From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <s.ivanov@proxmox.com>
Received: from firstgate.proxmox.com (firstgate.proxmox.com [212.224.123.68])
 (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
 key-exchange X25519 server-signature RSA-PSS (2048 bits))
 (No client certificate requested)
 by lists.proxmox.com (Postfix) with ESMTPS id 0139E7DE79
 for <pbs-devel@lists.proxmox.com>; Tue,  9 Nov 2021 17:59:03 +0100 (CET)
Received: from firstgate.proxmox.com (localhost [127.0.0.1])
 by firstgate.proxmox.com (Proxmox) with ESMTP id F1FA811522
 for <pbs-devel@lists.proxmox.com>; Tue,  9 Nov 2021 17:59:02 +0100 (CET)
Received: from proxmox-new.maurer-it.com (proxmox-new.maurer-it.com
 [94.136.29.106])
 (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
 key-exchange X25519 server-signature RSA-PSS (2048 bits))
 (No client certificate requested)
 by firstgate.proxmox.com (Proxmox) with ESMTPS id 267CF114D4
 for <pbs-devel@lists.proxmox.com>; Tue,  9 Nov 2021 17:59:01 +0100 (CET)
Received: from proxmox-new.maurer-it.com (localhost.localdomain [127.0.0.1])
 by proxmox-new.maurer-it.com (Proxmox) with ESMTP id 76C2346922
 for <pbs-devel@lists.proxmox.com>; Tue,  9 Nov 2021 17:54:33 +0100 (CET)
From: Stoiko Ivanov <s.ivanov@proxmox.com>
To: pbs-devel@lists.proxmox.com
Date: Tue,  9 Nov 2021 16:54:14 +0000
Message-Id: <20211109165422.311089-1-s.ivanov@proxmox.com>
X-Mailer: git-send-email 2.30.2
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
X-SPAM-LEVEL: Spam detection results:  0
 AWL 0.342 Adjusted score from AWL reputation of From: address
 BAYES_00                 -1.9 Bayes spam probability is 0 to 1%
 KAM_DMARC_STATUS 0.01 Test Rule for DKIM or SPF Failure with Strict Alignment
 SPF_HELO_NONE           0.001 SPF: HELO does not publish an SPF Record
 SPF_PASS               -0.001 SPF: sender matches SPF record
 URIBL_BLOCKED 0.001 ADMINISTRATOR NOTICE: The query to URIBL was blocked. See
 http://wiki.apache.org/spamassassin/DnsBlocklists#dnsbl-block for more
 information. [node.rs, certificates.rs, client.rs, acme.rs, lib.rs,
 proxmox.com, plugin.rs]
Subject: [pbs-devel] [PATCH proxmox-backup/proxmox-acme-rs/pwt] acme: add
 support for http_proxy and wildcard certs
X-BeenThere: pbs-devel@lists.proxmox.com
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Proxmox Backup Server development discussion
 <pbs-devel.lists.proxmox.com>
List-Unsubscribe: <https://lists.proxmox.com/cgi-bin/mailman/options/pbs-devel>, 
 <mailto:pbs-devel-request@lists.proxmox.com?subject=unsubscribe>
List-Archive: <http://lists.proxmox.com/pipermail/pbs-devel/>
List-Post: <mailto:pbs-devel@lists.proxmox.com>
List-Help: <mailto:pbs-devel-request@lists.proxmox.com?subject=help>
List-Subscribe: <https://lists.proxmox.com/cgi-bin/mailman/listinfo/pbs-devel>, 
 <mailto:pbs-devel-request@lists.proxmox.com?subject=subscribe>
X-List-Received-Date: Tue, 09 Nov 2021 16:59:03 -0000

this series resulted from a fix for #3536 (for PVE), which I then extended to
cover all products (and their respective acme implementations)

additionally Fabian (Gruenbichler) and I discussed a thread in our
community-forum [0], where a user ran into a (unrelated and for us not reproducible issue),
but it made me notice that PBS does not support wildcard certificates.

the individual patches are mostly short and hopefully self-explaining

Tested on my setup with a publicly exposed powerdns-plugin and let's encrypt
(mostly staging)

[0] https://forum.proxmox.com/threads/no-connection-to-proxmox-backup-server-tls_process_server_certificate.97942/

proxmox-widget-toolkit:
Stoiko Ivanov (1):
  acmeplugin: add use-proxy checkbox

 src/window/ACMEPluginEdit.js | 8 ++++++++
 1 file changed, 8 insertions(+)

proxmox-acme-rs:
Stoiko Ivanov (1):
  client: add support for proxies

 src/client.rs | 15 +++++++++++++++
 1 file changed, 15 insertions(+)

proxox-backup:
Stoiko Ivanov (6):
  api: config: acme: rustfmt
  config: acme: plugin: rustfmt
  api: acme: fix typo
  acme: client: read http_proxy from node config
  acme: plugin: add 'use-proxy' property
  acme: add support for wildcard certificates

 pbs-api-types/src/lib.rs      |  5 ++++
 src/acme/client.rs            |  8 +++++-
 src/acme/plugin.rs            | 23 +++++++++++++++++-
 src/api2/config/acme.rs       | 46 ++++++++++++++++++++++++++---------
 src/api2/node/certificates.rs |  2 +-
 src/api2/types/acme.rs        |  4 +--
 src/config/acme/plugin.rs     | 10 +++++++-
 src/config/node.rs            |  9 +++++++
 8 files changed, 90 insertions(+), 17 deletions(-)

--
2.30.2