MINOR: acme: handle the nonce
ACME requests are supposed to be sent with a Nonce, the first Nonce should be retrieved using the newNonce URI provided by the directory. This nonce is stored and must be replaced by the new one received in the each response.
This commit is contained in:
William Lallemand
parent
471290458e
commit
0aa6dedf72
@ -31,6 +31,7 @@ struct acme_cfg {
|
|||||||
|
|
||||||
enum acme_st {
|
enum acme_st {
|
||||||
ACME_RESSOURCES = 0,
|
ACME_RESSOURCES = 0,
|
||||||
|
ACME_NEWNONCE,
|
||||||
ACME_END
|
ACME_END
|
||||||
};
|
};
|
||||||
|
|
||||||
@ -52,5 +53,6 @@ struct acme_ctx {
|
|||||||
struct ist newAccount;
|
struct ist newAccount;
|
||||||
struct ist newOrder;
|
struct ist newOrder;
|
||||||
} ressources;
|
} ressources;
|
||||||
|
struct ist nonce;
|
||||||
};
|
};
|
||||||
#endif
|
#endif
|
||||||
|
|||||||
54
src/acme.c
54
src/acme.c
@ -529,6 +529,43 @@ error:
|
|||||||
|
|
||||||
}
|
}
|
||||||
|
|
||||||
|
int acme_nonce(struct task *task, struct acme_ctx *ctx, char **errmsg)
|
||||||
|
{
|
||||||
|
struct httpclient *hc;
|
||||||
|
struct http_hdr *hdrs, *hdr;
|
||||||
|
|
||||||
|
hc = ctx->hc;
|
||||||
|
if (!hc)
|
||||||
|
goto error;
|
||||||
|
|
||||||
|
if (hc->res.status < 200 || hc->res.status >= 300) {
|
||||||
|
memprintf(errmsg, "invalid HTTP status code %d when getting Nonce URL", hc->res.status);
|
||||||
|
goto error;
|
||||||
|
}
|
||||||
|
|
||||||
|
hdrs = hc->res.hdrs;
|
||||||
|
|
||||||
|
for (hdr = hdrs; isttest(hdr->v); hdr++) {
|
||||||
|
if (isteqi(hdr->n, ist("Replay-Nonce"))) {
|
||||||
|
istfree(&ctx->nonce);
|
||||||
|
ctx->nonce = istdup(hdr->v);
|
||||||
|
// fprintf(stderr, "Replay-Nonce: %.*s\n", (int)hdr->v.len, hdr->v.ptr);
|
||||||
|
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
httpclient_destroy(hc);
|
||||||
|
ctx->hc = NULL;
|
||||||
|
|
||||||
|
return 0;
|
||||||
|
|
||||||
|
error:
|
||||||
|
httpclient_destroy(hc);
|
||||||
|
ctx->hc = NULL;
|
||||||
|
|
||||||
|
return 1;
|
||||||
|
}
|
||||||
|
|
||||||
int acme_directory(struct task *task, struct acme_ctx *ctx, char **errmsg)
|
int acme_directory(struct task *task, struct acme_ctx *ctx, char **errmsg)
|
||||||
{
|
{
|
||||||
struct httpclient *hc;
|
struct httpclient *hc;
|
||||||
@ -617,10 +654,25 @@ struct task *acme_process(struct task *task, void *context, unsigned int state)
|
|||||||
http_st = ACME_HTTP_REQ;
|
http_st = ACME_HTTP_REQ;
|
||||||
goto retry;
|
goto retry;
|
||||||
}
|
}
|
||||||
st = ACME_END;
|
st = ACME_NEWNONCE;
|
||||||
|
http_st = ACME_HTTP_REQ;
|
||||||
|
task_wakeup(task, TASK_WOKEN_MSG);
|
||||||
}
|
}
|
||||||
break;
|
break;
|
||||||
|
case ACME_NEWNONCE:
|
||||||
|
if (http_st == ACME_HTTP_REQ) {
|
||||||
|
if (acme_http_req(task, ctx, ctx->ressources.newNonce, HTTP_METH_HEAD) != 0)
|
||||||
|
goto retry;
|
||||||
|
}
|
||||||
|
if (http_st == ACME_HTTP_RES) {
|
||||||
|
if (acme_nonce(task, ctx, &errmsg) != 0) {
|
||||||
|
http_st = ACME_HTTP_REQ;
|
||||||
|
goto retry;
|
||||||
|
}
|
||||||
|
st = ACME_END;
|
||||||
|
}
|
||||||
|
|
||||||
|
break;
|
||||||
case ACME_END:
|
case ACME_END:
|
||||||
goto end;
|
goto end;
|
||||||
break;
|
break;
|
||||||
|
|||||||
Loading…
x
Reference in New Issue
Block a user