Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Remove KeyAuthorization from challenge updates. #96

Merged
merged 2 commits into from
Mar 6, 2018
Merged

Remove KeyAuthorization from challenge updates. #96

merged 2 commits into from
Mar 6, 2018

Commits on Mar 6, 2018

  1. Remove KeyAuthorization from challenge updates. 

    Per ACME draft-10 challenge update POST bodies should no longer include
the `KeyAuthorization` field, the server can calculate this on its own.
Similarly, it shouldn't be returned in challenge bodies sent to the
client because the client can calculate it themselves.

This commit updates Pebble to *reject* challenge updates with
a `KeyAuthorization` field. This is fairly aggressive: We could simply
ignore this field, but Pebble is meant to encourage good client
behaviour so we'll be more aggressive than Boulder will.
    Daniel committed Mar 6, 2018
    Configuration menu
    Copy the full SHA
    1cdb470 View commit details
    Browse the repository at this point in the history

  2. Treat KeyAuthorization as pointer, detect not nil

    Daniel committed Mar 6, 2018
    Configuration menu
    Copy the full SHA
    ee20d06 View commit details
    Browse the repository at this point in the history