summaryrefslogtreecommitdiff
path: root/usr.sbin/acme-client/netproc.c
diff options
context:
space:
mode:
authorFlorian Obser <florian@cvs.openbsd.org>2018-03-14 12:28:26 +0000
committerFlorian Obser <florian@cvs.openbsd.org>2018-03-14 12:28:26 +0000
commit0c023b6c50752bc8f08e7e730ecd991d9a17058a (patch)
treebc14440b3cfe8823693d4eea281e5843c95badf6 /usr.sbin/acme-client/netproc.c
parent78e8797871738f61c0fa9d2acd2375a0f77ffb90 (diff)
letsencrypt responded with a 301 redirect when requesting the chain
certificate for some time. While they stopped doing so it seems best to follow redirects anyway. More status codes pointed out by & OK sthen OK benno
Diffstat (limited to 'usr.sbin/acme-client/netproc.c')
-rw-r--r--usr.sbin/acme-client/netproc.c36
1 files changed, 34 insertions, 2 deletions
diff --git a/usr.sbin/acme-client/netproc.c b/usr.sbin/acme-client/netproc.c
index 26033a3fc3c..dd78580e852 100644
--- a/usr.sbin/acme-client/netproc.c
+++ b/usr.sbin/acme-client/netproc.c
@@ -1,4 +1,4 @@
-/* $Id: netproc.c,v 1.15 2018/02/06 05:08:27 florian Exp $ */
+/* $Id: netproc.c,v 1.16 2018/03/14 12:28:25 florian Exp $ */
/*
* Copyright (c) 2016 Kristaps Dzonsons <kristaps@bsd.lv>
*
@@ -180,15 +180,18 @@ nreq(struct conn *c, const char *addr)
{
struct httpget *g;
struct source src[MAX_SERVERS_DNS];
+ struct httphead *st;
char *host, *path;
short port;
size_t srcsz;
ssize_t ssz;
long code;
+ int redirects = 0;
if ((host = url2host(addr, &port, &path)) == NULL)
return -1;
+again:
if ((ssz = urlresolve(c->dfd, host, src)) < 0) {
free(host);
free(path);
@@ -202,7 +205,36 @@ nreq(struct conn *c, const char *addr)
if (g == NULL)
return -1;
- code = g->code;
+ switch (g->code) {
+ case 301:
+ case 302:
+ case 303:
+ case 307:
+ case 308:
+ redirects++;
+ if (redirects > 3) {
+ warnx("too many redirects");
+ http_get_free(g);
+ return -1;
+ }
+
+ if ((st = http_head_get("Location", g->head, g->headsz)) ==
+ NULL) {
+ warnx("redirect without location header");
+ return -1;
+ }
+
+ dodbg("Location: %s", st->val);
+ host = url2host(st->val, &port, &path);
+ http_get_free(g);
+ if (host == NULL)
+ return -1;
+ goto again;
+ break;
+ default:
+ code = g->code;
+ break;
+ }
/* Copy the body part into our buffer. */