diff options
author | Guilhem Moulin <guilhem@debian.org> | 2023-04-25 20:07:41 +0200 |
---|---|---|
committer | Guilhem Moulin <guilhem@debian.org> | 2023-04-25 20:07:41 +0200 |
commit | 5d965c73acc3c3e53a407186910cf6a7b8ccd812 (patch) | |
tree | d009d14a9ff1b0e4d87e9ae77098cd7c622186fb /client | |
parent | dc90791dea5335fb48eb23311539710aef375910 (diff) | |
parent | c80a2530eb014b34a314e078fec2589bc7969e33 (diff) |
Merge tag 'v0.8.2' into debian/latest
Release version 0.8.2
Diffstat (limited to 'client')
-rwxr-xr-x | client | 31 |
1 files changed, 17 insertions, 14 deletions
@@ -43,7 +43,7 @@ use warnings; # instance own by another user and created with umask 0177) is not a # problem since SOCKET_FD can be bound as root prior to the execve(2). -our $VERSION = '0.8.1'; +our $VERSION = '0.8.2'; my $PROTOCOL_VERSION = 1; my $NAME = 'lacme-client'; @@ -346,11 +346,12 @@ elsif ($COMMAND eq 'newOrder') { } # poll the order URL (to get the status of all challenges at once) - # until the status become 'valid' + # until the status become 'valid'; see RFC 8555 sec. 7.1.6 for the + # the status change flow my $orderstr = join(', ', map {uc($_->{type}) .":". $_->{value}} @identifiers); my $certuri; - for (my $i = 0;;) { - my $r = acme($orderurl); + for (my $i = 0, my $url = $orderurl, my $payload;;) { + my $r = acme($url => $payload); my $resp = request_json_decode($r); if (defined (my $problem = $resp->{error})) { # problem document (RFC 7807) my $msg = $problem->{status}; @@ -361,19 +362,21 @@ elsif ($COMMAND eq 'newOrder') { my $status = $resp->{status}; if (!defined $status or $status eq "invalid") { die "Error: Invalid order $orderstr\n"; - } - elsif ($status eq "ready") { - my $r = acme($order->{finalize}, {csr => encode_base64url($csr)}); - my $resp = request_json_decode($r); - $certuri = $resp->{certificate}; - last; - } - elsif ($status eq "valid") { + } elsif ($status eq "pending") { + # keep retrying + } elsif ($status eq "ready") { + $url = $order->{finalize}; + $payload = {csr => encode_base64url($csr)}; + # retry after moving to "processing" or "valid" state + next; + } elsif ($status eq "processing") { + $url = $orderurl; + undef $payload; + } elsif ($status eq "valid") { $certuri = $resp->{certificate} // die "Error: Missing \"certificate\" field in \"valid\" order\n"; last; - } - elsif ($status ne "pending" and $status ne "processing") { + } else { warn "Unknown order status: $status\n"; } |