~graywolf

Trackers

~graywolf/acme-client-portable

Last active 3 months ago

~graywolf/vim-hanami

Last active 9 months ago

~graywolf/terraform-provider-vpsadmin

Last active 9 months ago

~graywolf/repro-279

Last active 9 months ago

~graywolf/pyicmp

Last active 9 months ago

~graywolf/pmount

Last active 9 months ago

~graywolf/mkinitfs

Last active 9 months ago

~graywolf/mass_renamer

Last active 9 months ago

~graywolf/gomemcache

Last active 9 months ago

~graywolf/gbook

Last active 9 months ago
View more

#5 Segfaults in keyproc and netproc 3 months ago

on ~graywolf/acme-client-portable

REPORTED RESOLVED FIXED

#5 Segfaults in keyproc and netproc 4 months ago

Comment by ~graywolf on ~graywolf/acme-client-portable

Hello, first, let me say that I'm sorry for taking so long. However, since it was working for you, and I have been crazy busy at work, I sadly did not manage to get to this sooner.

It's unclear whether --with-libtls replaces or adds to --with-openssl. I had to specify both for configure to work. May I suggest making --with-libtls a full alternative to --with-openssl, with a directory indication? --with-libtls=libresslbasedir

Since libtls can be used with openssl, making those options exclusive would not work I think. However I've tried to improve (well, more like add :) ) documentation, so please check if it is sufficiently documented now.

Reliance on pkg-config. Some systems (including mine) don't have pkg-config, so I had to specify LIBTLS_CFLAGS and LIBTLS_LIBS by hand. It's fine; but it needs to be documented. The way I made it work, the build had "-lssl -lcrypto -ltls -lssl -lcrypto" as its final LIBS, which kinda works but is suboptimal ^^

I've moved libtls over to same script as openssl detection. That does use pkg-config, but accepts explicit path and checks default ones if pkg-config cannot be used. Also now both libraries are configured the same way, which is probably better anyway. I've also documented the lookup order, I hope that should help.

The software relies on sys/queue.h, which is not standard. glibc provides it, but not musl; I had to fish out a sys/queue.h implementation manually. In order to make acme-client-portable really portable, I think it should provide its own sys/queue.h :-) (this problem already happened on 1.2.0, I think, but I'm using the opportunity to report it here.)

True, looking back at it it's not worth it to require user to provide the header, since it is self-contained. The build still checks if bsd/sys/queue.h is present, but if not, it falls back to vendored one.

Hope this helps, and even if you don't fix the small annoyances above, I was able to make it work, so, thanks!

I've created a proper -rc1[0] this time, would appreciate if you would find a time to give it a spin, both for functionality and for the documentation. I would like to do the release at latest by end of month, so feel free to take your time if necessary.

0: https://data.wolfsden.cz/sources/acme-client-1.3.0-rc1.tar.gz sha256sum: 02dc12880669a6cd948e20747cabe21e5a8be60dd9f1dd7c8fae33c9830b2b69

#5 Segfaults in keyproc and netproc 4 months ago

up-for-grabs removed by ~graywolf on ~graywolf/acme-client-portable

#7 SAN is not always generated 4 months ago

Comment by ~graywolf on ~graywolf/acme-client-portable

Patch accepted upstream, will be present in 1.3.

REPORTED RESOLVED FIXED

#5 Segfaults in keyproc and netproc 8 months ago

Comment by ~graywolf on ~graywolf/acme-client-portable

While I do not share your opinion, I kinda understand. I've packaged current master here [0]. Please ignore the version number in the name, it is not a final release, I've just run make dist on the master branch that already has the version bumped.

If you are paranoid here is a checksum:

+   $ sha256sum acme-client-1.3.0.tar.gz
0b25b31ac4e4f3479e7cf3534ba5ad124519c5dd43afb07d20e4905547f9ecf4  acme-client-1.3.0.tar.gz

I appreciate your help with testing this.

0: https://data.wolfsden.cz/tmp/acme-client-1.3.0.tar.gz

#5 Segfaults in keyproc and netproc 8 months ago

Comment by ~graywolf on ~graywolf/acme-client-portable

I would love to see a version of acme-client using LibreSSL, unchanged except for the removal of OpenBSD-specific calls.

With the --with-libtls you should be basically getting this. Minimal changes possible (or realistic).

#5 Segfaults in keyproc and netproc 8 months ago

Comment by ~graywolf on ~graywolf/acme-client-portable

Hello,

sorry for taking so long to get back to you. Could you please try current master? In order to use tls from libressl (which you likely want), pass --with-libtls to the configure script.

Based on my testing it should work with libressl now. So please give it a shot.

If it is fine I will release 1.3.0 which will contain some more bug fixes.

#6 Macros are not working 8 months ago

on ~graywolf/acme-client-portable

REPORTED RESOLVED FIXED

#8 URL does not allow port 8 months ago

~graywolf assigned ~graywolf to #8 on ~graywolf/acme-client-portable

#8 URL does not allow port 8 months ago

Ticket created by ~graywolf on ~graywolf/acme-client-portable

As comment says:

The url must be formatted as schema://address[/stuff].

So try to improve that.