Merge tag 'v0.8.2' into debian/latest

Release version 0.8.2
author: Guilhem Moulin <guilhem@debian.org> 2023-04-25 20:07:41 +0200
committer: Guilhem Moulin <guilhem@debian.org> 2023-04-25 20:07:41 +0200
commit: 5d965c73acc3c3e53a407186910cf6a7b8ccd812 (patch)
tree: d009d14a9ff1b0e4d87e9ae77098cd7c622186fb /client
parent: dc90791dea5335fb48eb23311539710aef375910 (diff)
parent: c80a2530eb014b34a314e078fec2589bc7969e33 (diff)
1 files changed, 17 insertions, 14 deletions
diff --git a/client b/client
index 3cda821..d993518 100755
--- a/client
+++ b/client
@@ -43,7 +43,7 @@ use warnings;
 # instance own by another user and created with umask 0177) is not a
 # problem since SOCKET_FD can be bound as root prior to the execve(2).
 
-our $VERSION = '0.8.1';
+our $VERSION = '0.8.2';
 my $PROTOCOL_VERSION = 1;
 my $NAME = 'lacme-client';
 
@@ -346,11 +346,12 @@ elsif ($COMMAND eq 'newOrder') {
     }
 
     # poll the order URL (to get the status of all challenges at once)
-    # until the status become 'valid'
+    # until the status become 'valid'; see RFC 8555 sec. 7.1.6 for the
+    # the status change flow
     my $orderstr = join(', ', map {uc($_->{type}) .":". $_->{value}} @identifiers);
     my $certuri;
-    for (my $i = 0;;) {
-        my $r = acme($orderurl);
+    for (my $i = 0, my $url = $orderurl, my $payload;;) {
+        my $r = acme($url => $payload);
         my $resp = request_json_decode($r);
         if (defined (my $problem = $resp->{error})) { # problem document (RFC 7807)
             my $msg = $problem->{status};
@@ -361,19 +362,21 @@ elsif ($COMMAND eq 'newOrder') {
         my $status = $resp->{status};
         if (!defined $status or $status eq "invalid") {
             die "Error: Invalid order $orderstr\n";
-        }
-        elsif ($status eq "ready") {
-            my $r = acme($order->{finalize}, {csr => encode_base64url($csr)});
-            my $resp = request_json_decode($r);
-            $certuri = $resp->{certificate};
-            last;
-        }
-        elsif ($status eq "valid") {
+        } elsif ($status eq "pending") {
+            # keep retrying
+        } elsif ($status eq "ready") {
+            $url = $order->{finalize};
+            $payload = {csr => encode_base64url($csr)};
+            # retry after moving to "processing" or "valid" state
+            next;
+        } elsif ($status eq "processing") {
+            $url = $orderurl;
+            undef $payload;
+        } elsif ($status eq "valid") {
             $certuri = $resp->{certificate} //
                 die "Error: Missing \"certificate\" field in \"valid\" order\n";
             last;
-        }
-        elsif ($status ne "pending" and $status ne "processing") {
+        } else {
             warn "Unknown order status: $status\n";
         }
author	Guilhem Moulin <guilhem@debian.org>	2023-04-25 20:07:41 +0200
committer	Guilhem Moulin <guilhem@debian.org>	2023-04-25 20:07:41 +0200
commit	5d965c73acc3c3e53a407186910cf6a7b8ccd812 (patch)
tree	d009d14a9ff1b0e4d87e9ae77098cd7c622186fb /client
parent	dc90791dea5335fb48eb23311539710aef375910 (diff)
parent	c80a2530eb014b34a314e078fec2589bc7969e33 (diff)