mirrors/haproxy
1
0
Fork 0
mirror of https://git.haproxy.org/git/haproxy.git/ synced 2025-08-06 07:07:04 +02:00
Code Issues Projects Releases Wiki Activity

BUG/MINOR: acme: allow "processing" in challenge requests

Browse Source 
Allow the "processing" status in the challenge object when requesting
to do the challenge, in addition to "pending".

According to RFC 8555 https://datatracker.ietf.org/doc/html/rfc8555/#section-7.1.6

   Challenge objects are created in the "pending" state.  They
   transition to the "processing" state when the client responds to the
   challenge (see Section 7.5.1)

However some CA could respond with a "processing" state without ever
transitioning to "pending".

Must be backported to 3.2.
This commit is contained in:
William Lallemand 2025-07-23 14:32:18 +02:00
parent c103123c9e
commit 02db0e6b9f
1 changed files with 1 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
src/acme.c
View File

@ -1230,7 +1230,7 @@ enum acme_ret acme_res_challenge(struct task *task, struct acme_ctx *ctx, struct
}
trash.data = res;
if (strncasecmp("pending", trash.area, trash.data) == 0) {
if (strncasecmp("pending", trash.area, trash.data) == 0 || strncasecmp("processing", trash.area, trash.data) == 0) {
if (chk) { /* during challenge chk */
memprintf(errmsg, "challenge status: %.*s", (int)trash.data, trash.area);
ret = ACME_RET_RETRY;
@ -1241,16 +1241,10 @@ enum acme_ret acme_res_challenge(struct task *task, struct acme_ctx *ctx, struct
}
}
/* during challenge check */
if (strncasecmp("valid", trash.area, trash.data) == 0) {
ret = ACME_RET_OK;
goto out;
}
if (strncasecmp("processing", trash.area, trash.data) == 0) {
memprintf(errmsg, "challenge status: %.*s", (int)trash.data, trash.area);
ret = ACME_RET_RETRY;
goto out;
}
if (hc->res.status < 200 || hc->res.status >= 300 || mjson_find(hc->res.buf.area, hc->res.buf.data, "$.error", NULL, NULL) == MJSON_TOK_OBJECT) {
/* XXX: need a generic URN error parser */