diff options
author | Florian Obser <florian@cvs.openbsd.org> | 2018-03-14 12:28:26 +0000 |
---|---|---|
committer | Florian Obser <florian@cvs.openbsd.org> | 2018-03-14 12:28:26 +0000 |
commit | 0c023b6c50752bc8f08e7e730ecd991d9a17058a (patch) | |
tree | bc14440b3cfe8823693d4eea281e5843c95badf6 /usr.sbin/acme-client/netproc.c | |
parent | 78e8797871738f61c0fa9d2acd2375a0f77ffb90 (diff) |
letsencrypt responded with a 301 redirect when requesting the chain
certificate for some time.
While they stopped doing so it seems best to follow redirects anyway.
More status codes pointed out by & OK sthen
OK benno
Diffstat (limited to 'usr.sbin/acme-client/netproc.c')
-rw-r--r-- | usr.sbin/acme-client/netproc.c | 36 |
1 files changed, 34 insertions, 2 deletions
diff --git a/usr.sbin/acme-client/netproc.c b/usr.sbin/acme-client/netproc.c index 26033a3fc3c..dd78580e852 100644 --- a/usr.sbin/acme-client/netproc.c +++ b/usr.sbin/acme-client/netproc.c @@ -1,4 +1,4 @@ -/* $Id: netproc.c,v 1.15 2018/02/06 05:08:27 florian Exp $ */ +/* $Id: netproc.c,v 1.16 2018/03/14 12:28:25 florian Exp $ */ /* * Copyright (c) 2016 Kristaps Dzonsons <kristaps@bsd.lv> * @@ -180,15 +180,18 @@ nreq(struct conn *c, const char *addr) { struct httpget *g; struct source src[MAX_SERVERS_DNS]; + struct httphead *st; char *host, *path; short port; size_t srcsz; ssize_t ssz; long code; + int redirects = 0; if ((host = url2host(addr, &port, &path)) == NULL) return -1; +again: if ((ssz = urlresolve(c->dfd, host, src)) < 0) { free(host); free(path); @@ -202,7 +205,36 @@ nreq(struct conn *c, const char *addr) if (g == NULL) return -1; - code = g->code; + switch (g->code) { + case 301: + case 302: + case 303: + case 307: + case 308: + redirects++; + if (redirects > 3) { + warnx("too many redirects"); + http_get_free(g); + return -1; + } + + if ((st = http_head_get("Location", g->head, g->headsz)) == + NULL) { + warnx("redirect without location header"); + return -1; + } + + dodbg("Location: %s", st->val); + host = url2host(st->val, &port, &path); + http_get_free(g); + if (host == NULL) + return -1; + goto again; + break; + default: + code = g->code; + break; + } /* Copy the body part into our buffer. */ |