~graywolf/acme-client-portable

Merge branch 'openbsd'
Sync openbsd branch
Make a few error messages match the actually failing function.
679be5b2 — jsing 29 days ago
Set the X.509 request version number.

Rather than assuming the default value from X509_REQ_new(), explicitly
set
the X.509 request version number to zero.

ok tb@
Release 1.3.1
Run tests against libressl 3.5.3
Run tests on stable alpine as well
2b758c07 — Ruud van Asseldonk 2 months ago
Fix compatibility with LibreSSL 3.5

LibreSSL 3.5 supports the same interface as OpenSSL. This breaks
compatibility with LibreSSL 3.4, which does not support this interface,
but if you are using a recent acme-client, you should probably also be
using a recent LibreSSL.
Merge branch 'openbsd'
Sync openbsd branch
f6a8401a — florian 4 months ago
Check that the challenge token which is turned into a filename is
base64url encoded. We have only the challenge directory unveil(2)'ed so
funny business like ../ will not work, but we shouldn't generate
garbage filenames that someone else might trip over either. Pointed out
and diff by Ali Farzanrad (ali_farzanrad AT riseup.net) OK beck
Plug leak in ec_key_create()

EVP_PKEY_set1_EC_KEY() bumps the refcount of eckey, so eckey won't be
freed at the end of keyproc() or acctproc(), which means that secrets
aren't wiped. Move EC_KEY_free() to the out label, so that the refcount
is decremented or the key freed, as appropriate.

tested/ok claudio
whitespace/KNF
acme-client: only warn on PEM_write_ECPrivateKey() failure instead of
everytime ec_create_key() is called.

From wolf at wolfsden dot cz

ok florian
Run nginx test server on localhost only

Previously nginx would bind to all interfaces, including public ones.
Release 1.3.0
Merge branch 'openbsd'
Sync openbsd branch
625d77a5 — deraadt 8 months ago
the wrapped cron line is going to lose people
Add script to check release tarball

It is necessary to validate, that the released tarball actually contains
everything necessary to compile the program without any additional
dependencies (for example bison). This script can be used to take any
tarball for a spin using the sr.ht's build jobs.
Next