Make a few error messages match the actually failing function.
Set the X.509 request version number.
Rather than assuming the default value from X509_REQ_new(), explicitly
the X.509 request version number to zero.
Run tests against libressl 3.5.3
Run tests on stable alpine as well
Fix compatibility with LibreSSL 3.5
LibreSSL 3.5 supports the same interface as OpenSSL. This breaks
compatibility with LibreSSL 3.4, which does not support this interface,
but if you are using a recent acme-client, you should probably also be
using a recent LibreSSL.
Check that the challenge token which is turned into a filename is
base64url encoded. We have only the challenge directory unveil(2)'ed so
funny business like ../ will not work, but we shouldn't generate
garbage filenames that someone else might trip over either. Pointed out
and diff by Ali Farzanrad (ali_farzanrad AT riseup.net) OK beck
Plug leak in ec_key_create()
EVP_PKEY_set1_EC_KEY() bumps the refcount of eckey, so eckey won't be
freed at the end of keyproc() or acctproc(), which means that secrets
aren't wiped. Move EC_KEY_free() to the out label, so that the refcount
is decremented or the key freed, as appropriate.
acme-client: only warn on PEM_write_ECPrivateKey() failure instead of
everytime ec_create_key() is called.
From wolf at wolfsden dot cz
Run nginx test server on localhost only
Previously nginx would bind to all interfaces, including public ones.
the wrapped cron line is going to lose people
Add script to check release tarball
It is necessary to validate, that the released tarball actually contains
everything necessary to compile the program without any additional
dependencies (for example bison). This script can be used to take any
tarball for a spin using the sr.ht's build jobs.