1
0
mirror of https://github.com/go-acme/lego.git synced 2024-12-26 11:18:00 +02:00

Update ACME RFC links from draft to RFC8555. (#1004)

This commit is contained in:
Ludovic Fernandez 2019-11-05 17:58:30 +01:00 committed by GitHub
parent 738e40f446
commit fa5555d3f4
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
8 changed files with 29 additions and 29 deletions

View File

@ -71,7 +71,7 @@ func (a *Core) post(uri string, reqBody, response interface{}) (*http.Response,
} }
// postAsGet performs an HTTP POST ("POST-as-GET") request. // postAsGet performs an HTTP POST ("POST-as-GET") request.
// https://tools.ietf.org/html/draft-ietf-acme-acme-16#section-6.3 // https://tools.ietf.org/html/rfc8555#section-6.3
func (a *Core) postAsGet(uri string, response interface{}) (*http.Response, error) { func (a *Core) postAsGet(uri string, response interface{}) (*http.Response, error) {
return a.retrievablePost(uri, []byte{}, response) return a.retrievablePost(uri, []byte{}, response)
} }

View File

@ -71,7 +71,7 @@ func (c *CertificateService) get(certURL string) ([]byte, string, error) {
// The issuer certificate link may be supplied via an "up" link // The issuer certificate link may be supplied via an "up" link
// in the response headers of a new certificate. // in the response headers of a new certificate.
// See https://tools.ietf.org/html/draft-ietf-acme-acme-12#section-7.4.2 // See https://tools.ietf.org/html/rfc8555#section-7.4.2
up := getLink(resp.Header, "up") up := getLink(resp.Header, "up")
return cert, up, err return cert, up, err

View File

@ -1,5 +1,5 @@
// Package acme contains all objects related the ACME endpoints. // Package acme contains all objects related the ACME endpoints.
// https://tools.ietf.org/html/draft-ietf-acme-acme-16 // https://tools.ietf.org/html/rfc8555
package acme package acme
import ( import (
@ -8,7 +8,7 @@ import (
) )
// Challenge statuses // Challenge statuses
// https://tools.ietf.org/html/draft-ietf-acme-acme-16#section-7.1.6 // https://tools.ietf.org/html/rfc8555#section-7.1.6
const ( const (
StatusPending = "pending" StatusPending = "pending"
StatusInvalid = "invalid" StatusInvalid = "invalid"
@ -20,7 +20,7 @@ const (
) )
// Directory the ACME directory object. // Directory the ACME directory object.
// - https://tools.ietf.org/html/draft-ietf-acme-acme-16#section-7.1.1 // - https://tools.ietf.org/html/rfc8555#section-7.1.1
type Directory struct { type Directory struct {
NewNonceURL string `json:"newNonce"` NewNonceURL string `json:"newNonce"`
NewAccountURL string `json:"newAccount"` NewAccountURL string `json:"newAccount"`
@ -32,7 +32,7 @@ type Directory struct {
} }
// Meta the ACME meta object (related to Directory). // Meta the ACME meta object (related to Directory).
// - https://tools.ietf.org/html/draft-ietf-acme-acme-16#section-7.1.1 // - https://tools.ietf.org/html/rfc8555#section-7.1.1
type Meta struct { type Meta struct {
// termsOfService (optional, string): // termsOfService (optional, string):
// A URL identifying the current terms of service. // A URL identifying the current terms of service.
@ -65,8 +65,8 @@ type ExtendedAccount struct {
} }
// Account the ACME account Object. // Account the ACME account Object.
// - https://tools.ietf.org/html/draft-ietf-acme-acme-16#section-7.1.2 // - https://tools.ietf.org/html/rfc8555#section-7.1.2
// - https://tools.ietf.org/html/draft-ietf-acme-acme-16#section-7.3 // - https://tools.ietf.org/html/rfc8555#section-7.3
type Account struct { type Account struct {
// status (required, string): // status (required, string):
// The status of this account. // The status of this account.
@ -111,7 +111,7 @@ type ExtendedOrder struct {
} }
// Order the ACME order Object. // Order the ACME order Object.
// - https://tools.ietf.org/html/draft-ietf-acme-acme-16#section-7.1.3 // - https://tools.ietf.org/html/rfc8555#section-7.1.3
type Order struct { type Order struct {
// status (required, string): // status (required, string):
// The status of this order. // The status of this order.
@ -164,7 +164,7 @@ type Order struct {
} }
// Authorization the ACME authorization object. // Authorization the ACME authorization object.
// - https://tools.ietf.org/html/draft-ietf-acme-acme-16#section-7.1.4 // - https://tools.ietf.org/html/rfc8555#section-7.1.4
type Authorization struct { type Authorization struct {
// status (required, string): // status (required, string):
// The status of this authorization. // The status of this authorization.
@ -206,8 +206,8 @@ type ExtendedChallenge struct {
} }
// Challenge the ACME challenge object. // Challenge the ACME challenge object.
// - https://tools.ietf.org/html/draft-ietf-acme-acme-16#section-7.1.5 // - https://tools.ietf.org/html/rfc8555#section-7.1.5
// - https://tools.ietf.org/html/draft-ietf-acme-acme-16#section-8 // - https://tools.ietf.org/html/rfc8555#section-8
type Challenge struct { type Challenge struct {
// type (required, string): // type (required, string):
// The type of challenge encoded in the object. // The type of challenge encoded in the object.
@ -240,23 +240,23 @@ type Challenge struct {
// It MUST NOT contain any characters outside the base64url alphabet, // It MUST NOT contain any characters outside the base64url alphabet,
// and MUST NOT include base64 padding characters ("="). // and MUST NOT include base64 padding characters ("=").
// See [RFC4086] for additional information on randomness requirements. // See [RFC4086] for additional information on randomness requirements.
// https://tools.ietf.org/html/draft-ietf-acme-acme-16#section-8.3 // https://tools.ietf.org/html/rfc8555#section-8.3
// https://tools.ietf.org/html/draft-ietf-acme-acme-16#section-8.4 // https://tools.ietf.org/html/rfc8555#section-8.4
Token string `json:"token"` Token string `json:"token"`
// https://tools.ietf.org/html/draft-ietf-acme-acme-16#section-8.1 // https://tools.ietf.org/html/rfc8555#section-8.1
KeyAuthorization string `json:"keyAuthorization"` KeyAuthorization string `json:"keyAuthorization"`
} }
// Identifier the ACME identifier object. // Identifier the ACME identifier object.
// - https://tools.ietf.org/html/draft-ietf-acme-acme-16#section-9.7.7 // - https://tools.ietf.org/html/rfc8555#section-9.7.7
type Identifier struct { type Identifier struct {
Type string `json:"type"` Type string `json:"type"`
Value string `json:"value"` Value string `json:"value"`
} }
// CSRMessage Certificate Signing Request // CSRMessage Certificate Signing Request
// - https://tools.ietf.org/html/draft-ietf-acme-acme-16#section-7.4 // - https://tools.ietf.org/html/rfc8555#section-7.4
type CSRMessage struct { type CSRMessage struct {
// csr (required, string): // csr (required, string):
// A CSR encoding the parameters for the certificate being requested [RFC2986]. // A CSR encoding the parameters for the certificate being requested [RFC2986].
@ -266,7 +266,7 @@ type CSRMessage struct {
} }
// RevokeCertMessage a certificate revocation message // RevokeCertMessage a certificate revocation message
// - https://tools.ietf.org/html/draft-ietf-acme-acme-16#section-7.6 // - https://tools.ietf.org/html/rfc8555#section-7.6
// - https://tools.ietf.org/html/rfc5280#section-5.3.1 // - https://tools.ietf.org/html/rfc5280#section-5.3.1
type RevokeCertMessage struct { type RevokeCertMessage struct {
// certificate (required, string): // certificate (required, string):

View File

@ -12,7 +12,7 @@ const (
// ProblemDetails the problem details object // ProblemDetails the problem details object
// - https://tools.ietf.org/html/rfc7807#section-3.1 // - https://tools.ietf.org/html/rfc7807#section-3.1
// - https://tools.ietf.org/html/draft-ietf-acme-acme-16#section-7.3.3 // - https://tools.ietf.org/html/rfc8555#section-7.3.3
type ProblemDetails struct { type ProblemDetails struct {
Type string `json:"type,omitempty"` Type string `json:"type,omitempty"`
Detail string `json:"detail,omitempty"` Detail string `json:"detail,omitempty"`
@ -26,7 +26,7 @@ type ProblemDetails struct {
} }
// SubProblem a "subproblems" // SubProblem a "subproblems"
// - https://tools.ietf.org/html/draft-ietf-acme-acme-16#section-6.7.1 // - https://tools.ietf.org/html/rfc8555#section-6.7.1
type SubProblem struct { type SubProblem struct {
Type string `json:"type,omitempty"` Type string `json:"type,omitempty"`
Detail string `json:"detail,omitempty"` Detail string `json:"detail,omitempty"`

View File

@ -210,8 +210,8 @@ func (c *Certifier) getForOrder(domains []string, order acme.ExtendedOrder, bund
// Determine certificate name(s) based on the authorization resources // Determine certificate name(s) based on the authorization resources
commonName := domains[0] commonName := domains[0]
// ACME draft Section 7.4 "Applying for Certificate Issuance" // RFC8555 Section 7.4 "Applying for Certificate Issuance"
// https://tools.ietf.org/html/draft-ietf-acme-acme-12#section-7.4 // https://tools.ietf.org/html/rfc8555#section-7.4
// says: // says:
// Clients SHOULD NOT make any assumptions about the sort order of // Clients SHOULD NOT make any assumptions about the sort order of
// "identifiers" or "authorizations" elements in the returned order // "identifiers" or "authorizations" elements in the returned order
@ -502,7 +502,7 @@ func checkOrderStatus(order acme.Order) (bool, error) {
} }
} }
// https://tools.ietf.org/html/draft-ietf-acme-acme-16#section-7.1.4 // https://tools.ietf.org/html/rfc8555#section-7.1.4
// The domain name MUST be encoded // The domain name MUST be encoded
// in the form in which it would appear in a certificate. That is, it // in the form in which it would appear in a certificate. That is, it
// MUST be encoded according to the rules in Section 7 of [RFC5280]. // MUST be encoded according to the rules in Section 7 of [RFC5280].

View File

@ -10,15 +10,15 @@ import (
type Type string type Type string
const ( const (
// HTTP01 is the "http-01" ACME challenge https://tools.ietf.org/html/draft-ietf-acme-acme-16#section-8.3 // HTTP01 is the "http-01" ACME challenge https://tools.ietf.org/html/rfc8555#section-8.3
// Note: ChallengePath returns the URL path to fulfill this challenge // Note: ChallengePath returns the URL path to fulfill this challenge
HTTP01 = Type("http-01") HTTP01 = Type("http-01")
// DNS01 is the "dns-01" ACME challenge https://tools.ietf.org/html/draft-ietf-acme-acme-16#section-8.4 // DNS01 is the "dns-01" ACME challenge https://tools.ietf.org/html/rfc8555#section-8.4
// Note: GetRecord returns a DNS record which will fulfill this challenge // Note: GetRecord returns a DNS record which will fulfill this challenge
DNS01 = Type("dns-01") DNS01 = Type("dns-01")
// TLSALPN01 is the "tls-alpn-01" ACME challenge https://tools.ietf.org/html/draft-ietf-acme-tls-alpn-05 // TLSALPN01 is the "tls-alpn-01" ACME challenge https://tools.ietf.org/html/draft-ietf-acme-tls-alpn-07
TLSALPN01 = Type("tls-alpn-01") TLSALPN01 = Type("tls-alpn-01")
) )

View File

@ -16,7 +16,7 @@ import (
) )
// idPeAcmeIdentifierV1 is the SMI Security for PKIX Certification Extension OID referencing the ACME extension. // idPeAcmeIdentifierV1 is the SMI Security for PKIX Certification Extension OID referencing the ACME extension.
// Reference: https://tools.ietf.org/html/draft-ietf-acme-tls-alpn-05#section-5.1 // Reference: https://tools.ietf.org/html/draft-ietf-acme-tls-alpn-07#section-6.1
var idPeAcmeIdentifierV1 = asn1.ObjectIdentifier{1, 3, 6, 1, 5, 5, 7, 1, 31} var idPeAcmeIdentifierV1 = asn1.ObjectIdentifier{1, 3, 6, 1, 5, 5, 7, 1, 31}
type ValidateFunc func(core *api.Core, domain string, chlng acme.Challenge) error type ValidateFunc func(core *api.Core, domain string, chlng acme.Challenge) error
@ -83,7 +83,7 @@ func ChallengeBlocks(domain, keyAuth string) ([]byte, []byte, error) {
// Add the keyAuth digest as the acmeValidation-v1 extension // Add the keyAuth digest as the acmeValidation-v1 extension
// (marked as critical such that it won't be used by non-ACME software). // (marked as critical such that it won't be used by non-ACME software).
// Reference: https://tools.ietf.org/html/draft-ietf-acme-tls-alpn-05#section-3 // Reference: https://tools.ietf.org/html/draft-ietf-acme-tls-alpn-07#section-3
extensions := []pkix.Extension{ extensions := []pkix.Extension{
{ {
Id: idPeAcmeIdentifierV1, Id: idPeAcmeIdentifierV1,

View File

@ -60,7 +60,7 @@ func (s *ProviderServer) Present(domain, token, keyAuth string) error {
// We must set that the `acme-tls/1` application level protocol is supported // We must set that the `acme-tls/1` application level protocol is supported
// so that the protocol negotiation can succeed. Reference: // so that the protocol negotiation can succeed. Reference:
// https://tools.ietf.org/html/draft-ietf-acme-tls-alpn-01#section-5.2 // https://tools.ietf.org/html/draft-ietf-acme-tls-alpn-07#section-6.2
tlsConf.NextProtos = []string{ACMETLS1Protocol} tlsConf.NextProtos = []string{ACMETLS1Protocol}
// Create the listener with the created tls.Config. // Create the listener with the created tls.Config.