon-local functions into new logmsg.c, and reduce the (mostly whitespace) differences so that log.c's can be diffed easily. removal of log_rtmsg() aproved by claudio@ ok claudio@ krw@ | |||
2017-01-20 | unbreak tree | Sebastian Benoit | |
2017-01-20 | work on making log.c similar in all daemons: | Sebastian Benoit | |
move daemon-local functions into new logmsg.c, and reduce the (mostly whitespace) differences so that log.c's can be diffed easily. ok krw@ jmatthew@ | |||
2017-01-20 | Correctly list all libraries required. | Theo de Raadt | |
2017-01-20 | Another ip_ipsp.h missing, found by krw@ | Claudio Jeker | |
2017-01-20 | Because of pfsync this needs ip_ipsp.h. Missed in the pfsockaddr_union cleanup. | Claudio Jeker | |
Found by krw@ | |||
2017-01-20 | Oops. one "error(NONFATAL,..." got flipped to "error(...)" instead | Kenneth R Westerback | |
of "warning(...)". Spotted by & ok procter@ | |||
2017-01-20 | In "%.*s" the * takes (int). gcc whines if you try to use the result | Kenneth R Westerback | |
of pointer subtraction without a cast. So cast those expressions to (int). Switch one local variable to the same type as the parameter it is compared to. ok deraadt@ guenther@ beck@ | |||
2017-01-20 | Split error() into error() and warn() so that error() can be marked | Kenneth R Westerback | |
__dead and thus let gcc sleep at night. ok tb@ beck@ | |||
2017-01-20 | add logging messages to distinguish which safty check failed | Peter Hessler | |
2017-01-20 | Mark functions that do not return as __dead to quiet gcc warnings. | Kenneth R Westerback | |
ok beck@ | |||
2017-01-19 | Simplify: bundle stripcom(). | Antoine Jacoutot | |
2017-01-19 | /etc/mirror.conf -> /etc/installurl | Antoine Jacoutot | |
discussed with deraadt@ beck@ rpe@ | |||
2017-01-19 | Export the host time to the guest, add it as a timedelta sensor in vmmci(4) | Reyk Floeter | |
OK kettenis@ mlarkin@ | |||
2017-01-19 | ls_missing(): as a precaution, don't output anything on stdout when running | Antoine Jacoutot | |
ftp(1) to prevent corrupting the patch list; we are already running in silent mode but better safe than sorry. Read the syspatch mirror base URL using stripcom() /etc/mirror.conf for the time being; discussed with deraadt@ and rpe@ -- naming is not set in stone yet. | |||
2017-01-19 | Use the _syspatch user. | Antoine Jacoutot | |