on ~graywolf/acme-client-portable
REPORTED RESOLVED FIXED
Comment by ~graywolf on ~graywolf/acme-client-portable
Hello, first, let me say that I'm sorry for taking so long. However, since it was working for you, and I have been crazy busy at work, I sadly did not manage to get to this sooner.
It's unclear whether --with-libtls replaces or adds to --with-openssl. I had to specify both for configure to work. May I suggest making --with-libtls a full alternative to --with-openssl, with a directory indication? --with-libtls=libresslbasedir
Since libtls can be used with openssl, making those options exclusive would not work I think. However I've tried to improve (well, more like add :) ) documentation, so please check if it is sufficiently documented now.
Reliance on pkg-config. Some systems (including mine) don't have pkg-config, so I had to specify LIBTLS_CFLAGS and LIBTLS_LIBS by hand. It's fine; but it needs to be documented. The way I made it work, the build had "-lssl -lcrypto -ltls -lssl -lcrypto" as its final LIBS, which kinda works but is suboptimal ^^
I've moved libtls over to same script as openssl detection. That does use pkg-config, but accepts explicit path and checks default ones if pkg-config cannot be used. Also now both libraries are configured the same way, which is probably better anyway. I've also documented the lookup order, I hope that should help.
The software relies on sys/queue.h, which is not standard. glibc provides it, but not musl; I had to fish out a sys/queue.h implementation manually. In order to make acme-client-portable really portable, I think it should provide its own sys/queue.h :-) (this problem already happened on 1.2.0, I think, but I'm using the opportunity to report it here.)
True, looking back at it it's not worth it to require user to provide the header, since it is self-contained. The build still checks if bsd/sys/queue.h is present, but if not, it falls back to vendored one.
Hope this helps, and even if you don't fix the small annoyances above, I was able to make it work, so, thanks!
I've created a proper -rc1[0] this time, would appreciate if you would find a time to give it a spin, both for functionality and for the documentation. I would like to do the release at latest by end of month, so feel free to take your time if necessary.
0: https://data.wolfsden.cz/sources/acme-client-1.3.0-rc1.tar.gz sha256sum: 02dc12880669a6cd948e20747cabe21e5a8be60dd9f1dd7c8fae33c9830b2b69
up-for-grabs removed by ~graywolf on ~graywolf/acme-client-portable
Comment by ~graywolf on ~graywolf/acme-client-portable
Patch accepted upstream, will be present in 1.3.
REPORTED RESOLVED FIXED
Comment by ~graywolf on ~graywolf/acme-client-portable
While I do not share your opinion, I kinda understand. I've packaged current master here [0]. Please ignore the version number in the name, it is not a final release, I've just run make dist on the master branch that already has the version bumped.
If you are paranoid here is a checksum:
+ $ sha256sum acme-client-1.3.0.tar.gz 0b25b31ac4e4f3479e7cf3534ba5ad124519c5dd43afb07d20e4905547f9ecf4 acme-client-1.3.0.tar.gzI appreciate your help with testing this.
Comment by ~graywolf on ~graywolf/acme-client-portable
I would love to see a version of acme-client using LibreSSL, unchanged except for the removal of OpenBSD-specific calls.
With the --with-libtls you should be basically getting this. Minimal changes possible (or realistic).
Comment by ~graywolf on ~graywolf/acme-client-portable
Hello,
sorry for taking so long to get back to you. Could you please try current master? In order to use tls from libressl (which you likely want), pass --with-libtls to the configure script.
Based on my testing it should work with libressl now. So please give it a shot.
If it is fine I will release 1.3.0 which will contain some more bug fixes.
~graywolf assigned ~graywolf to #8 on ~graywolf/acme-client-portable
Ticket created by ~graywolf on ~graywolf/acme-client-portable
As comment says:
The url must be formatted as schema://address[/stuff].So try to improve that.