Mailing List Archive | ports@openbsd.org

From:: Florian Obser <florian@openbsd.org>
Subject:: Re: acme-client: add challenge hook to support dns-01
To:: ports@openbsd.org
Date:: Wed, 21 Feb 2024 09:03:00 +0100

Download raw body.

Thread

2024-02-20 22:45 Evan Silberman:
acme-client: add challenge hook to support dns-01
- 2024-02-22 15:50 Christopher Zimmermann:
  acme-client: add challenge hook to support dns-01
2024-02-21 08:03 Florian Obser:
acme-client: add challenge hook to support dns-01
- 2024-02-21 16:02 Theo de Raadt:
  acme-client: add challenge hook to support dns-01
- 2024-02-21 16:38 Florian Obser:
  acme-client: add challenge hook to support dns-01

On 2024-02-20 22:32 +01, Christopher Zimmermann <chrisz@openbsd.org> wrote:
> Hi,
>
> this diff adds a challenge hook to acme-client. This hook can be used
> to fulfill challenges. For example by putting the requested files onto
> a remote http server (http-01 challenge) or by modifying dns records
> (dns-01 challenge). The latter are needed to obtain wildcard
> certificates.
> Is this diff ok? Is the design of the hook interface sane? Any
> feedback is welcome.
>

I'm not convinced passing random crap coming from the internet to a
shell script running as root is a good idea.

>
> Christopher
>
>

-- 
In my defence, I have been left unsupervised.

2024-02-20 22:45 Evan Silberman:
acme-client: add challenge hook to support dns-01
- 2024-02-22 15:50 Christopher Zimmermann:
  acme-client: add challenge hook to support dns-01
2024-02-21 08:03 Florian Obser:
acme-client: add challenge hook to support dns-01
- 2024-02-21 16:02 Theo de Raadt:
  acme-client: add challenge hook to support dns-01
- 2024-02-21 16:38 Florian Obser:
  acme-client: add challenge hook to support dns-01