Perform keyauth hashing in AddDNSOneChallenge, add ACME prefix #8

cpu · 2019-04-04T17:20:11Z

Presently the AddDNSOneChallenge function is quite simple and adds the provided content under the provided host:

Lines 9 to 15 in 285efd6

    
           // AddDNSOneChallenge adds a TXT record for the given host with the given 
        
           // content. 
        
           func (s *ChallSrv) AddDNSOneChallenge(host, content string) { 
        
           	s.challMu.Lock() 
        
           	defer s.challMu.Unlock() 
        
           	s.dnsOne[host] = append(s.dnsOne[host], content) 
        
           }

That means callers have to add the _acme-challenge. prefix for RFC 8555 DNS-01 challenges to the host themselves. They're also responsible for hashing the key authorization for the content argument.

Since this is a function specifically for DNS-01 it should do more of this work automatically. This is an API breaking change and will need to bump the release accordingly.

The text was updated successfully, but these errors were encountered:

cpu · 2019-04-04T18:53:05Z

It would probably be worthwhile to take this as a chance to holistically review the whole API and make similar improvements for TLS-ALPN-01 and HTTP-01 as appropriate. I think there could also be some consistency changes made in naming.

cpu added the enhancement New feature or request label Apr 4, 2019

cpu mentioned this issue Apr 4, 2019

load-generator: support all challenge types, run in CI. letsencrypt/boulder#4140

Merged

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Perform keyauth hashing in AddDNSOneChallenge, add ACME prefix #8

Perform keyauth hashing in AddDNSOneChallenge, add ACME prefix #8

cpu commented Apr 4, 2019

cpu commented Apr 4, 2019

Perform keyauth hashing in AddDNSOneChallenge, add ACME prefix #8

Perform keyauth hashing in AddDNSOneChallenge, add ACME prefix #8

Comments

cpu commented Apr 4, 2019

cpu commented Apr 4, 2019