New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

present more challenge metadata for non-http challenge types #13

Closed
wants to merge 2 commits into
from

Conversation

Projects
None yet
3 participants
@xdgc

xdgc commented Nov 23, 2016

When -t is used to perform a challenge using dns-01 or some other
hypothetical challenge type, only the token and thumbprint are
displayed. That's not enough information to set up challenge response
manually. This patch extends the chngproc IPC semantics and the
stdout from netproc to provide the challenge type and domain name
being challenged. That's enough for external challenge setup.

This particularly comes into interest when retrieving a single
certificate with multiple subjectAlternativeNames, especially when those
alt names are in different DNS domains and might require different
account authorizations to perform updates.

David Champion
present more challenge metadata for non-http challenge types
When -t is used to perform a challenge using dns-01 or some other
hypothetical challenge type, only the token and thumbprint are
displayed.  That's not enough information to set up challenge response
manually.  This patch extends the chngproc IPC semantics and the
stdout from netproc to provide the challenge type and domain name
being challenged.  That's enough for external challenge setup.

This particularly comes into interest when retrieving a single
certificate with multiple subjectAlternativeNames, especially when those
alt names are in different DNS domains and might require different
account authorizations to perform updates.
@kristapsdz

This comment has been minimized.

Show comment
Hide comment
@kristapsdz

kristapsdz Nov 24, 2016

Owner

Good point. I figured the challenge part would be obvious because it's required in invoking the acme-client process, but it can't hurt. Can you update the manpage as well in your patch?

Owner

kristapsdz commented Nov 24, 2016

Good point. I figured the challenge part would be obvious because it's required in invoking the acme-client process, but it can't hurt. Can you update the manpage as well in your patch?

@xdgc

This comment has been minimized.

Show comment
Hide comment
@xdgc

xdgc Nov 25, 2016

Ah, yes - I will do that. It's a holiday here, will get to this in the next couple of days.

xdgc commented Nov 25, 2016

Ah, yes - I will do that. It's a holiday here, will get to this in the next couple of days.

@xdgc

This comment has been minimized.

Show comment
Hide comment
@xdgc

xdgc Nov 25, 2016

I took the liberty of expanding the text on -t and of adding an example. Happy to make any changes you prefer.

xdgc commented Nov 25, 2016

I took the liberty of expanding the text on -t and of adding an example. Happy to make any changes you prefer.

@fraenki

This comment has been minimized.

Show comment
Hide comment
@fraenki

fraenki Jan 17, 2017

Looks interesting. Is there an ETA for merging this PR?

fraenki commented Jan 17, 2017

Looks interesting. Is there an ETA for merging this PR?

kristapsdz pushed a commit to kristapsdz/acme-client that referenced this pull request Jan 28, 2017

kristaps
Expand on the external thumbprint idea, from kristapsdz/acme-client-p…
…ortable#13 .

This creates a triplet exported to the operator: challenge type, domain, and print.

kristapsdz pushed a commit to kristapsdz/acme-client that referenced this pull request Jan 28, 2017

@kristapsdz

This comment has been minimized.

Show comment
Hide comment
@kristapsdz

kristapsdz Jan 28, 2017

Owner

Done. I moved around the manpage bits quite a lot, however. But other than that, thanks!

@fraenki, if you have feature requests and aren't willing to contribute patches like @xdgc's excellent work, you can request ETAs by establishing a paid contract.

Owner

kristapsdz commented Jan 28, 2017

Done. I moved around the manpage bits quite a lot, however. But other than that, thanks!

@fraenki, if you have feature requests and aren't willing to contribute patches like @xdgc's excellent work, you can request ETAs by establishing a paid contract.

@kristapsdz kristapsdz closed this Jan 28, 2017

@fraenki

This comment has been minimized.

Show comment
Hide comment
@fraenki

fraenki Jan 30, 2017

@kristapsdz, thanks for the clarification. Point taken.

fraenki commented Jan 30, 2017

@kristapsdz, thanks for the clarification. Point taken.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment