IF YOU WOULD LIKE TO GET AN ACCOUNT, please write an
email to Administrator. User accounts are meant only to access repo
and report issues and/or generate pull requests.
This is a purpose-specific Git hosting for
BaseALT
projects. Thank you for your understanding!
Только зарегистрированные пользователи имеют доступ к сервису!
Для получения аккаунта, обратитесь к администратору.
The `do` and (old) `yandex` providers got removed, but as their
endpoints are not functional since a few years already lets not care
for any backward compat here, they could not have been used anyway
since a while.
Otherwise we get a few new providers and fixes included.
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
According to RFC 8555:
> The MAC key SHOULD be provided in base64url-encoded form...
However, currently we are only decoding the MAC key as base64.
This patch chooses the correct function to decode the user provided
MAC key. This can fix authentication error when a user uses command
`pvenode acme account register` and paste the EBA MAC key as prompted.
Signed-off-by: YU Jincheng <shana@zju.edu.cn>
Tested-by: Folke Gleumes <f.gleumes@proxmox.com>
[ TL: fix typo in message, reword subject ]
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
added:
- artfiles
- bookmyname
- dnsexit
- tencent
The first one added a new false-positive where our heuristic matched
the "_acme-challenge " inside the sed arguments, but that clearly
isn't a function.
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
noticed that _clearaccountconf_mutable is used in dns_cf.sh, but not
present (it gets masked since we provide _clearaccountconf)
tested with this example.
additionally update missing-functions.expected - _error is not
present in upstream `acme.sh` but used in dns_aws.sh (I expect an
error which is only hit very seldomly)
Signed-off-by: Stoiko Ivanov <s.ivanov@proxmox.com>
there's a build cycle between proxmox-acme and pve-common, but proxmox-acme
only uses it for `make check`, so it's possible to break the cycle by using the
nocheck build profile when bootstrapping.
Signed-off-by: Fabian Grünbichler <f.gruenbichler@proxmox.com>
the _isRSA one is used by the new yc plugin, but doesn't hurt much to
already include the very similar Ecc one too.
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
as we only use a heuristic we maintain a known good expected false
positive list, update that if new ones get added but be sure that no
new function was included!
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
it's used by the dns_hetzner (and dns_nsd) plugins.
reported in our community-forum (and tested there as well):
https://forum.proxmox.com/threads/.105879/
Signed-off-by: Stoiko Ivanov <s.ivanov@proxmox.com>
a bit to weird of a place to configure this especially as enabling it
does not guarantee any proxying if there's none..
This reverts commit e1088f616ffc73a96ee3433f0ea07639ef7513e7.
this patch adds an optional 'use-proxy' property to the dns
challenges.
If set to 1 the caller is expected to add the proxy url in the plugin
config, which is then set as 'http_proxy' and 'https_proxy'
environment variable by the plugin caller (and then used by curl)
Tested with the pdns plugin, direct traffic to the pdns server being
dropped, and a configured squid proxy
Signed-off-by: Stoiko Ivanov <s.ivanov@proxmox.com>
we have some places where we just do not need the plugins and the
perl library has no hard dependency on the plugin stuff, http
challenge and acme protocol implementation are independent of those
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
not nice to die plainly on a using this module (which can come in
indirectly/transitively), so lets better cope with that.
Nice side-effect, if nothing uses it, it won't get loaded, so less
IO and memory in that case.
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
the current default chains end with an expired root certificate for
maximum compatibility with old Android versions. this breaks some other
older clients (openssl, gnutls) which don't expect chains to contain any
expired certificates, even if they are 'above' the trust anchor.
by setting $root, it is possible to specify which root the ACME provided
certificate chain should end with, downloading alternate chains as
necessary.
Signed-off-by: Fabian Grünbichler <f.gruenbichler@proxmox.com>
Reviewed-by: Stoiko Ivanov <s.ivanov@proxmox.com>
Tested-by: Stoiko Ivanov <s.ivanov@proxmox.com>
Commits ae3dda0f8fc3071495cd1e8dff0fe4a339febb1c and
d70b759cb9c5b413cce92e65e841a54a65813962
implementing retrying get and post requests seem worth pulling in.
From a quick look through the diff the remaining changes (between
2.9.0 and 3.0.0) should not be relevant for us
Signed-off-by: Stoiko Ivanov <s.ivanov@proxmox.com>
