summaryrefslogtreecommitdiff
path: root/usr.sbin
AgeCommit message (Collapse)Author
2017-01-23Remove incomplete "forced nexthop" support.Jeremie Courreges-Anglas
Discussed with claudio@
2017-01-21Use MD disklabel position.Martin Natano
2017-01-21tweak previous;Jason McIntyre
2017-01-21find the first authority works better this way, now that we use a tailqSebastian Benoit
ok florian@
2017-01-21move config data structures mostly to TAILQs, because that way weSebastian Benoit
preserve order. ok florian@
2017-01-21it is ok to only specify a full chain certificateFlorian Obser
OK benno
2017-01-21updated include paths for recently moved virtio stuffMike Larkin
2017-01-21dont print config if its brokenSebastian Benoit
ok florian@
2017-01-21it's chain certificate not certificate chainFlorian Obser
2017-01-21Enforce minimum config in the parser.Florian Obser
Based on a diff by & OK benno@
2017-01-21Switch include of virtio header from dev/pci/ to dev/pv/Reyk Floeter
2017-01-21The POSIX APIs that that sockaddrs all ignore the s*_len field in thePhilip Guenther
incoming socket, so userspace doesn't need to set it unless it has its own reasons for tracking the size along with the sockaddr. ok phessler@ deraadt@ florian@
2017-01-21Having a 'case 256:' in a switch (<uchar>) {} is bad on principleKenneth R Westerback
and makes gcc unhappy. In-line the single use #define, eliminate the 256: case and remove a now unneeded local variable. ok guenther@
2017-01-21Improve DocumentationSebastian Benoit
ok florian
2017-01-21add option 'domain full chain certificate "path"',Sebastian Benoit
revokation works, the fullchain file will be unlinked. ok florian
2017-01-21document default challengedir "/var/www/acme"Sebastian Benoit
2017-01-21see also acme-client.conf(5) suggested by millert and Raf CzlonkaSebastian Benoit
ok florian
2017-01-21Implement domain chain certificate.Florian Obser
OK benno
2017-01-21Split certificate file from config file into certdir and certfile.Florian Obser
This way we can still chroot to certdir but the the certificate file is not fixed to "cert.pem". Writing of chain.pem and fullchain.pem is currently broken with this. OK benno
2017-01-21remove unused vars; OK bennoFlorian Obser
2017-01-21Remove backup option. This is not acme-client's business; also it getsFlorian Obser
in the way. OK benno
2017-01-21We are only dealing with one domain on the command lineFlorian Obser
OK benno
2017-01-21Accommodate gcc's suggestion that assignments used as truth valuesKenneth R Westerback
should be enclosed in parentheses. ok deraadt@
2017-01-21typo; ok bennoFlorian Obser
2017-01-21kill remote with fire, we need to handle this differentlyFlorian Obser
OK benno
2017-01-21typo; ok bennoFlorian Obser
2017-01-21acme-client use configuration file [5 of 5]Sebastian Benoit
implement new -n option to check and print configuration ok florian
2017-01-21acme-client use configuration file [4 of 5]Sebastian Benoit
fix getopt() ok florian
2017-01-21acme-client use configuration file [3 of 5]Sebastian Benoit
change command line options: n -> A new Account key N -> D new Domain key With this acme-client has these main usage patterns: * create new Account Key and Domain Key and get a certificate: acme-client -A -D www.example.com * renew certificate: acme-client www.example.com * revoke certificate: acme-client -r www.example.com ok florian
2017-01-21acme-client use configuration file [2 of 5]Sebastian Benoit
- add challengedir option to config file - remove -C option from command line ok florian
2017-01-21acme-client use configuration file [1 of 5]Sebastian Benoit
start using the configuration file and delete command line arguments: -a agreement -> agreement url ... -c certdir -> domain certificate "path" -f accountkey -> account key "path" -k domainkey -> domain key "path" -s authority -> sign with "name" new argument: -f configfile the changes needed to use the new configuration are local to main.c for now. While the configuration could be passed directly to netproc(), keyproc() etc, the diff is smaller this way. This also removes the multidir (-m) mode for now - specify different paths in each domain {} block instead. ok florian
2017-01-21Nuke whitespace foolish enough to expose itself during the greatKenneth R Westerback
"warning:" rectification.
2017-01-20work on making log.c similar in all daemons:Sebastian Benoit
reduce the (mostly whitespace) differences so that log.c's can be diffed easily. need to set verbose in main() when option -d is used. ok florian@
2017-01-20work on making log.c similar in all daemons:Sebastian Benoit
reduce the (mostly whitespace) differences so that log.c's can be diffed easily. disclaimer change ok henning@. ok krw@ jmatthew@
2017-01-20work on making log.c similar in all daemons:Sebastian Benoit
move daemon-local functions into new logmsg.c, and reduce the (mostly whitespace) differences so that log.c's can be diffed easily. removal of log_rtmsg() aproved by claudio@ ok claudio@ krw@
2017-01-20unbreak treeSebastian Benoit
2017-01-20work on making log.c similar in all daemons:Sebastian Benoit
move daemon-local functions into new logmsg.c, and reduce the (mostly whitespace) differences so that log.c's can be diffed easily. ok krw@ jmatthew@
2017-01-20Correctly list all libraries required.Theo de Raadt
2017-01-20Another ip_ipsp.h missing, found by krw@Claudio Jeker
2017-01-20Because of pfsync this needs ip_ipsp.h. Missed in the pfsockaddr_union cleanup.Claudio Jeker
Found by krw@
2017-01-20Oops. one "error(NONFATAL,..." got flipped to "error(...)" insteadKenneth R Westerback
of "warning(...)". Spotted by & ok procter@
2017-01-20In "%.*s" the * takes (int). gcc whines if you try to use the resultKenneth R Westerback
of pointer subtraction without a cast. So cast those expressions to (int). Switch one local variable to the same type as the parameter it is compared to. ok deraadt@ guenther@ beck@
2017-01-20Split error() into error() and warn() so that error() can be markedKenneth R Westerback
__dead and thus let gcc sleep at night. ok tb@ beck@
2017-01-20add logging messages to distinguish which safty check failedPeter Hessler
2017-01-20Mark functions that do not return as __dead to quiet gcc warnings.Kenneth R Westerback
ok beck@
2017-01-19Simplify: bundle stripcom().Antoine Jacoutot
2017-01-19/etc/mirror.conf -> /etc/installurlAntoine Jacoutot
discussed with deraadt@ beck@ rpe@
2017-01-19Export the host time to the guest, add it as a timedelta sensor in vmmci(4)Reyk Floeter
OK kettenis@ mlarkin@
2017-01-19ls_missing(): as a precaution, don't output anything on stdout when runningAntoine Jacoutot
ftp(1) to prevent corrupting the patch list; we are already running in silent mode but better safe than sorry. Read the syspatch mirror base URL using stripcom() /etc/mirror.conf for the time being; discussed with deraadt@ and rpe@ -- naming is not set in stone yet.
2017-01-19Use the _syspatch user.Antoine Jacoutot