We need to be able to provide contact information to use the
buypass.com acme api.
From Bartosz Kuzma (bartosz.kuzma AT release11.com), thanks!
OK beck, deraadt

Allow to have multiple domain ... {} sextions with the same domain
name, by adding a new (optional) config option "domain name".
This can be used to create a rsa and an ecdsa key for the same domain

Allow to have multiple domain ... {} sextions with the same domain
name, by adding a new (optional) config option "domain name".
This can be used to create a rsa and an ecdsa key for the same domain
name.
The old domain name in the 'title' line continues to be used as domain
name in the abscence of the domain name argument, i.e. the change is
backward compatible with current config files.
tested by sthen@
ok florian@ sthen@

show more ...

Implement elliptic curve account keys.
OK benno
Input & OK tb

Track key type (RSA or ECDSA) in an enum and clean up a bit while here.
Originaly from Renaud Allard following input from benno, tweaked by me.
OK benno

use acme-client to sign certificated with ecdsa keys

diff from Renaud Allard <renaud@allard.it>, ok to get in from florian@

Remove A and D flag, they are superfluous.
One could always use them on the command line and acme-client would do
the right thing.

lenght->length, mostly in comments

Deprecate agreement url config option and get the information from the
directory call. This way we don't need to update the acme-client.conf
file every time it changes. Still parse the option, ignore

Deprecate agreement url config option and get the information from the
directory call. This way we don't need to update the acme-client.conf
file every time it changes. Still parse the option, ignore and warn about
it for a release. Sysmerge should be able to handle the removal.
"nice" deraadt@
OK benno

show more ...

move config data structures mostly to TAILQs, because that way we
preserve order.

ok florian@

add option 'domain full chain certificate "path"',
revokation works, the fullchain file will be unlinked.

ok florian

Implement domain chain certificate.
OK benno

acme-client use configuration file [5 of 5]
implement new -n option to check and print configuration

ok florian

acme-client use configuration file [2 of 5]

- add challengedir option to config file
- remove -C option from command line

ok florian

acme-client use configuration file [1 of 5]

start using the configuration file and delete command line arguments:

-a agreement -> agreement url ...
-c certdir -> domain certificate "path"
-

acme-client use configuration file [1 of 5]

start using the configuration file and delete command line arguments:

-a agreement -> agreement url ...
-c certdir -> domain certificate "path"
-f accountkey -> account key "path"
-k domainkey -> domain key "path"
-s authority -> sign with "name"

new argument:
-f configfile

the changes needed to use the new configuration are local to main.c for now.
While the configuration could be passed directly to netproc(), keyproc() etc,
the diff is smaller this way.

This also removes the multidir (-m) mode for now - specify different paths in
each domain {} block instead.

ok florian

show more ...

add a config file parser to acme-client (unused at the moment, so that
it can be worked on in the tree).
ok florian@ deraadt@