This allows disabling authentication after a higher level specifies an
AccessRequirements value, eliminating the last reason to keep access.ars
around.

when they're 30 days old.

ssl.cert and generate a new key.

The defl-signed certificates are 1536 bits, so cannot be reused for Let's
Encrypt.

Modify ctrl/letsyncrypt.ini and in the Domains section, add the web root
for each domain in the format:
example.com=/sbbs/web/root

If the list of domains changes, a new certificate will be generated next
time letsyncrypt runs.

You DO NOT need to specify the domains if you only need to support the single
host system.inet_addr.

Also, allow signing unrecognized attributes.

These changes allow getting a Let's Encrypt certificate covering multiple
domain names.

when the extension is natively supported by Cryptlib.  This is to work
around the apparent impossiblity of adding multiple DNSName entries to the
Subject Alt Name field.

Sorry DigitalMan, you'll have to compile the Win32 libraries again.  :-)

large multi-line strings though.

attribute_get/set[_string|_time]? interface.  This is way easier than a
bunch of tiny getter/setter functions, and most of these certificate
extensions aren't actually going to be used anyway.

Also, surface the attribte cursor constants for more advanced certificate
parsing/creation.

time.

time.

the default/all target.
So a single "make" command in src/sbbs3 should build these nested targets
as well.
Caveat: "make clean" does not clean these sub-make targets.

run this as a daily event.

uedit.c:1475:5: warning: this 'if' clause does not guard...
     if(uifc.changes)

but it's parsed as a number.  Use the JS Date type for the values.

This script will request and install a certificate, then recycle your web
server.  This is barely sufficient, but a lot more needs to be done...
1) Tracking certificate expiration, and only placing a new order when
   appropriate.
2) Handling failure better.
3) Handle changes in the system password (like anyone ever does THAT).
4) Clean up stale authorizations.

Also, some enhanced features would be nice:
1) Adding a bunch of SANs, so virtual hosts Just Work
2) Key aging and updating
3) More control of certificate contents... I can't find a list of what
   Let's Encrypt supports in CSRs.

Parsing the response code and headers is an HTTP thing, not an ACME thing.

we are always freeing the pointer that was asigned the text.dat list and things
will crash (thanks for the report, Rastus).

done this now.  Whee!
LetSyncrypt 0.1-beta coming soon!

Also add add_public_key() and get_public_key() methods to CryptKeyset.
Not tested yet, but this should be everything we need to finish up
LetSyncrypt.

track it yourself though.