An ok beck@ from me with my usual curmudgeonly mutterings
about the people who made this necessary for isalnum(), walls,
and revolutions...
> On May 5, 2022, at 7:57 AM, Florian Obser wrote:
>
> On 2022-05-04 13:21 +0430, Ali Farzanrad wrote:
>> OK, I've tested following diff on my own
On 2022-05-04 13:21 +0430, Ali Farzanrad wrote:
> OK, I've tested following diff on my own domain and it works.
> I did 2 modifications:
>
> 1. I explicitly call setlocate with "C" to ensure C locale,
I came to the conclusion that it's best to call setlocale in first thing
in main, that's what
Florian Obser wrote:
> On 2022-05-03 17:41 +0430, Ali Farzanrad wrote:
> >
> > Hi Florian,
> >
> > Yes, I read the RFC, it should work, but I couldn't test it yet, because
> > my domain manager is a little lazy (I've registeret 2 subdomains for my
> > domain, but it is not listed in name servers
On 2022-05-03 17:41 +0430, Ali Farzanrad wrote:
>
> Hi Florian,
>
> Yes, I read the RFC, it should work, but I couldn't test it yet, because
> my domain manager is a little lazy (I've registeret 2 subdomains for my
> domain, but it is not listed in name servers yet). I'll probably test
> it
Florian Obser wrote:
> On 2022-05-02 03:04 +0430, Ali Farzanrad wrote:
> > Hi tech@,
> >
> > I know that acme-client is unveiled properly, but isn't it better to
> > check token names?
>
> Nice catch, the token is untrusted input.
> We should validate this differently though.
>
> RFC 8555, 8.5
On 2022-05-02 03:04 +0430, Ali Farzanrad wrote:
> Hi tech@,
>
> I know that acme-client is unveiled properly, but isn't it better to
> check token names?
Nice catch, the token is untrusted input.
We should validate this differently though.
RFC 8555, 8.5 HTTP Challenge:
token (required,
Hi tech@,
I know that acme-client is unveiled properly, but isn't it better to
check token names?
===
RCS file: /cvs/src/usr.sbin/acme-client/chngproc.c,v
retrieving revision 1.16
diff -u -p -r1.16 chngproc.c
--- chngproc.c 12 Jul
