1berry/haproxy
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

MINOR: acme: implement retrieval of the certificate

Browse Source 
Once the Order status is "valid", the certificate URL is accessible,
this patch implements the retrieval of the certificate which is stocked
in ctx->store.
This commit is contained in:
William Lallemand 2025-04-11 22:19:24 +02:00
parent 27fff179fe
commit 5500bda9eb
2 changed files with 72 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
include/haproxy/acme-t.h
View File

@ -40,6 +40,7 @@ enum acme_st {
ACME_CHKCHALLENGE, ACME_CHKCHALLENGE,
ACME_FINALIZE, ACME_FINALIZE,
ACME_CHKORDER, ACME_CHKORDER,
ACME_CERTIFICATE,
ACME_END ACME_END
}; };

73
src/acme.c
View File

@ -578,7 +578,7 @@ error:
return ret; return ret;
} }
int acme_res_chkorder(struct task *task, struct acme_ctx *ctx, char **errmsg) int acme_res_certificate(struct task *task, struct acme_ctx *ctx, char **errmsg)
{ {
struct httpclient *hc; struct httpclient *hc;
struct http_hdr *hdrs, *hdr; struct http_hdr *hdrs, *hdr;
@ -603,6 +603,59 @@ int acme_res_chkorder(struct task *task, struct acme_ctx *ctx, char **errmsg)
} }
} }
if (hc->res.status < 200 || hc->res.status >= 300) {
if ((ret = mjson_get_string(hc->res.buf.area, hc->res.buf.data, "$.detail", t1->area, t1->size)) > -1)
t1->data = ret;
if ((ret = mjson_get_string(hc->res.buf.area, hc->res.buf.data, "$.type", t2->area, t2->size)) > -1)
t2->data = ret;
if (t2->data && t1->data)
memprintf(errmsg, "invalid HTTP status code %d when getting challenge URL: \"%.*s\" (%.*s)", hc->res.status, (int)t1->data, t1->area, (int)t2->data, t2->area);
else
memprintf(errmsg, "invalid HTTP status code %d when getting challengge URL", hc->res.status);
goto error;
}
if (ssl_sock_load_pem_into_ckch(ctx->store->path, hc->res.buf.area, ctx->store->data , errmsg) != 0)
goto error;
out:
ret = 0;
error:
free_trash_chunk(t1);
free_trash_chunk(t2);
httpclient_destroy(hc);
ctx->hc = NULL;
return ret;
}
int acme_res_chkorder(struct task *task, struct acme_ctx *ctx, char **errmsg)
{
struct httpclient *hc;
struct http_hdr *hdrs, *hdr;
struct buffer *t1 = NULL, *t2 = NULL;
int ret = 1;
hc = ctx->hc;
if (!hc)
goto error;
if ((t1 = alloc_trash_chunk()) == NULL)
goto error;
if ((t2 = alloc_trash_chunk()) == NULL)
goto error;
hdrs = hc->res.hdrs;
for (hdr = hdrs; hdrs && isttest(hdr->v); hdr++) {
if (isteqi(hdr->n, ist("Replay-Nonce"))) {
istfree(&ctx->nonce);
ctx->nonce = istdup(hdr->v);
}
}
if (hc->res.status < 200 || hc->res.status >= 300) { if (hc->res.status < 200 || hc->res.status >= 300) {
if ((ret = mjson_get_string(hc->res.buf.area, hc->res.buf.data, "$.detail", t1->area, t1->size)) > -1) if ((ret = mjson_get_string(hc->res.buf.area, hc->res.buf.data, "$.detail", t1->area, t1->size)) > -1)
t1->data = ret; t1->data = ret;
@ -1517,11 +1570,27 @@ struct task *acme_process(struct task *task, void *context, unsigned int state)
goto retry; goto retry;
} }
http_st = ACME_HTTP_REQ; http_st = ACME_HTTP_REQ;
st = ACME_CERTIFICATE;
task_wakeup(task, TASK_WOKEN_MSG);
}
break;
case ACME_CERTIFICATE:
if (http_st == ACME_HTTP_REQ) {
if (acme_http_req(task, ctx, ctx->certificate, HTTP_METH_GET, NULL, IST_NULL) != 0)
goto retry;
}
if (http_st == ACME_HTTP_RES) {
if (acme_res_certificate(task, ctx, &errmsg) != 0) {
http_st = ACME_HTTP_REQ;
goto retry;
}
http_st = ACME_HTTP_REQ;
goto end; goto end;
} }
break; break;
default: case ACME_END:
goto end;
break; break;
} }