1berry/haproxy
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

MINOR: acme: handle the nonce

Browse Source 
ACME requests are supposed to be sent with a Nonce, the first Nonce
should be retrieved using the newNonce URI provided by the directory.

This nonce is stored and must be replaced by the new one received in the
each response.
This commit is contained in:
William Lallemand 2025-04-09 17:45:39 +02:00
parent 471290458e
commit 0aa6dedf72
2 changed files with 55 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
include/haproxy/acme-t.h
View File

@ -31,6 +31,7 @@ struct acme_cfg {
enum acme_st {
ACME_RESSOURCES = 0,
ACME_NEWNONCE,
ACME_END
};
@ -52,5 +53,6 @@ struct acme_ctx {
struct ist newAccount;
struct ist newOrder;
} ressources;
struct ist nonce;
};
#endif

54
src/acme.c
View File

@ -529,6 +529,43 @@ error:
}
int acme_nonce(struct task *task, struct acme_ctx *ctx, char **errmsg)
{
struct httpclient *hc;
struct http_hdr *hdrs, *hdr;
hc = ctx->hc;
if (!hc)
goto error;
if (hc->res.status < 200 || hc->res.status >= 300) {
memprintf(errmsg, "invalid HTTP status code %d when getting Nonce URL", hc->res.status);
goto error;
}
hdrs = hc->res.hdrs;
for (hdr = hdrs; isttest(hdr->v); hdr++) {
if (isteqi(hdr->n, ist("Replay-Nonce"))) {
istfree(&ctx->nonce);
ctx->nonce = istdup(hdr->v);
// fprintf(stderr, "Replay-Nonce: %.*s\n", (int)hdr->v.len, hdr->v.ptr);
}
}
httpclient_destroy(hc);
ctx->hc = NULL;
return 0;
error:
httpclient_destroy(hc);
ctx->hc = NULL;
return 1;
}
int acme_directory(struct task *task, struct acme_ctx *ctx, char **errmsg)
{
struct httpclient *hc;
@ -617,10 +654,25 @@ struct task *acme_process(struct task *task, void *context, unsigned int state)
http_st = ACME_HTTP_REQ;
goto retry;
}
st = ACME_END;
st = ACME_NEWNONCE;
http_st = ACME_HTTP_REQ;
task_wakeup(task, TASK_WOKEN_MSG);
}
break;
case ACME_NEWNONCE:
if (http_st == ACME_HTTP_REQ) {
if (acme_http_req(task, ctx, ctx->ressources.newNonce, HTTP_METH_HEAD) != 0)
goto retry;
}
if (http_st == ACME_HTTP_RES) {
if (acme_nonce(task, ctx, &errmsg) != 0) {
http_st = ACME_HTTP_REQ;
goto retry;
}
st = ACME_END;
}
break;
case ACME_END:
goto end;
break;