Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Error responses are missing Nonce-Field #111

Closed
grindsa opened this issue Jun 18, 2023 · 1 comment
Closed

Error responses are missing Nonce-Field #111

grindsa opened this issue Jun 18, 2023 · 1 comment
Labels
bug Something isn't working ready_for_testing

Comments

@grindsa
Copy link
Owner

grindsa commented Jun 18, 2023

Testing with Posh-ACME indicated a bug in a2c nonce-handling

RFC 8555 section 6.5 states.

An ACME server provides nonces to clients using the HTTP Replay-Nonce
header field, as specified in [Section 6.5.1](https://datatracker.ietf.org/doc/html/rfc8555#section-6.5.1).  The server MUST include
a Replay-Nonce header field in every successful response to a POST  request and SHOULD provide it in error responses as well.

a2c does not add a nonce in case of error-responses but invalidates the existing nonce. Thus Posh-ACME re-uses the formerly sent nonce which leads into a replay-protection error in a2c.
@grindsa grindsa added the bug Something isn't working label Jun 18, 2023
grindsa added a commit that referenced this issue Jun 18, 2023
@grindsa
[fix] - #111 nonce-handling in error responses
1488c33
@grindsa
Copy link
Owner Author

grindsa commented Jun 19, 2023

Fix got included in v0.28

@grindsa grindsa closed this as completed Jun 19, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug Something isn't working ready_for_testing
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@grindsa