mirror of
https://github.com/go-acme/lego.git
synced 2024-12-26 11:18:00 +02:00
Update ACME RFC links from draft to RFC8555. (#1004)
This commit is contained in:
parent
738e40f446
commit
fa5555d3f4
@ -71,7 +71,7 @@ func (a *Core) post(uri string, reqBody, response interface{}) (*http.Response,
|
|||||||
}
|
}
|
||||||
|
|
||||||
// postAsGet performs an HTTP POST ("POST-as-GET") request.
|
// postAsGet performs an HTTP POST ("POST-as-GET") request.
|
||||||
// https://tools.ietf.org/html/draft-ietf-acme-acme-16#section-6.3
|
// https://tools.ietf.org/html/rfc8555#section-6.3
|
||||||
func (a *Core) postAsGet(uri string, response interface{}) (*http.Response, error) {
|
func (a *Core) postAsGet(uri string, response interface{}) (*http.Response, error) {
|
||||||
return a.retrievablePost(uri, []byte{}, response)
|
return a.retrievablePost(uri, []byte{}, response)
|
||||||
}
|
}
|
||||||
|
@ -71,7 +71,7 @@ func (c *CertificateService) get(certURL string) ([]byte, string, error) {
|
|||||||
|
|
||||||
// The issuer certificate link may be supplied via an "up" link
|
// The issuer certificate link may be supplied via an "up" link
|
||||||
// in the response headers of a new certificate.
|
// in the response headers of a new certificate.
|
||||||
// See https://tools.ietf.org/html/draft-ietf-acme-acme-12#section-7.4.2
|
// See https://tools.ietf.org/html/rfc8555#section-7.4.2
|
||||||
up := getLink(resp.Header, "up")
|
up := getLink(resp.Header, "up")
|
||||||
|
|
||||||
return cert, up, err
|
return cert, up, err
|
||||||
|
@ -1,5 +1,5 @@
|
|||||||
// Package acme contains all objects related the ACME endpoints.
|
// Package acme contains all objects related the ACME endpoints.
|
||||||
// https://tools.ietf.org/html/draft-ietf-acme-acme-16
|
// https://tools.ietf.org/html/rfc8555
|
||||||
package acme
|
package acme
|
||||||
|
|
||||||
import (
|
import (
|
||||||
@ -8,7 +8,7 @@ import (
|
|||||||
)
|
)
|
||||||
|
|
||||||
// Challenge statuses
|
// Challenge statuses
|
||||||
// https://tools.ietf.org/html/draft-ietf-acme-acme-16#section-7.1.6
|
// https://tools.ietf.org/html/rfc8555#section-7.1.6
|
||||||
const (
|
const (
|
||||||
StatusPending = "pending"
|
StatusPending = "pending"
|
||||||
StatusInvalid = "invalid"
|
StatusInvalid = "invalid"
|
||||||
@ -20,7 +20,7 @@ const (
|
|||||||
)
|
)
|
||||||
|
|
||||||
// Directory the ACME directory object.
|
// Directory the ACME directory object.
|
||||||
// - https://tools.ietf.org/html/draft-ietf-acme-acme-16#section-7.1.1
|
// - https://tools.ietf.org/html/rfc8555#section-7.1.1
|
||||||
type Directory struct {
|
type Directory struct {
|
||||||
NewNonceURL string `json:"newNonce"`
|
NewNonceURL string `json:"newNonce"`
|
||||||
NewAccountURL string `json:"newAccount"`
|
NewAccountURL string `json:"newAccount"`
|
||||||
@ -32,7 +32,7 @@ type Directory struct {
|
|||||||
}
|
}
|
||||||
|
|
||||||
// Meta the ACME meta object (related to Directory).
|
// Meta the ACME meta object (related to Directory).
|
||||||
// - https://tools.ietf.org/html/draft-ietf-acme-acme-16#section-7.1.1
|
// - https://tools.ietf.org/html/rfc8555#section-7.1.1
|
||||||
type Meta struct {
|
type Meta struct {
|
||||||
// termsOfService (optional, string):
|
// termsOfService (optional, string):
|
||||||
// A URL identifying the current terms of service.
|
// A URL identifying the current terms of service.
|
||||||
@ -65,8 +65,8 @@ type ExtendedAccount struct {
|
|||||||
}
|
}
|
||||||
|
|
||||||
// Account the ACME account Object.
|
// Account the ACME account Object.
|
||||||
// - https://tools.ietf.org/html/draft-ietf-acme-acme-16#section-7.1.2
|
// - https://tools.ietf.org/html/rfc8555#section-7.1.2
|
||||||
// - https://tools.ietf.org/html/draft-ietf-acme-acme-16#section-7.3
|
// - https://tools.ietf.org/html/rfc8555#section-7.3
|
||||||
type Account struct {
|
type Account struct {
|
||||||
// status (required, string):
|
// status (required, string):
|
||||||
// The status of this account.
|
// The status of this account.
|
||||||
@ -111,7 +111,7 @@ type ExtendedOrder struct {
|
|||||||
}
|
}
|
||||||
|
|
||||||
// Order the ACME order Object.
|
// Order the ACME order Object.
|
||||||
// - https://tools.ietf.org/html/draft-ietf-acme-acme-16#section-7.1.3
|
// - https://tools.ietf.org/html/rfc8555#section-7.1.3
|
||||||
type Order struct {
|
type Order struct {
|
||||||
// status (required, string):
|
// status (required, string):
|
||||||
// The status of this order.
|
// The status of this order.
|
||||||
@ -164,7 +164,7 @@ type Order struct {
|
|||||||
}
|
}
|
||||||
|
|
||||||
// Authorization the ACME authorization object.
|
// Authorization the ACME authorization object.
|
||||||
// - https://tools.ietf.org/html/draft-ietf-acme-acme-16#section-7.1.4
|
// - https://tools.ietf.org/html/rfc8555#section-7.1.4
|
||||||
type Authorization struct {
|
type Authorization struct {
|
||||||
// status (required, string):
|
// status (required, string):
|
||||||
// The status of this authorization.
|
// The status of this authorization.
|
||||||
@ -206,8 +206,8 @@ type ExtendedChallenge struct {
|
|||||||
}
|
}
|
||||||
|
|
||||||
// Challenge the ACME challenge object.
|
// Challenge the ACME challenge object.
|
||||||
// - https://tools.ietf.org/html/draft-ietf-acme-acme-16#section-7.1.5
|
// - https://tools.ietf.org/html/rfc8555#section-7.1.5
|
||||||
// - https://tools.ietf.org/html/draft-ietf-acme-acme-16#section-8
|
// - https://tools.ietf.org/html/rfc8555#section-8
|
||||||
type Challenge struct {
|
type Challenge struct {
|
||||||
// type (required, string):
|
// type (required, string):
|
||||||
// The type of challenge encoded in the object.
|
// The type of challenge encoded in the object.
|
||||||
@ -240,23 +240,23 @@ type Challenge struct {
|
|||||||
// It MUST NOT contain any characters outside the base64url alphabet,
|
// It MUST NOT contain any characters outside the base64url alphabet,
|
||||||
// and MUST NOT include base64 padding characters ("=").
|
// and MUST NOT include base64 padding characters ("=").
|
||||||
// See [RFC4086] for additional information on randomness requirements.
|
// See [RFC4086] for additional information on randomness requirements.
|
||||||
// https://tools.ietf.org/html/draft-ietf-acme-acme-16#section-8.3
|
// https://tools.ietf.org/html/rfc8555#section-8.3
|
||||||
// https://tools.ietf.org/html/draft-ietf-acme-acme-16#section-8.4
|
// https://tools.ietf.org/html/rfc8555#section-8.4
|
||||||
Token string `json:"token"`
|
Token string `json:"token"`
|
||||||
|
|
||||||
// https://tools.ietf.org/html/draft-ietf-acme-acme-16#section-8.1
|
// https://tools.ietf.org/html/rfc8555#section-8.1
|
||||||
KeyAuthorization string `json:"keyAuthorization"`
|
KeyAuthorization string `json:"keyAuthorization"`
|
||||||
}
|
}
|
||||||
|
|
||||||
// Identifier the ACME identifier object.
|
// Identifier the ACME identifier object.
|
||||||
// - https://tools.ietf.org/html/draft-ietf-acme-acme-16#section-9.7.7
|
// - https://tools.ietf.org/html/rfc8555#section-9.7.7
|
||||||
type Identifier struct {
|
type Identifier struct {
|
||||||
Type string `json:"type"`
|
Type string `json:"type"`
|
||||||
Value string `json:"value"`
|
Value string `json:"value"`
|
||||||
}
|
}
|
||||||
|
|
||||||
// CSRMessage Certificate Signing Request
|
// CSRMessage Certificate Signing Request
|
||||||
// - https://tools.ietf.org/html/draft-ietf-acme-acme-16#section-7.4
|
// - https://tools.ietf.org/html/rfc8555#section-7.4
|
||||||
type CSRMessage struct {
|
type CSRMessage struct {
|
||||||
// csr (required, string):
|
// csr (required, string):
|
||||||
// A CSR encoding the parameters for the certificate being requested [RFC2986].
|
// A CSR encoding the parameters for the certificate being requested [RFC2986].
|
||||||
@ -266,7 +266,7 @@ type CSRMessage struct {
|
|||||||
}
|
}
|
||||||
|
|
||||||
// RevokeCertMessage a certificate revocation message
|
// RevokeCertMessage a certificate revocation message
|
||||||
// - https://tools.ietf.org/html/draft-ietf-acme-acme-16#section-7.6
|
// - https://tools.ietf.org/html/rfc8555#section-7.6
|
||||||
// - https://tools.ietf.org/html/rfc5280#section-5.3.1
|
// - https://tools.ietf.org/html/rfc5280#section-5.3.1
|
||||||
type RevokeCertMessage struct {
|
type RevokeCertMessage struct {
|
||||||
// certificate (required, string):
|
// certificate (required, string):
|
||||||
|
@ -12,7 +12,7 @@ const (
|
|||||||
|
|
||||||
// ProblemDetails the problem details object
|
// ProblemDetails the problem details object
|
||||||
// - https://tools.ietf.org/html/rfc7807#section-3.1
|
// - https://tools.ietf.org/html/rfc7807#section-3.1
|
||||||
// - https://tools.ietf.org/html/draft-ietf-acme-acme-16#section-7.3.3
|
// - https://tools.ietf.org/html/rfc8555#section-7.3.3
|
||||||
type ProblemDetails struct {
|
type ProblemDetails struct {
|
||||||
Type string `json:"type,omitempty"`
|
Type string `json:"type,omitempty"`
|
||||||
Detail string `json:"detail,omitempty"`
|
Detail string `json:"detail,omitempty"`
|
||||||
@ -26,7 +26,7 @@ type ProblemDetails struct {
|
|||||||
}
|
}
|
||||||
|
|
||||||
// SubProblem a "subproblems"
|
// SubProblem a "subproblems"
|
||||||
// - https://tools.ietf.org/html/draft-ietf-acme-acme-16#section-6.7.1
|
// - https://tools.ietf.org/html/rfc8555#section-6.7.1
|
||||||
type SubProblem struct {
|
type SubProblem struct {
|
||||||
Type string `json:"type,omitempty"`
|
Type string `json:"type,omitempty"`
|
||||||
Detail string `json:"detail,omitempty"`
|
Detail string `json:"detail,omitempty"`
|
||||||
|
@ -210,8 +210,8 @@ func (c *Certifier) getForOrder(domains []string, order acme.ExtendedOrder, bund
|
|||||||
// Determine certificate name(s) based on the authorization resources
|
// Determine certificate name(s) based on the authorization resources
|
||||||
commonName := domains[0]
|
commonName := domains[0]
|
||||||
|
|
||||||
// ACME draft Section 7.4 "Applying for Certificate Issuance"
|
// RFC8555 Section 7.4 "Applying for Certificate Issuance"
|
||||||
// https://tools.ietf.org/html/draft-ietf-acme-acme-12#section-7.4
|
// https://tools.ietf.org/html/rfc8555#section-7.4
|
||||||
// says:
|
// says:
|
||||||
// Clients SHOULD NOT make any assumptions about the sort order of
|
// Clients SHOULD NOT make any assumptions about the sort order of
|
||||||
// "identifiers" or "authorizations" elements in the returned order
|
// "identifiers" or "authorizations" elements in the returned order
|
||||||
@ -502,7 +502,7 @@ func checkOrderStatus(order acme.Order) (bool, error) {
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
// https://tools.ietf.org/html/draft-ietf-acme-acme-16#section-7.1.4
|
// https://tools.ietf.org/html/rfc8555#section-7.1.4
|
||||||
// The domain name MUST be encoded
|
// The domain name MUST be encoded
|
||||||
// in the form in which it would appear in a certificate. That is, it
|
// in the form in which it would appear in a certificate. That is, it
|
||||||
// MUST be encoded according to the rules in Section 7 of [RFC5280].
|
// MUST be encoded according to the rules in Section 7 of [RFC5280].
|
||||||
|
@ -10,15 +10,15 @@ import (
|
|||||||
type Type string
|
type Type string
|
||||||
|
|
||||||
const (
|
const (
|
||||||
// HTTP01 is the "http-01" ACME challenge https://tools.ietf.org/html/draft-ietf-acme-acme-16#section-8.3
|
// HTTP01 is the "http-01" ACME challenge https://tools.ietf.org/html/rfc8555#section-8.3
|
||||||
// Note: ChallengePath returns the URL path to fulfill this challenge
|
// Note: ChallengePath returns the URL path to fulfill this challenge
|
||||||
HTTP01 = Type("http-01")
|
HTTP01 = Type("http-01")
|
||||||
|
|
||||||
// DNS01 is the "dns-01" ACME challenge https://tools.ietf.org/html/draft-ietf-acme-acme-16#section-8.4
|
// DNS01 is the "dns-01" ACME challenge https://tools.ietf.org/html/rfc8555#section-8.4
|
||||||
// Note: GetRecord returns a DNS record which will fulfill this challenge
|
// Note: GetRecord returns a DNS record which will fulfill this challenge
|
||||||
DNS01 = Type("dns-01")
|
DNS01 = Type("dns-01")
|
||||||
|
|
||||||
// TLSALPN01 is the "tls-alpn-01" ACME challenge https://tools.ietf.org/html/draft-ietf-acme-tls-alpn-05
|
// TLSALPN01 is the "tls-alpn-01" ACME challenge https://tools.ietf.org/html/draft-ietf-acme-tls-alpn-07
|
||||||
TLSALPN01 = Type("tls-alpn-01")
|
TLSALPN01 = Type("tls-alpn-01")
|
||||||
)
|
)
|
||||||
|
|
||||||
|
@ -16,7 +16,7 @@ import (
|
|||||||
)
|
)
|
||||||
|
|
||||||
// idPeAcmeIdentifierV1 is the SMI Security for PKIX Certification Extension OID referencing the ACME extension.
|
// idPeAcmeIdentifierV1 is the SMI Security for PKIX Certification Extension OID referencing the ACME extension.
|
||||||
// Reference: https://tools.ietf.org/html/draft-ietf-acme-tls-alpn-05#section-5.1
|
// Reference: https://tools.ietf.org/html/draft-ietf-acme-tls-alpn-07#section-6.1
|
||||||
var idPeAcmeIdentifierV1 = asn1.ObjectIdentifier{1, 3, 6, 1, 5, 5, 7, 1, 31}
|
var idPeAcmeIdentifierV1 = asn1.ObjectIdentifier{1, 3, 6, 1, 5, 5, 7, 1, 31}
|
||||||
|
|
||||||
type ValidateFunc func(core *api.Core, domain string, chlng acme.Challenge) error
|
type ValidateFunc func(core *api.Core, domain string, chlng acme.Challenge) error
|
||||||
@ -83,7 +83,7 @@ func ChallengeBlocks(domain, keyAuth string) ([]byte, []byte, error) {
|
|||||||
|
|
||||||
// Add the keyAuth digest as the acmeValidation-v1 extension
|
// Add the keyAuth digest as the acmeValidation-v1 extension
|
||||||
// (marked as critical such that it won't be used by non-ACME software).
|
// (marked as critical such that it won't be used by non-ACME software).
|
||||||
// Reference: https://tools.ietf.org/html/draft-ietf-acme-tls-alpn-05#section-3
|
// Reference: https://tools.ietf.org/html/draft-ietf-acme-tls-alpn-07#section-3
|
||||||
extensions := []pkix.Extension{
|
extensions := []pkix.Extension{
|
||||||
{
|
{
|
||||||
Id: idPeAcmeIdentifierV1,
|
Id: idPeAcmeIdentifierV1,
|
||||||
|
@ -60,7 +60,7 @@ func (s *ProviderServer) Present(domain, token, keyAuth string) error {
|
|||||||
|
|
||||||
// We must set that the `acme-tls/1` application level protocol is supported
|
// We must set that the `acme-tls/1` application level protocol is supported
|
||||||
// so that the protocol negotiation can succeed. Reference:
|
// so that the protocol negotiation can succeed. Reference:
|
||||||
// https://tools.ietf.org/html/draft-ietf-acme-tls-alpn-01#section-5.2
|
// https://tools.ietf.org/html/draft-ietf-acme-tls-alpn-07#section-6.2
|
||||||
tlsConf.NextProtos = []string{ACMETLS1Protocol}
|
tlsConf.NextProtos = []string{ACMETLS1Protocol}
|
||||||
|
|
||||||
// Create the listener with the created tls.Config.
|
// Create the listener with the created tls.Config.
|
||||||
|
Loading…
Reference in New Issue
Block a user