Mailing List Archive | ports@openbsd.org

From:: Christopher Zimmermann <chrisz@openbsd.org>
Subject:: Re: acme-client: add challenge hook to support dns-01
To:: Evan Silberman <evan@jklol.net>
Cc:: Kristaps Dzonsons <kristaps@bsd.lv>, ports@openbsd.org
Date:: Thu, 22 Feb 2024 16:50:29 +0100

Download raw body.

Thread

2024-02-20 21:32 Christopher Zimmermann:
acme-client: add challenge hook to support dns-01
- 2024-02-20 22:45 Evan Silberman:
  acme-client: add challenge hook to support dns-01
- - 2024-02-22 15:50 Christopher Zimmermann:
    acme-client: add challenge hook to support dns-01
- 2024-02-21 08:03 Florian Obser:
  acme-client: add challenge hook to support dns-01
- - 2024-02-21 16:02 Theo de Raadt:
    acme-client: add challenge hook to support dns-01

On February 20, 2024 11:45:26 PM GMT+01:00, Evan Silberman <evan@jklol.net> wrote:
>
>Any example hook included should probably only use tools found in base, so it shouldn’t depend on curl.

I thought so, too. And it would be easy enough to replace curl by base ftp. But base ftp needs the URL (and therefore the password) passed via the commandline, which is an unsafe channel.

Any ideas how to pass passwords to ftp without revealing them to ps -ax ?

Christopher

2024-02-20 21:32 Christopher Zimmermann:
acme-client: add challenge hook to support dns-01
- 2024-02-20 22:45 Evan Silberman:
  acme-client: add challenge hook to support dns-01
- - 2024-02-22 15:50 Christopher Zimmermann:
    acme-client: add challenge hook to support dns-01
- 2024-02-21 08:03 Florian Obser:
  acme-client: add challenge hook to support dns-01
- - 2024-02-21 16:02 Theo de Raadt:
    acme-client: add challenge hook to support dns-01