Skip to content
This repository has been archived by the owner on Dec 1, 2018. It is now read-only.

Fix null pointer dereference #57

Open
wants to merge 275 commits into
base: master
Choose a base branch
from
Open

Fix null pointer dereference #57

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
275 commits
Select commit Hold shift + click to select a range
86f45d6
Consistency in naming "Let's Encrypt".
May 15, 2016
bab2fe5
Documents key bits.
May 15, 2016
8109309
Catch error return code.
May 15, 2016
d48cff6
Add more documentation.
May 15, 2016
2d9941c
More documentation.
May 15, 2016
4b35ee6
Properly catch when the challenge has been verified.
May 15, 2016
b9e9b61
Fix a segfault.
May 15, 2016
f21cf92
Function attributes for messages.
May 15, 2016
bbfe9e8
Add forgotten waitpid for COMP_FILE and add some readops to make sure…
May 15, 2016
d37b038
Reduce the number of pledges in chngproc.
May 15, 2016
8086e85
Continue minimising the pledges.
May 15, 2016
f134332
Drop privs in the correct order and make sure sys_signame is not used…
May 15, 2016
9be9762
Linux compatibility.
May 15, 2016
defd48c
Fully demonstrate that chroot doesn't work on Linux for netproc.
May 15, 2016
f7769cd
Catch __attribute__ warnings.
May 15, 2016
6150493
Documentation on Linux.
May 15, 2016
c607a4c
Fix for https://github.com/kristapsdz/letskencrypt/pull/1 posted by
May 15, 2016
aa54c64
Fix typo found by Anthony Bentley--thanks!
May 16, 2016
1a0c1c6
Initial check-in of a separate process for DNS management.
May 16, 2016
c7fe54d
Add the dnsproc manager. This was noted by deraadt@. This does noth…
May 16, 2016
fbb61dc
Push the DNS resolution into one function for clarity.
May 16, 2016
7d3bef6
Fix an off-by-one and also fix closing the DNS file descriptor.
May 16, 2016
8c5907e
Account key doesn't need read permissions.
May 16, 2016
d242836
Remove comment that no longer belongs.
May 16, 2016
8a15b7b
We don't close any fds before the out, so don't check them against -1.
May 16, 2016
4e2e765
Don't let the testing code make it out.
May 16, 2016
902ad76
Clean up the README.
May 16, 2016
2e35a5a
Update notes on dnsproc.
May 16, 2016
d029e6b
More documentation notes on why Linux and Mac OS X are a bad idea.
May 16, 2016
a257030
Fix CID 111100.
May 16, 2016
461f63e
Fix CID 111099.
May 16, 2016
e4c815d
Have dnsproc properly return (and not exit) like the other processes.
May 16, 2016
ebd9a02
Add a secret and undocumented feature that allows me to create files …
May 16, 2016
0104e58
Be more terse in the implementation notes.
May 16, 2016
8004fe8
Update README a bit.
May 16, 2016
951b70d
Add some media for the GH site and fix a mistake in the manpage.
May 16, 2016
2d0b65a
Have the keyproc and acctproc notify the netproc when they've started…
May 16, 2016
9d17692
Calm down people afraid of root.
May 16, 2016
906f3a4
Failing start-up for account or key proc doesn't error us.
May 16, 2016
ad7d32d
When closing out, close sockets first to cause depending processes to…
May 16, 2016
b273fe6
Continue to polish the documentation.
May 16, 2016
a5a2048
Initial steps of revocation. This is pretty straightforward.
May 16, 2016
a4df2d7
Continue making operations more semantically meaningful.
May 17, 2016
c8eb558
Continue cleaning up operations (in netproc).
May 17, 2016
bf0430d
Add in the initial framework for checking certificate revocation times.
May 17, 2016
29e09ef
Have chngproc's magic testing phase (which isn't an official option) not
May 17, 2016
0ec9c07
Check for expiration date of certificate, if found. This makes it po…
May 17, 2016
53dd33d
Re-add accidentally-removed check for certificate non-expiration.
May 17, 2016
3c39488
Plug still-open fd.
May 17, 2016
faad887
Add note on revokeproc to manpage.
May 17, 2016
25589ab
Finish the revocation function. Also, start to lay the groundwork for
May 18, 2016
00ac0ee
Split all sandbox operations into their own file. This is part of the
May 18, 2016
19f8977
Start stripping out compatibility, which is now in letskencrypt-porta…
May 18, 2016
81f3fe1
Clean up the Makefile now that we have less cruft.
May 18, 2016
15c992d
Add forgotten break statement.
May 18, 2016
09867e6
Catch buffers larger than BUFSIZ bytes.
May 18, 2016
71c2c96
Require OpenBSD >= 5.9.
May 18, 2016
5e38a61
Update the manpage with revocation instructions.
May 18, 2016
94cc8dd
Note that we now do revocation.
May 18, 2016
41c5b0d
FreeBSD nit. This will be smoothed out in subsequent improvement of …
May 18, 2016
b4a5683
Note -portable and FreeBSD.
May 18, 2016
e1d1716
Fix broken link.
May 18, 2016
91269ea
Move setresuid goop into -portable.
May 18, 2016
3407558
Start using setproctitle(). First step in kicking out dbg.c.
May 18, 2016
d973c78
Replace dowarnx() with warnx().
May 18, 2016
835718c
Kick out dowarn in favour of warn.
May 18, 2016
903c7ca
Remove all logging in favour of warnx et al.
May 18, 2016
9f78572
Use strsignal() instead of a hack.
May 18, 2016
5551e89
Allow overriding the priv-drop user.
May 18, 2016
b269c07
No functional change: just order getopt() parameters for easier search.
May 19, 2016
5e050ed
Push communication-related parameters into struct conn. Makes the co…
May 19, 2016
33a980f
Remove debugging message.
May 19, 2016
926105e
Significantly clean up the handling of HTTP document bodies: first, only
May 19, 2016
95275e5
Remove the coverity note (that's going into the -portable version).
May 19, 2016
2af2ca2
Forgot to close revokeproc channel.
May 19, 2016
53a95d8
Make filenames in debug messages more meaningful.
May 19, 2016
19088d1
Fix how SAN is registered with the key. In prior versions, we were h…
May 19, 2016
d69417e
Flip on real versus staging servers. bsd.lv is now eating its dogfood.
May 19, 2016
a321bc7
Document the -s flag.
May 19, 2016
a5c4bc5
We're no longer just using the staging server. Here we go!
May 19, 2016
cec0636
Have writeop, writestr, and writebuf all return -1 on failure, 0 on end
May 19, 2016
0ee1789
Have the writer functions notify us whether the reader has exited.
May 19, 2016
d276472
Have revokeproc properly handle the case where the reader fails.
May 19, 2016
4b0b857
Last nit: make writestr also be ok if the reader has exited.
May 19, 2016
c421f35
Have acctproc properly handle reader termination.
May 19, 2016
b6654d3
Rename label to "out" (consistency) and allow for reader failure.
May 19, 2016
453d15b
Convert certproc to ignore reader failure.
May 19, 2016
d36ad81
Convert chngproc to ignore reader failure.
May 19, 2016
8e48099
Strip out dot-file and www rule: this all goes into the letskencrypt-…
May 20, 2016
c5267a4
Pre-check that the files exist: no need to fork if we don't need to.
May 20, 2016
54adcdb
No need to have the dropfs, dropprivs, or sandbox functions double-re…
May 20, 2016
4340bc7
Fix typo.
May 20, 2016
a2d68ab
Fix erroneous check of realloc return value.
May 20, 2016
f32b54f
Forgotten PREFIX variable.
May 20, 2016
42bce5d
When we start up, check that the domains listed on the command-line are
May 20, 2016
5a44560
It's not clear whether the lengths returned by the BIO are
May 22, 2016
09e43fc
Add JSMN: https://github.com/zserge/jsmn.
May 22, 2016
509559a
Put license directly into jsmn.c and jsmn.h, just to be clear about it.
May 22, 2016
1498599
Kick out json-c in favour of jsmn (with an array->tree wrapper).
May 22, 2016
91690ff
Note use of MIT license in JSMN's files.
May 22, 2016
b34b4c6
Start to kick out libcurl with a small HTTP client originally inspire…
May 24, 2016
2b4e54c
Missing header for compilation.
May 24, 2016
b083193
Continue fleshing out http.h implementation.
May 24, 2016
84c2c3d
Have dnsproc transfer both the IP/IPv6 to netproc and also the family…
May 24, 2016
86e728b
Max the maximum DNS entries be globally known and also add the new dn…
May 24, 2016
d056be5
Stop using curl, and instead use the home-grown http.c and -tls.
May 24, 2016
ff24d77
Weaken TLS validation. Is this necessary?
May 24, 2016
c131cdc
Initial [working] removal of curl from netproc. This replaces the nr…
May 24, 2016
a72c2d5
Don't use strdup() for bodies--they can be binary.
May 24, 2016
f41a1c4
Fix lib.
May 24, 2016
7c57120
For the time being, allow tls_read/write to be ifdef'd for two different
May 24, 2016
66e24fc
Needed for compat glue.
May 24, 2016
3d99e52
Change feature test.
May 24, 2016
aaf86c7
Clean up the readme notes.
May 24, 2016
7173c93
Cache the last DNS response and return that, if the subsequent reques…
May 25, 2016
2ff999a
Make sure the connection is closed as soon as the body is read and also
May 25, 2016
2db9098
Have sreq and nreq return the HTTP error or -1, remove some debugging…
May 25, 2016
c9ba346
Fix scanning ahead for SAN DNS entries.
May 25, 2016
7d2c743
Figure out what tls_close does with the socket.
May 25, 2016
f44ab20
Try to close connection properly.
May 25, 2016
3065bb1
"Embrace the pledge".
May 26, 2016
e6aac4a
What's the point of dropping root privileges if root can't do anything?
May 26, 2016
3beb99e
Make the compiler happy.
May 26, 2016
b3c9da8
Rename chroot-pledge into util-pledge, which is more appropriate.
May 26, 2016
7ba526e
Fix usage. patch by Caspar Schutijser--thanks!
Jun 1, 2016
49cdc56
Remove comment about rename(2) (ack'd by deraadt@) and remove rpath from
Jun 1, 2016
afec6fc
Re-add chroot(2) for file process and challenge process. This is bec…
Jun 1, 2016
35ad88a
The user-drop now occurs only in the -portable code, so we don't want to
Jun 1, 2016
fdcc5de
Fix compilation.
Jun 1, 2016
b46de3f
Prune out setting a user: this is no longer necessary as all procs not
Jun 1, 2016
d7e7305
Remove implementation notes. Suggested by deraadt@ among others.
Jun 1, 2016
b97f3c1
Kick out a lot of old header files we don't use any more.
Jun 1, 2016
e98f885
Protect against zero-length read (EOF) freeing with the realloc. Fou…
Jun 2, 2016
9836e7e
Correct allocation size as noted by @kAworu in pull/2.
Jun 2, 2016
1369e48
Handle zero-length arrays and mark file-scoped function as static. The
Jun 2, 2016
93273c6
Fix an error-path memory leak and make more specific notes as to why
Jun 2, 2016
63e7773
Fix typo noted by @kAworu in https://github.com/kristapsdz/letskencry…
Jun 3, 2016
bd72caf
Remove dependency on RSA for account key. This is only the first ste…
Jun 3, 2016
45601bd
Require key to be RSA (for now). This builds on a patch submitted by
Jun 3, 2016
60bd7b0
Remove dependency on RSA for the domain key. This completely lifts the
Jun 3, 2016
2e6ce15
Be more specific about RSA-ness.
Jun 3, 2016
5729d35
Do what the documentation says regarding -v -v and dump buffers.
Jun 25, 2016
bfe292e
Introduce -m (not documented while I test it) that appends the initial
Jun 25, 2016
7ea8957
Don't modify the input buffer when tracing!
Jun 25, 2016
d37a399
Document multi-domain setup.
Jun 25, 2016
7846213
Initialise variable and also downgrade "cached" message to trace mode.
Jun 25, 2016
f58a62f
Memory leak in error path.
Jun 25, 2016
61ee3c2
Note RSA-specific functions as patched by Remco---thanks!
Jun 25, 2016
45c697e
Split out more RSA-specific functions, from a modified patch by Remco…
Jun 25, 2016
f08e3c9
Also move the key creation into an RSA-specific format, directly from a
Jun 25, 2016
5ebcadb
Update to note NetBSD.
Jun 28, 2016
035ecde
Have creation of account key be properly umasked. From a patch by Re…
Jun 28, 2016
c90ae85
Use isalnum instead of isalpha for domain name validation. Submitted by
Jul 2, 2016
d111e4c
OpenBSD 5.7 needs stdint.h for uintptr_t.
Jul 2, 2016
094535c
On OpenBSD 5.7, tls_read and family behave strangely: account for that.
Jul 2, 2016
bd3de43
Add some example usage.
Jul 10, 2016
e295cf8
Beginning of code to let the keyproc create a new RSA domain key. Th…
Jul 12, 2016
298a93a
Cosmetic fix.
Jul 12, 2016
96240a9
Move rsa key creation and loading into their own file (and header) for
Jul 12, 2016
78b8561
Adding key creation to keyproc.
Jul 12, 2016
aa93e17
Note domain key, not account key.
Jul 12, 2016
33f8fb1
Turn on domain key creation.
Jul 12, 2016
366b651
Add manual bits for -N, domain key registration.
Jul 12, 2016
6808685
Fix access invocation.
Jul 12, 2016
9acfbce
Silence a coverity issue. No logical change.
Jul 12, 2016
474a6fd
Add check for extended error code (i.e., exit status of 2).
Jul 13, 2016
6aaa883
Return a special error code when we update certificates.
Jul 13, 2016
5207e22
Fix usage message, fix error message to be a bit more useful (as note…
Jul 13, 2016
da11a12
Note new exit codes, change "mkdir -m" for mkdir and chmod (not all s…
Jul 13, 2016
d1f22f5
Fix example and reorder exit status documentation.
Jul 13, 2016
64cb509
When using -N or -n, try to open the key-file first, then only create it
Jul 16, 2016
7994647
Allow PATH_VAR_EMPTY to be overridden. Apparently not all systems ha…
Jul 16, 2016
563ba22
Properly check -n and -N existence in main.c, allowing them to propogate
Jul 16, 2016
8d18097
Initial backing-up of certificates.
Jul 28, 2016
4092dd3
Document backing up.
Jul 28, 2016
8cfee69
Adding override for agreement with -a flag. Noted (and partially pat…
Aug 6, 2016
0debf74
Allow overriding agreement and also update usage message.
Aug 6, 2016
fe24b17
Document -a.
Aug 6, 2016
6a0a3f5
Allow a fake-install prefix. From https://github.com/kristapsdz/lets…
Aug 6, 2016
a54458a
Merge https://github.com/kristapsdz/letskencrypt-portable/pull/6 -- t…
Aug 19, 2016
028b423
Initial support for the official "-t" option, which allows the caller to
Aug 22, 2016
7bbbf78
Have the pledge(2) sandbox accept an argument as to whether the chall…
Aug 22, 2016
846781c
Tweak documentation.
Aug 22, 2016
33c4b38
Add license (noted by florian@) and also note that letskencrypt is now
Aug 31, 2016
c3fb432
Typo noted by tj@. Thanks!
Aug 31, 2016
69ae73d
Initial steps in renaming to acme-client. This effort was triggered by
Sep 1, 2016
6985e81
Continue renaming and merge in some fixes suggested by Raf Czlonka--t…
Sep 1, 2016
1fc7d29
White-space fixes merged from downstream OpenBSD commits.
Sep 2, 2016
b1feb82
Continue merging white-space (and other misc.) fixes from downstream …
Sep 2, 2016
9d4655a
Ooops---add in lost comma.
Sep 2, 2016
69eaeec
Final raft of white-space changes from OpenBSD downstream.
Sep 2, 2016
093055d
Feature is now documented.
Sep 2, 2016
6f988e9
Use "acme" instead of "letsencrypt" in default paths. WARNING: IF YO…
Sep 3, 2016
583baab
Automatically create the -m directory if it does not exist and has no…
Sep 3, 2016
6133ea2
Fix https://github.com/kristapsdz/acme-client/pull/19 -- thanks!
Oct 29, 2016
da74d8c
Fix typos in https://github.com/kristapsdz/acme-client/pull/21 and ht…
Oct 29, 2016
ae258d6
Merge some churn from OpenBSD downstream.
Oct 29, 2016
464e49e
Merge OpenBSD variable initialisation.
Oct 29, 2016
2303a60
Merge some OpenBSD churn to reduce diff size.
Oct 29, 2016
b5cb33e
Initialise the HTTP (really just the TLS) context so that it's not do…
Oct 29, 2016
b5fa0c9
Merge Openbsd changes for variables and rename "revoke" to revocate.
Oct 29, 2016
05b925b
Merge more OpenBSD variable changes.
Oct 29, 2016
18c00eb
Bring more in line with OpenBSD's changes.
Oct 29, 2016
4e3c816
Compilation on older OpenBSD machines.
Oct 29, 2016
7be0cf8
Some portability glue for tls_config_error, which will go away as I i…
Oct 30, 2016
c00c2ff
First step at fork+exec. This re-executes each of the subprocesses i…
Oct 30, 2016
4f11a7f
Hack around some poor design decisions in early versions of libtls.
Oct 30, 2016
bcda427
Move error reporting into main process only. Document source code more.
Oct 30, 2016
ffee3ba
Make sure opened descriptors don't clobber the ones we've set aside. …
Oct 31, 2016
9a0af22
Bump min reserved descriptor, just in case.
Oct 31, 2016
8d12997
Testing initial support for ECSDA domain keys.
Oct 31, 2016
c76a01c
Fix: forgot to dup certproc for netproc.
Oct 31, 2016
fddb1f7
Add some documentation.
Oct 31, 2016
6ad1964
Document support for ECSDA.
Oct 31, 2016
82dd102
Fix as per https://github.com/kristapsdz/acme-client-portable/issues/…
Oct 31, 2016
3f4da11
Allow expanding the SAN domains of a certificate.
Nov 1, 2016
0163b3e
If we have a new domain, force updating the certificate.
Nov 1, 2016
2fc821f
Use idiom suggested in OpenBSD's style(9).
Nov 2, 2016
f713a8c
Change __dead to be an __attribute__ (better portability).
Nov 2, 2016
864972f
Work around old versions of libtls.
Nov 2, 2016
941858d
Use timegm instead of mktime as we're processing a UTC time. Also, the
Nov 9, 2016
233abc1
Add a fix for
Nov 24, 2016
9e0c35c
Final check-in for fork+exec fallout: have an extra argument, '-X', that
Nov 25, 2016
efbc294
Disallow '-X' in parent process.
Nov 25, 2016
afdffbe
Merge in OpenBSD's fix to the tls_close() function. And in doing so,…
Dec 2, 2016
6c44c54
Force umask for creation of challenge file.
Dec 5, 2016
fffcdf8
Add OCSP stapling support. Not tested yet.
Jan 28, 2017
4cf0d91
Add OCSP support to front-end.
Jan 28, 2017
4538be8
Expand on the external thumbprint idea, from https://github.com/krist…
Jan 28, 2017
71fa0a3
Modified version of manpage update in https://github.com/kristapsdz/a…
Jan 28, 2017
8cd6e10
Move key-generation message prior to action so that long-running task…
Jan 30, 2017
baefe84
Debug message before long-running action.
Jan 30, 2017
e72cef3
Reduce using "Let's Encrypt" unless where applicable. (Future versio…
Feb 1, 2017
44b9585
Deprecate working with pre-5.9 OpenBSD. We should be using the most …
Feb 12, 2017
d1ba902
Be more clear.
Feb 14, 2017
ab6155c
Fix a harmless error-exit found by Dimitris Papastamos---thanks!
Mar 12, 2017
f54440b
Clarify that older OpenBSD isn't supported. You shouldn't be running…
Mar 12, 2017
d496a6f
Fix https://github.com/kristapsdz/acme-client/pull/31 --- thanks!
Mar 12, 2017
d609cb3
Move example configuration into the EXAMPLE section and include both …
Jul 1, 2017
b579218
Add OpenBSD httpd(8) configuration.
Jul 2, 2017
52b8b8d
Start moving operations (and configuration) into struct config.
Jul 2, 2017
fb2d049
Move "force" into configuration.
Jul 2, 2017
1d20e1b
Move "expand" and "backup" into configuration object.
Jul 2, 2017
f9088e2
Move last "low-hanging fruit" config ops to configuration.
Jul 2, 2017
542f743
Bump copyright.
Jul 2, 2017
eec809c
Move the choice of CA directory service into main.c and a config field.
Jul 2, 2017
09e5702
Move agreement URL into configuration as well.
Jul 2, 2017
aa252cc
Move the challenge type into struct config.
Jul 2, 2017
97200fb
Fix null pointer dereference
Sebbyastian Sep 8, 2018
af0feb0
Update netproc.c
Sebbyastian Sep 8, 2018
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
14 changes: 14 additions & 0 deletions LICENSE.md
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,14 @@
Copyright (c) 2016, Kristaps Dzonsons <kristaps@bsd.lv>

Permission to use, copy, modify, and/or distribute this software for any purpose
with or without fee is hereby granted, provided that the above copyright notice
and this permission notice appear in all copies.

THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES WITH
REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY AND
FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY SPECIAL, DIRECT,
INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS
OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER
TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF
THIS SOFTWARE.

44 changes: 33 additions & 11 deletions Makefile
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,18 +1,40 @@
CFLAGS += -g -W -Wall -Wno-deprecated-declarations `curl-config --cflags`
PREFIX = /usr/local
CFLAGS += -g -W -Wall
OBJS = acctproc.o \
base64.o \
certproc.o \
chngproc.o \
dbg.o \
dnsproc.o \
fileproc.o \
http.o \
jsmn.o \
json.o \
keyproc.o \
main.o \
netproc.o \
revokeproc.o \
rsa.o \
sandbox-pledge.o \
util.o \
util-pledge.o

OBJS = netproc.o main.o keyproc.o acctproc.o dbg.o base64.o util.o chngproc.o json.o certproc.o
acme-client: $(OBJS)
$(CC) -o $@ $(OBJS) -ltls -lssl -lcrypto

letskencrypt: $(OBJS)
$(CC) -o $@ $(OBJS) -lssl -lcrypto `curl-config --libs` -ljson-c
rsa.o acctproc.o keyproc.o: rsa.h

install: letskencrypt
mkdir -p $(PREFIX)/bin
mkdir -p $(PREFIX)/man/man1
install -m 0755 letskencrypt $(PREFIX)/bin
install -m 0644 letskencrypt.1 $(PREFIX)/man/man1
jsmn.o json.o: jsmn.h

http.o netproc.o: http.h

install: acme-client
mkdir -p $(DESTDIR)$(PREFIX)/bin
mkdir -p $(DESTDIR)$(PREFIX)/man/man1
install -m 0755 acme-client $(DESTDIR)$(PREFIX)/bin
install -m 0644 acme-client.1 $(DESTDIR)$(PREFIX)/man/man1

$(OBJS): extern.h

clean:
rm -f letskencrypt $(OBJS)
rm -rf letskencrypt.dSYM
rm -f acme-client $(OBJS)
35 changes: 35 additions & 0 deletions README.md
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,35 @@
## Synopsis

*acme-client* is yet another
[ACME](https://letsencrypt.github.io/acme-spec/) client, specifically
for [Let's Encrypt](https://letsencrypt.org), but one with a strong
focus on security.

It was originally named *letskencrypt* until version 0.1.11.

Please see
[kristaps.bsd.lv/acme-client](https://kristaps.bsd.lv/acme-client) for
stable releases: this repository is for current development of the
[OpenBSD](http://www.openbsd.org) version, requiring OpenBSD 5.9 or
greater. For the portable version (Mac OS X, Linux, FreeBSD, NetBSD) see
[acme-client-portable](https://github.com/kristapsdz/acme-client-portable).

**Note**: this is *not* the same as the OpenBSD version of *acme-client*.

This repository mirrors the master CVS repository: any source changes
will occur in the master and be pushed periodically to GitHub. If you
have bug reports or patches, either file them here or e-mail them to me.

**Feature requests will be ignored unless joined by a patch.** If
there's something you need, I'm happy to work with you to make it
happen. If you really need it, I'm available for contract (contact me
by e-mail).

## License

Sources use the ISC (like OpenBSD) license.
See the [LICENSE.md](LICENSE.md) file for details.

The [jsmn.c](jsmn.c) and [jsmn.h](jsmn.h) files use the MIT license.
See [https://github.com/zserge/jsmn](https://github.com/zserge/jsmn) for
details.
Loading