When acme-client is run with -v, show the account URI from the Location

header sent by the server in response to the newAccount API call (used for
every cert request). This is useful if you want to set a CAA DNS record
restricting issuance to a specific user account, rather than just "all of
$whichever_acme_CA".  ok florian

usr.sbin/acme-client/netproc.c

@@ -1,4 +1,4 @@
-/*	$Id: netproc.c,v 1.35 2024/04/28 10:09:25 tb Exp $ */
+/*	$Id: netproc.c,v 1.36 2024/10/07 23:47:00 sthen Exp $ */
 /*
  * Copyright (c) 2016 Kristaps Dzonsons <kristaps@bsd.lv>
  *
@@ -359,7 +359,7 @@ donewacc(struct conn *c, const struct capaths *p, const char *contact)
 {
 	struct jsmnn	*j = NULL;
 	int		 rc = 0;
-	char		*req, *detail, *error = NULL;
+	char		*req, *detail, *error = NULL, *accturi = NULL;
 	long		 lc;
 
 	if ((req = json_fmt_newacc(contact)) == NULL)
@@ -384,6 +384,12 @@ donewacc(struct conn *c, const struct capaths *p, const char *contact)
 	else
 		rc = 1;
 
+	if (c->kid != NULL) {
+		if (stravis(&accturi, c->kid, VIS_SAFE) != -1)
+			dodbg("account key: %s", accturi);
+		free(accturi);
+	}
+
 	if (rc == 0 || verbose > 1)
 		buf_dump(&c->buf);
 	free(req);
@@ -399,7 +405,7 @@ static int
 dochkacc(struct conn *c, const struct capaths *p, const char *contact)
 {
 	int		 rc = 0;
-	char		*req;
+	char		*req, *accturi = NULL;
 	long		 lc;
 
 	if ((req = json_fmt_chkacc()) == NULL)
@@ -417,6 +423,11 @@ dochkacc(struct conn *c, const struct capaths *p, const char *contact)
 
 	if (c->kid == NULL)
 		rc = 0;
+	else {
+		if (stravis(&accturi, c->kid, VIS_SAFE) != -1)
+			dodbg("account key: %s", accturi);
+		free(accturi);
+	}
 
 	if (rc == 0 || verbose > 1)
 		buf_dump(&c->buf);