Re: [patch] use acme-client to sign certificated with ecdsa keys

On Fri, Jun 14, 2019 at 03:54:38PM +0200, Florian Obser wrote: > On Fri, Jun 14, 2019 at 02:04:00PM +0200, Renaud Allard wrote: > > > > > > On 6/14/19 1:58 PM, Florian Obser wrote: > > > On Fri, Jun 14, 2019 at 09:50:35AM +0200, Renaud Allard wrote: > > > > > > > > > > > > On 6/12/19 2:30 PM,

Re: [patch] use acme-client to sign certificated with ecdsa keys

On Fri, Jun 14, 2019 at 01:58:58PM +0200, Florian Obser wrote: > On Fri, Jun 14, 2019 at 09:50:35AM +0200, Renaud Allard wrote: > > > > > > On 6/12/19 2:30 PM, Renaud Allard wrote: > > > > > > > > > On 6/11/19 2:36 PM, Sebastian Benoit wrote: > > > > Hi, > > > > > > > > some feedback below. >

Re: [patch] use acme-client to sign certificated with ecdsa keys

ok Florian Obser(flor...@openbsd.org) on 2019.06.14 13:58:58 +0200: > On Fri, Jun 14, 2019 at 09:50:35AM +0200, Renaud Allard wrote: > > > > > > On 6/12/19 2:30 PM, Renaud Allard wrote: > > > > > > > > > On 6/11/19 2:36 PM, Sebastian Benoit wrote: > > > > Hi, > > > > > > > > some feedback

Re: [patch] use acme-client to sign certificated with ecdsa keys

On Fri, Jun 14, 2019 at 02:04:00PM +0200, Renaud Allard wrote: > > > On 6/14/19 1:58 PM, Florian Obser wrote: > > On Fri, Jun 14, 2019 at 09:50:35AM +0200, Renaud Allard wrote: > > > > > > > > > On 6/12/19 2:30 PM, Renaud Allard wrote: > > > > > > > > > > > > On 6/11/19 2:36 PM, Sebastian

Re: [patch] use acme-client to sign certificated with ecdsa keys

On 6/14/19 1:58 PM, Florian Obser wrote: On Fri, Jun 14, 2019 at 09:50:35AM +0200, Renaud Allard wrote: On 6/12/19 2:30 PM, Renaud Allard wrote: On 6/11/19 2:36 PM, Sebastian Benoit wrote: Hi, some feedback below. Renaud: maybe wait for feedback from florian or gilles until acting on

Re: [patch] use acme-client to sign certificated with ecdsa keys

On Fri, Jun 14, 2019 at 09:50:35AM +0200, Renaud Allard wrote: > > > On 6/12/19 2:30 PM, Renaud Allard wrote: > > > > > > On 6/11/19 2:36 PM, Sebastian Benoit wrote: > > > Hi, > > > > > > some feedback below. > > > > > > Renaud: maybe wait for feedback from florian or gilles until > > >

Re: [patch] use acme-client to sign certificated with ecdsa keys

On 6/12/19 2:30 PM, Renaud Allard wrote: On 6/11/19 2:36 PM, Sebastian Benoit wrote: Hi, some feedback below. Renaud: maybe wait for feedback from florian or gilles until acting on my comments, sometimes sending diffs to fast creates more work ;) /Benno As suggested by benno@

Re: [patch] use acme-client to sign certificated with ecdsa keys

On 6/11/19 2:36 PM, Sebastian Benoit wrote: Hi, some feedback below. Renaud: maybe wait for feedback from florian or gilles until acting on my comments, sometimes sending diffs to fast creates more work ;) /Benno As suggested by benno@ removal of the global variable removal of KEYTYPE

Re: [patch] use acme-client to sign certificated with ecdsa keys

On Wed, Jun 12, 2019 at 08:12:04AM +0200, Florian Obser wrote: > > I had a look yesterday and it looks mostly OK. > Something came up and I won't be around the next days. > > Someone can put it and and we can tweak it in tree or we wait a few > days. > okie dokie, will commit tonight when I

Re: [patch] use acme-client to sign certificated with ecdsa keys

I had a look yesterday and it looks mostly OK. Something came up and I won't be around the next days. Someone can put it and and we can tweak it in tree or we wait a few days. On Tue, Jun 11, 2019 at 01:37:24PM +0200, Renaud Allard wrote: > > > On 6/11/19 10:17 AM, Renaud Allard wrote: > >

Re: [patch] use acme-client to sign certificated with ecdsa keys

On Tue, Jun 11, 2019 at 01:37:24PM +0200, Renaud Allard wrote: > > > On 6/11/19 10:17 AM, Renaud Allard wrote: > > > > Hello, > > > > Here is a patch with ecdsa and rsa in %token after the domain key name > > > > OK? comments? > > I just made a small modification in the formatting of

Re: [patch] use acme-client to sign certificated with ecdsa keys

On 6/11/19 10:17 AM, Renaud Allard wrote: Hello, Here is a patch with ecdsa and rsa in %token after the domain key name OK? comments? I just made a small modification in the formatting of acme.conf man page, putting keytype as an arg. And also a cleaner key.h OK? Index: Makefile

Re: [patch] use acme-client to sign certificated with ecdsa keys

On 6/7/19 2:38 PM, Renaud Allard wrote: On 6/7/19 2:28 PM, Florian Obser wrote: On Fri, Jun 07, 2019 at 10:40:36AM +0200, Renaud Allard wrote: On 6/6/19 10:46 AM, Renaud Allard wrote: On 6/6/19 10:10 AM, Florian Obser wrote: I currently don't have time to review this. I'm busy

Re: [patch] use acme-client to sign certificated with ecdsa keys

On 6/7/19 2:28 PM, Florian Obser wrote: On Fri, Jun 07, 2019 at 10:40:36AM +0200, Renaud Allard wrote: On 6/6/19 10:46 AM, Renaud Allard wrote: On 6/6/19 10:10 AM, Florian Obser wrote: I currently don't have time to review this. I'm busy switching acme-client to the rfc 8555 /

Re: [patch] use acme-client to sign certificated with ecdsa keys

On 6/7/19 2:28 PM, Florian Obser wrote: On Fri, Jun 07, 2019 at 10:40:36AM +0200, Renaud Allard wrote: On 6/6/19 10:46 AM, Renaud Allard wrote: On 6/6/19 10:10 AM, Florian Obser wrote: I currently don't have time to review this. I'm busy switching acme-client to the rfc 8555 /

Re: [patch] use acme-client to sign certificated with ecdsa keys

On Fri, Jun 07, 2019 at 10:40:36AM +0200, Renaud Allard wrote: > > > On 6/6/19 10:46 AM, Renaud Allard wrote: > > > > > > On 6/6/19 10:10 AM, Florian Obser wrote: > > > > > I currently don't have time to review this. I'm busy switching > > > acme-client to the rfc 8555 / letsencrypt v2 api.

Re: [patch] use acme-client to sign certificated with ecdsa keys

On 6/7/19 10:40 AM, Renaud Allard wrote: On 6/6/19 10:46 AM, Renaud Allard wrote: On 6/6/19 10:10 AM, Florian Obser wrote: I currently don't have time to review this. I'm busy switching acme-client to the rfc 8555 / letsencrypt v2 api. Doesn't look like this conflicts too badly with my

Re: [patch] use acme-client to sign certificated with ecdsa keys

On 6/6/19 10:46 AM, Renaud Allard wrote: On 6/6/19 10:10 AM, Florian Obser wrote: I currently don't have time to review this. I'm busy switching acme-client to the rfc 8555 / letsencrypt v2 api. Doesn't look like this conflicts too badly with my work, but I'd appreciate it if we could hold

Re: [patch] use acme-client to sign certificated with ecdsa keys

On 6/6/19 10:10 AM, Florian Obser wrote: On Wed, Jun 05, 2019 at 05:37:51PM +0200, Gilles Chehade wrote: On Wed, Jun 05, 2019 at 08:39:51AM +0200, Renaud Allard wrote: On 6/5/19 8:20 AM, Gilles Chehade wrote: On Tue, Jun 04, 2019 at 03:54:11PM +0200, Renaud Allard wrote: On 6/3/19

Re: [patch] use acme-client to sign certificated with ecdsa keys

On Wed, Jun 05, 2019 at 05:37:51PM +0200, Gilles Chehade wrote: > On Wed, Jun 05, 2019 at 08:39:51AM +0200, Renaud Allard wrote: > > > > > > On 6/5/19 8:20 AM, Gilles Chehade wrote: > > > On Tue, Jun 04, 2019 at 03:54:11PM +0200, Renaud Allard wrote: > > > > > > > > > > > > On 6/3/19 11:53 AM,

Re: [patch] use acme-client to sign certificated with ecdsa keys

On Wed, Jun 05, 2019 at 08:39:51AM +0200, Renaud Allard wrote: > > > On 6/5/19 8:20 AM, Gilles Chehade wrote: > > On Tue, Jun 04, 2019 at 03:54:11PM +0200, Renaud Allard wrote: > > > > > > > > > On 6/3/19 11:53 AM, Renaud Allard wrote: > > > > > > > > > > > > On 5/29/19 9:58 AM, Florian Obser

Re: [patch] use acme-client to sign certificated with ecdsa keys

On 6/5/19 8:39 AM, Renaud Allard wrote: On 6/5/19 8:20 AM, Gilles Chehade wrote: On Tue, Jun 04, 2019 at 03:54:11PM +0200, Renaud Allard wrote: On 6/3/19 11:53 AM, Renaud Allard wrote: On 5/29/19 9:58 AM, Florian Obser wrote: why not let acme-client generate the key? Here is a

Re: [patch] use acme-client to sign certificated with ecdsa keys

On 6/5/19 8:20 AM, Gilles Chehade wrote: On Tue, Jun 04, 2019 at 03:54:11PM +0200, Renaud Allard wrote: On 6/3/19 11:53 AM, Renaud Allard wrote: On 5/29/19 9:58 AM, Florian Obser wrote: why not let acme-client generate the key? Here is a more complete diff where you can use the -E

Re: [patch] use acme-client to sign certificated with ecdsa keys

On Tue, Jun 04, 2019 at 03:54:11PM +0200, Renaud Allard wrote: > > > On 6/3/19 11:53 AM, Renaud Allard wrote: > > > > > > > > On 5/29/19 9:58 AM, Florian Obser wrote: > > > > > On Wed, May 22, 2019 at 01:33:11PM +0200, Renaud Allard wrote: > > > > > > The key needs to be generated manually > >

Re: [patch] use acme-client to sign certificated with ecdsa keys

On 6/3/19 11:53 AM, Renaud Allard wrote: On 5/29/19 9:58 AM, Florian Obser wrote: On Wed, May 22, 2019 at 01:33:11PM +0200, Renaud Allard wrote: The key needs to be generated manually i.e.: openssl ecparam -genkey -name secp384r1 -out privkey.pem why not let acme-client generate the key?

Re: [patch] use acme-client to sign certificated with ecdsa keys

On 6/3/19 11:18 AM, Renaud Allard wrote: On 5/29/19 10:19 AM, Renaud Allard wrote: On 5/29/19 9:58 AM, Florian Obser wrote: On Wed, May 22, 2019 at 01:33:11PM +0200, Renaud Allard wrote: The key needs to be generated manually i.e.: openssl ecparam -genkey -name secp384r1 -out

Re: [patch] use acme-client to sign certificated with ecdsa keys

On 5/29/19 10:19 AM, Renaud Allard wrote: On 5/29/19 9:58 AM, Florian Obser wrote: On Wed, May 22, 2019 at 01:33:11PM +0200, Renaud Allard wrote: The key needs to be generated manually i.e.: openssl ecparam -genkey -name secp384r1 -out privkey.pem why not let acme-client generate the

Re: [patch] use acme-client to sign certificated with ecdsa keys

On 5/29/19 9:58 AM, Florian Obser wrote: On Wed, May 22, 2019 at 01:33:11PM +0200, Renaud Allard wrote: Hello, First, sorry for double posting to misc@. This is a short patch to let acme-client accept ECDSA keys now that letsencrypt accepts signing certificates with those keys. This

Re: [patch] use acme-client to sign certificated with ecdsa keys

On Wed, May 22, 2019 at 01:33:11PM +0200, Renaud Allard wrote: > Hello, > > First, sorry for double posting to misc@. > > This is a short patch to let acme-client accept ECDSA keys now that > letsencrypt accepts signing certificates with those keys. This functionality > is present in certbot, so