diff options
Diffstat (limited to 'client')
-rwxr-xr-x | client | 31 |
1 files changed, 17 insertions, 14 deletions
@@ -43,7 +43,7 @@ use warnings; # instance own by another user and created with umask 0177) is not a # problem since SOCKET_FD can be bound as root prior to the execve(2). -our $VERSION = '0.8.1'; +our $VERSION = '0.8.2'; my $PROTOCOL_VERSION = 1; my $NAME = 'lacme-client'; @@ -346,11 +346,12 @@ elsif ($COMMAND eq 'newOrder') { } # poll the order URL (to get the status of all challenges at once) - # until the status become 'valid' + # until the status become 'valid'; see RFC 8555 sec. 7.1.6 for the + # the status change flow my $orderstr = join(', ', map {uc($_->{type}) .":". $_->{value}} @identifiers); my $certuri; - for (my $i = 0;;) { - my $r = acme($orderurl); + for (my $i = 0, my $url = $orderurl, my $payload;;) { + my $r = acme($url => $payload); my $resp = request_json_decode($r); if (defined (my $problem = $resp->{error})) { # problem document (RFC 7807) my $msg = $problem->{status}; @@ -361,19 +362,21 @@ elsif ($COMMAND eq 'newOrder') { my $status = $resp->{status}; if (!defined $status or $status eq "invalid") { die "Error: Invalid order $orderstr\n"; - } - elsif ($status eq "ready") { - my $r = acme($order->{finalize}, {csr => encode_base64url($csr)}); - my $resp = request_json_decode($r); - $certuri = $resp->{certificate}; - last; - } - elsif ($status eq "valid") { + } elsif ($status eq "pending") { + # keep retrying + } elsif ($status eq "ready") { + $url = $order->{finalize}; + $payload = {csr => encode_base64url($csr)}; + # retry after moving to "processing" or "valid" state + next; + } elsif ($status eq "processing") { + $url = $orderurl; + undef $payload; + } elsif ($status eq "valid") { $certuri = $resp->{certificate} // die "Error: Missing \"certificate\" field in \"valid\" order\n"; last; - } - elsif ($status ne "pending" and $status ne "processing") { + } else { warn "Unknown order status: $status\n"; } |