summaryrefslogtreecommitdiff
path: root/usr.sbin/acme-client
diff options
context:
space:
mode:
authorFlorian Obser <florian@cvs.openbsd.org>2020-09-14 16:00:18 +0000
committerFlorian Obser <florian@cvs.openbsd.org>2020-09-14 16:00:18 +0000
commit80df7e3b2adefb2db5ea6317b9a03ef61551ab52 (patch)
tree796ba72d3ad7af534174bc78e4afbdf470cd6458 /usr.sbin/acme-client
parent4d894f7a4047e0aa82059f8199be53fd0ecbbf98 (diff)
We need to be able to provide contact information to use the
buypass.com acme api. From Bartosz Kuzma (bartosz.kuzma AT release11.com), thanks! OK beck, deraadt
Diffstat (limited to 'usr.sbin/acme-client')
-rw-r--r--usr.sbin/acme-client/acme-client.conf.59
-rw-r--r--usr.sbin/acme-client/extern.h4
-rw-r--r--usr.sbin/acme-client/json.c18
-rw-r--r--usr.sbin/acme-client/netproc.c12
-rw-r--r--usr.sbin/acme-client/parse.h3
-rw-r--r--usr.sbin/acme-client/parse.y15
6 files changed, 44 insertions, 17 deletions
diff --git a/usr.sbin/acme-client/acme-client.conf.5 b/usr.sbin/acme-client/acme-client.conf.5
index 08a47a76ab7..85a6c1415ce 100644
--- a/usr.sbin/acme-client/acme-client.conf.5
+++ b/usr.sbin/acme-client/acme-client.conf.5
@@ -1,4 +1,4 @@
-.\" $OpenBSD: acme-client.conf.5,v 1.25 2020/05/16 16:58:11 jmc Exp $
+.\" $OpenBSD: acme-client.conf.5,v 1.26 2020/09/14 16:00:17 florian Exp $
.\"
.\" Copyright (c) 2005 Esben Norby <norby@openbsd.org>
.\" Copyright (c) 2004 Claudio Jeker <claudio@openbsd.org>
@@ -17,7 +17,7 @@
.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
.\"
-.Dd $Mdocdate: May 16 2020 $
+.Dd $Mdocdate: September 14 2020 $
.Dt ACME-CLIENT.CONF 5
.Os
.Sh NAME
@@ -98,6 +98,11 @@ It defaults to
Specify the
.Ar url
under which the ACME API is reachable.
+.It Ic contact Ar contact
+Optional
+.Ar contact
+URLs that the authority can use to contact the client for issues related to
+this account.
.El
.Sh DOMAINS
The certificates to be obtained through ACME.
diff --git a/usr.sbin/acme-client/extern.h b/usr.sbin/acme-client/extern.h
index 3edf1304582..4b43b6ef4ac 100644
--- a/usr.sbin/acme-client/extern.h
+++ b/usr.sbin/acme-client/extern.h
@@ -1,4 +1,4 @@
-/* $Id: extern.h,v 1.19 2020/09/14 13:49:13 florian Exp $ */
+/* $Id: extern.h,v 1.20 2020/09/14 16:00:17 florian Exp $ */
/*
* Copyright (c) 2016 Kristaps Dzonsons <kristaps@bsd.lv>
*
@@ -263,7 +263,7 @@ char *json_getstr(struct jsmnn *, const char *);
char *json_fmt_newcert(const char *);
char *json_fmt_chkacc(void);
-char *json_fmt_newacc(void);
+char *json_fmt_newacc(const char *);
char *json_fmt_neworder(const char *const *, size_t);
char *json_fmt_protected_rsa(const char *,
const char *, const char *, const char *);
diff --git a/usr.sbin/acme-client/json.c b/usr.sbin/acme-client/json.c
index 13fb81705cc..92e087b2ec7 100644
--- a/usr.sbin/acme-client/json.c
+++ b/usr.sbin/acme-client/json.c
@@ -1,4 +1,4 @@
-/* $Id: json.c,v 1.20 2020/09/14 13:49:13 florian Exp $ */
+/* $Id: json.c,v 1.21 2020/09/14 16:00:17 florian Exp $ */
/*
* Copyright (c) 2016 Kristaps Dzonsons <kristaps@bsd.lv>
*
@@ -618,14 +618,24 @@ json_fmt_chkacc(void)
* Format the "newAccount" resource request.
*/
char *
-json_fmt_newacc(void)
+json_fmt_newacc(const char *contact)
{
int c;
- char *p;
+ char *p, *cnt = NULL;
+
+ if (contact != NULL) {
+ c = asprintf(&cnt, "\"contact\": [ \"%s\" ], ", contact);
+ if (c == -1) {
+ warn("asprintf");
+ return NULL;
+ }
+ }
c = asprintf(&p, "{"
+ "%s"
"\"termsOfServiceAgreed\": true"
- "}");
+ "}", cnt == NULL ? "" : cnt);
+ free(cnt);
if (c == -1) {
warn("asprintf");
p = NULL;
diff --git a/usr.sbin/acme-client/netproc.c b/usr.sbin/acme-client/netproc.c
index e8ee5adffd7..38732a4dd01 100644
--- a/usr.sbin/acme-client/netproc.c
+++ b/usr.sbin/acme-client/netproc.c
@@ -1,4 +1,4 @@
-/* $Id: netproc.c,v 1.27 2020/09/14 13:49:13 florian Exp $ */
+/* $Id: netproc.c,v 1.28 2020/09/14 16:00:17 florian Exp $ */
/*
* Copyright (c) 2016 Kristaps Dzonsons <kristaps@bsd.lv>
*
@@ -369,14 +369,14 @@ sreq(struct conn *c, const char *addr, int kid, const char *req, char **loc)
* Returns non-zero on success.
*/
static int
-donewacc(struct conn *c, const struct capaths *p)
+donewacc(struct conn *c, const struct capaths *p, const char *contact)
{
struct jsmnn *j = NULL;
int rc = 0;
char *req, *detail, *error = NULL;
long lc;
- if ((req = json_fmt_newacc()) == NULL)
+ if ((req = json_fmt_newacc(contact)) == NULL)
warnx("json_fmt_newacc");
else if ((lc = sreq(c, p->newaccount, 0, req, &c->kid)) < 0)
warnx("%s: bad comm", p->newaccount);
@@ -410,7 +410,7 @@ donewacc(struct conn *c, const struct capaths *p)
* Returns non-zero on success.
*/
static int
-dochkacc(struct conn *c, const struct capaths *p)
+dochkacc(struct conn *c, const struct capaths *p, const char *contact)
{
int rc = 0;
char *req;
@@ -425,7 +425,7 @@ dochkacc(struct conn *c, const struct capaths *p)
else if (c->buf.buf == NULL || c->buf.sz == 0)
warnx("%s: empty response", p->newaccount);
else if (lc == 400)
- rc = donewacc(c, p);
+ rc = donewacc(c, p, contact);
else
rc = 1;
@@ -755,7 +755,7 @@ netproc(int kfd, int afd, int Cfd, int cfd, int dfd, int rfd,
c.newnonce = paths.newnonce;
/* Check if our account already exists or create it. */
- if (!dochkacc(&c, &paths))
+ if (!dochkacc(&c, &paths, authority->contact))
goto out;
/*
diff --git a/usr.sbin/acme-client/parse.h b/usr.sbin/acme-client/parse.h
index 9de5a490f69..3954f62a0d0 100644
--- a/usr.sbin/acme-client/parse.h
+++ b/usr.sbin/acme-client/parse.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: parse.h,v 1.14 2020/05/10 12:06:18 benno Exp $ */
+/* $OpenBSD: parse.h,v 1.15 2020/09/14 16:00:17 florian Exp $ */
/*
* Copyright (c) 2016 Sebastian Benoit <benno@openbsd.org>
*
@@ -38,6 +38,7 @@ struct authority_c {
char *api;
char *account;
enum keytype keytype;
+ char *contact;
};
struct domain_c {
diff --git a/usr.sbin/acme-client/parse.y b/usr.sbin/acme-client/parse.y
index 120f253a63f..1febcb10a3a 100644
--- a/usr.sbin/acme-client/parse.y
+++ b/usr.sbin/acme-client/parse.y
@@ -1,4 +1,4 @@
-/* $OpenBSD: parse.y,v 1.41 2020/05/16 20:19:23 sthen Exp $ */
+/* $OpenBSD: parse.y,v 1.42 2020/09/14 16:00:17 florian Exp $ */
/*
* Copyright (c) 2016 Kristaps Dzonsons <kristaps@bsd.lv>
@@ -100,7 +100,7 @@ typedef struct {
%}
-%token AUTHORITY URL API ACCOUNT
+%token AUTHORITY URL API ACCOUNT CONTACT
%token DOMAIN ALTERNATIVE NAME NAMES CERT FULL CHAIN KEY SIGN WITH CHALLENGEDIR
%token YES NO
%token INCLUDE
@@ -230,6 +230,16 @@ authorityoptsl : API URL STRING {
auth->account = s;
auth->keytype = $4;
}
+ | CONTACT STRING {
+ char *s;
+ if (auth->contact != NULL) {
+ yyerror("duplicate contact");
+ YYERROR;
+ }
+ if ((s = strdup($2)) == NULL)
+ err(EXIT_FAILURE, "strdup");
+ auth->contact = s;
+ }
;
domain : DOMAIN STRING {
@@ -452,6 +462,7 @@ lookup(char *s)
{"certificate", CERT},
{"chain", CHAIN},
{"challengedir", CHALLENGEDIR},
+ {"contact", CONTACT},
{"domain", DOMAIN},
{"ecdsa", ECDSA},
{"full", FULL},