mirror of
https://git.haproxy.org/git/haproxy.git/
synced 2025-09-21 05:41:26 +02:00
9ee14ed2d9
DNS-01 needs a external process which would register a TXT record on a
DNS provider, using a REST API or something else.
To achieve this, the process should read the dpapi sink and wait for
events. With the DNS-01 challenge, HAProxy will put the task to sleep
before asking the ACME server to achieve the challenge. The task then
need to be woke up, using the command implemented by this patch.
This patch implements the "acme challenge_ready" command which should be
used by the agent once the challenge was configured in order to wake the
task up.
Example:
echo "@1 acme challenge_ready foobar.pem.rsa domain kikyo" | socat /tmp/master.sock -
101 lines
2.5 KiB
C
101 lines
2.5 KiB
C
/* SPDX-License-Identifier: LGPL-2.1-or-later */
|
|
#ifndef _ACME_T_H_
|
|
#define _ACME_T_H_
|
|
|
|
#include <haproxy/istbuf.h>
|
|
#include <haproxy/openssl-compat.h>
|
|
|
|
#define ACME_RETRY 5
|
|
|
|
/* acme section configuration */
|
|
struct acme_cfg {
|
|
char *filename; /* config filename */
|
|
int linenum; /* config linenum */
|
|
char *name; /* section name */
|
|
char *directory; /* directory URL */
|
|
char *map; /* storage for tokens + thumbprint */
|
|
struct {
|
|
char *contact; /* email associated to account */
|
|
char *file; /* account key filename */
|
|
EVP_PKEY *pkey; /* account PKEY */
|
|
char *thumbprint; /* account PKEY JWS thumbprint */
|
|
} account;
|
|
|
|
struct {
|
|
int type; /* EVP_PKEY_EC or EVP_PKEY_RSA */
|
|
int bits; /* bits for RSA */
|
|
int curves; /* NID of curves */
|
|
} key;
|
|
char *challenge; /* HTTP-01, DNS-01, etc */
|
|
struct acme_cfg *next;
|
|
};
|
|
|
|
enum acme_st {
|
|
ACME_RESOURCES = 0,
|
|
ACME_NEWNONCE,
|
|
ACME_CHKACCOUNT,
|
|
ACME_NEWACCOUNT,
|
|
ACME_NEWORDER,
|
|
ACME_AUTH,
|
|
ACME_CHALLENGE,
|
|
ACME_CHKCHALLENGE,
|
|
ACME_FINALIZE,
|
|
ACME_CHKORDER,
|
|
ACME_CERTIFICATE,
|
|
ACME_END
|
|
};
|
|
|
|
enum http_st {
|
|
ACME_HTTP_REQ,
|
|
ACME_HTTP_RES,
|
|
};
|
|
|
|
struct acme_auth {
|
|
struct ist dns; /* dns entry */
|
|
struct ist auth; /* auth URI */
|
|
struct ist chall; /* challenge URI */
|
|
struct ist token; /* token */
|
|
int ready; /* is the challenge ready ? */
|
|
void *next;
|
|
};
|
|
|
|
/* acme task context */
|
|
struct acme_ctx {
|
|
enum acme_st state;
|
|
enum http_st http_state;
|
|
int retries;
|
|
int retryafter;
|
|
struct httpclient *hc;
|
|
struct acme_cfg *cfg;
|
|
struct ckch_store *store;
|
|
struct {
|
|
struct ist newNonce;
|
|
struct ist newAccount;
|
|
struct ist newOrder;
|
|
} resources;
|
|
struct ist nonce;
|
|
struct ist kid;
|
|
struct ist order;
|
|
struct acme_auth *auths;
|
|
struct acme_auth *next_auth;
|
|
X509_REQ *req;
|
|
struct ist finalize;
|
|
struct ist certificate;
|
|
struct task *task;
|
|
struct mt_list el;
|
|
};
|
|
|
|
#define ACME_EV_SCHED (1ULL << 0) /* scheduling wakeup */
|
|
#define ACME_EV_NEW (1ULL << 1) /* new task */
|
|
#define ACME_EV_TASK (1ULL << 2) /* Task handler */
|
|
#define ACME_EV_REQ (1ULL << 3) /* HTTP Request */
|
|
#define ACME_EV_RES (1ULL << 4) /* HTTP Response */
|
|
|
|
#define ACME_VERB_CLEAN 1
|
|
#define ACME_VERB_MINIMAL 2
|
|
#define ACME_VERB_SIMPLE 3
|
|
#define ACME_VERB_ADVANCED 4
|
|
#define ACME_VERB_COMPLETE 5
|
|
|
|
#endif
|