Skip to content

Conf: allow unversioned challenge names. #58

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
wants to merge 1 commit into
base: main
Choose a base branch
from
+29 −22
Open

Conf: allow unversioned challenge names. #58

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
7 changes: 5 additions & 2 deletions README.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -201,8 +201,11 @@ restart unless [state_path](#state_path) is configured.

Sets challenge type used for this issuer. Allowed values:

- `http-01`
- `tls-alpn-01`
- `http-01` (`http`)
- `tls-alpn-01` (`tls-alpn`)

ACME challenges are versioned, but if you specify an unversioned name,
the module will select the latest implemented version automatically.

### contact

Expand Down
11 changes: 0 additions & 11 deletions src/acme/types.rs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -157,17 +157,6 @@ pub enum ChallengeKind {
Other(String),
}

impl From<&str> for ChallengeKind {
fn from(s: &str) -> Self {
match s {
"http-01" => ChallengeKind::Http01,
"dns-01" => ChallengeKind::Dns01,
"tls-alpn-01" => ChallengeKind::TlsAlpn01,
_ => ChallengeKind::Other(s.to_string()),
}
}
}

#[derive(Clone, Debug, Deserialize, Eq, PartialEq)]
#[serde(rename_all = "camelCase")]
pub enum ChallengeStatus {
Expand Down
16 changes: 8 additions & 8 deletions src/conf.rs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -338,15 +338,15 @@ extern "C" fn cmd_issuer_set_challenge(
}

// NGX_CONF_TAKE1 ensures that args contains 2 elements
let args = cf.args();
let val = cf.args()[1];

let Ok(val) = core::str::from_utf8(args[1].as_bytes()) else {
return NGX_CONF_ERROR;
};
let val = ChallengeKind::from(val);
if !matches!(val, ChallengeKind::Http01 | ChallengeKind::TlsAlpn01) {
ngx_conf_log_error!(NGX_LOG_EMERG, cf, "unsupported challenge type: {val:?}");
return NGX_CONF_ERROR;
let val = match val.as_bytes() {
b"http" | b"http-01" => ChallengeKind::Http01,
b"tls-alpn" | b"tls-alpn-01" => ChallengeKind::TlsAlpn01,
_ => {
ngx_conf_log_error!(NGX_LOG_EMERG, cf, "unsupported challenge: {val}");
return NGX_CONF_ERROR;
}
};

issuer.challenge = Some(val);
Expand Down
17 changes: 16 additions & 1 deletion t/acme_conf_issuer.t
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -24,7 +24,7 @@ use Test::Nginx;
select STDERR; $| = 1;
select STDOUT; $| = 1;

my $t = Test::Nginx->new()->has(qw/http http_ssl/)->plan(7);
my $t = Test::Nginx->new()->has(qw/http http_ssl/)->plan(8);

use constant TEMPLATE_CONF => <<'EOF';
Expand Down Expand Up @@ -67,6 +67,7 @@ acme_shared_zone zone=ngx_acme_shared:1M;
acme_issuer example {
uri https://localhost:%%PORT_9000%%/dir;
account_key ecdsa:256;
challenge http;
contact [email protected];
ssl_verify off;
state_path %%TESTDIR%%;
Expand Down Expand Up @@ -161,6 +162,20 @@ resolver 127.0.0.1:%%PORT_8980_UDP%%;
EOF


like(check($t, <<'EOF' ), qr/\[emerg].*unsupported challenge/, 'bad challenge');
acme_issuer example {
uri https://localhost:%%PORT_9000%%/dir;
challenge bad-value;
ssl_verify off;
state_path %%TESTDIR%%;
}
resolver 127.0.0.1:%%PORT_8980_UDP%%;
EOF

# stop and clear the log to avoid triggering sanitizer checks

$t->stop()->write_file('error.log', '');
Expand Down