Compatibility with buypass.no ACME server

At the time of this writing the buypass.no ACME server returns a valid account Location header but an empty body in response to a request per RFC8555 section 7.3.1 (Finding an Account URL Given a Key), even though the RFC clearly states "The body of this response represents the account object as it existed on the server before this request" Prior to this commit uacme followed the RFC to the letter and strictly checked the account status from the server response body, bailing out if not found or not valid. This made uacme incapable of requesting certificates from buypass.no. This commit relaxes the account status check, which is now only made if the status field is actually there; this makes uacme tolerant of buypass.no's RFC deviation.
ndilieto · Jan 21, 2020 · dc70f92 · dc70f92
1 parent a0e2955
commit dc70f92
Showing 1 changed file with 3 additions and 3 deletions.
diff --git a/uacme.c b/uacme.c
@@ -582,10 +582,10 @@ bool account_retrieve(acme_t *a)
             acme_error(a);
             return false;
     }
-    if (json_compare_string(a->json, "status", "valid"))
+    const char* status = json_find_string(a->json, "status");
+    if (status && strcmp(status, "valid"))
     {
-        const char* status = json_find_string(a->json, "status");
-        warnx("invalid account status (%s)", status ? status : "unknown");
+        warnx("invalid account status (%s)", status);
         return false;
     }
     if (!(a->kid = find_header(a->headers, "Location")))