diff options
author | Florian Obser <florian@cvs.openbsd.org> | 2020-09-14 16:00:18 +0000 |
---|---|---|
committer | Florian Obser <florian@cvs.openbsd.org> | 2020-09-14 16:00:18 +0000 |
commit | 80df7e3b2adefb2db5ea6317b9a03ef61551ab52 (patch) | |
tree | 796ba72d3ad7af534174bc78e4afbdf470cd6458 /usr.sbin/acme-client | |
parent | 4d894f7a4047e0aa82059f8199be53fd0ecbbf98 (diff) |
We need to be able to provide contact information to use the
buypass.com acme api.
From Bartosz Kuzma (bartosz.kuzma AT release11.com), thanks!
OK beck, deraadt
Diffstat (limited to 'usr.sbin/acme-client')
-rw-r--r-- | usr.sbin/acme-client/acme-client.conf.5 | 9 | ||||
-rw-r--r-- | usr.sbin/acme-client/extern.h | 4 | ||||
-rw-r--r-- | usr.sbin/acme-client/json.c | 18 | ||||
-rw-r--r-- | usr.sbin/acme-client/netproc.c | 12 | ||||
-rw-r--r-- | usr.sbin/acme-client/parse.h | 3 | ||||
-rw-r--r-- | usr.sbin/acme-client/parse.y | 15 |
6 files changed, 44 insertions, 17 deletions
diff --git a/usr.sbin/acme-client/acme-client.conf.5 b/usr.sbin/acme-client/acme-client.conf.5 index 08a47a76ab7..85a6c1415ce 100644 --- a/usr.sbin/acme-client/acme-client.conf.5 +++ b/usr.sbin/acme-client/acme-client.conf.5 @@ -1,4 +1,4 @@ -.\" $OpenBSD: acme-client.conf.5,v 1.25 2020/05/16 16:58:11 jmc Exp $ +.\" $OpenBSD: acme-client.conf.5,v 1.26 2020/09/14 16:00:17 florian Exp $ .\" .\" Copyright (c) 2005 Esben Norby <norby@openbsd.org> .\" Copyright (c) 2004 Claudio Jeker <claudio@openbsd.org> @@ -17,7 +17,7 @@ .\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF .\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. .\" -.Dd $Mdocdate: May 16 2020 $ +.Dd $Mdocdate: September 14 2020 $ .Dt ACME-CLIENT.CONF 5 .Os .Sh NAME @@ -98,6 +98,11 @@ It defaults to Specify the .Ar url under which the ACME API is reachable. +.It Ic contact Ar contact +Optional +.Ar contact +URLs that the authority can use to contact the client for issues related to +this account. .El .Sh DOMAINS The certificates to be obtained through ACME. diff --git a/usr.sbin/acme-client/extern.h b/usr.sbin/acme-client/extern.h index 3edf1304582..4b43b6ef4ac 100644 --- a/usr.sbin/acme-client/extern.h +++ b/usr.sbin/acme-client/extern.h @@ -1,4 +1,4 @@ -/* $Id: extern.h,v 1.19 2020/09/14 13:49:13 florian Exp $ */ +/* $Id: extern.h,v 1.20 2020/09/14 16:00:17 florian Exp $ */ /* * Copyright (c) 2016 Kristaps Dzonsons <kristaps@bsd.lv> * @@ -263,7 +263,7 @@ char *json_getstr(struct jsmnn *, const char *); char *json_fmt_newcert(const char *); char *json_fmt_chkacc(void); -char *json_fmt_newacc(void); +char *json_fmt_newacc(const char *); char *json_fmt_neworder(const char *const *, size_t); char *json_fmt_protected_rsa(const char *, const char *, const char *, const char *); diff --git a/usr.sbin/acme-client/json.c b/usr.sbin/acme-client/json.c index 13fb81705cc..92e087b2ec7 100644 --- a/usr.sbin/acme-client/json.c +++ b/usr.sbin/acme-client/json.c @@ -1,4 +1,4 @@ -/* $Id: json.c,v 1.20 2020/09/14 13:49:13 florian Exp $ */ +/* $Id: json.c,v 1.21 2020/09/14 16:00:17 florian Exp $ */ /* * Copyright (c) 2016 Kristaps Dzonsons <kristaps@bsd.lv> * @@ -618,14 +618,24 @@ json_fmt_chkacc(void) * Format the "newAccount" resource request. */ char * -json_fmt_newacc(void) +json_fmt_newacc(const char *contact) { int c; - char *p; + char *p, *cnt = NULL; + + if (contact != NULL) { + c = asprintf(&cnt, "\"contact\": [ \"%s\" ], ", contact); + if (c == -1) { + warn("asprintf"); + return NULL; + } + } c = asprintf(&p, "{" + "%s" "\"termsOfServiceAgreed\": true" - "}"); + "}", cnt == NULL ? "" : cnt); + free(cnt); if (c == -1) { warn("asprintf"); p = NULL; diff --git a/usr.sbin/acme-client/netproc.c b/usr.sbin/acme-client/netproc.c index e8ee5adffd7..38732a4dd01 100644 --- a/usr.sbin/acme-client/netproc.c +++ b/usr.sbin/acme-client/netproc.c @@ -1,4 +1,4 @@ -/* $Id: netproc.c,v 1.27 2020/09/14 13:49:13 florian Exp $ */ +/* $Id: netproc.c,v 1.28 2020/09/14 16:00:17 florian Exp $ */ /* * Copyright (c) 2016 Kristaps Dzonsons <kristaps@bsd.lv> * @@ -369,14 +369,14 @@ sreq(struct conn *c, const char *addr, int kid, const char *req, char **loc) * Returns non-zero on success. */ static int -donewacc(struct conn *c, const struct capaths *p) +donewacc(struct conn *c, const struct capaths *p, const char *contact) { struct jsmnn *j = NULL; int rc = 0; char *req, *detail, *error = NULL; long lc; - if ((req = json_fmt_newacc()) == NULL) + if ((req = json_fmt_newacc(contact)) == NULL) warnx("json_fmt_newacc"); else if ((lc = sreq(c, p->newaccount, 0, req, &c->kid)) < 0) warnx("%s: bad comm", p->newaccount); @@ -410,7 +410,7 @@ donewacc(struct conn *c, const struct capaths *p) * Returns non-zero on success. */ static int -dochkacc(struct conn *c, const struct capaths *p) +dochkacc(struct conn *c, const struct capaths *p, const char *contact) { int rc = 0; char *req; @@ -425,7 +425,7 @@ dochkacc(struct conn *c, const struct capaths *p) else if (c->buf.buf == NULL || c->buf.sz == 0) warnx("%s: empty response", p->newaccount); else if (lc == 400) - rc = donewacc(c, p); + rc = donewacc(c, p, contact); else rc = 1; @@ -755,7 +755,7 @@ netproc(int kfd, int afd, int Cfd, int cfd, int dfd, int rfd, c.newnonce = paths.newnonce; /* Check if our account already exists or create it. */ - if (!dochkacc(&c, &paths)) + if (!dochkacc(&c, &paths, authority->contact)) goto out; /* diff --git a/usr.sbin/acme-client/parse.h b/usr.sbin/acme-client/parse.h index 9de5a490f69..3954f62a0d0 100644 --- a/usr.sbin/acme-client/parse.h +++ b/usr.sbin/acme-client/parse.h @@ -1,4 +1,4 @@ -/* $OpenBSD: parse.h,v 1.14 2020/05/10 12:06:18 benno Exp $ */ +/* $OpenBSD: parse.h,v 1.15 2020/09/14 16:00:17 florian Exp $ */ /* * Copyright (c) 2016 Sebastian Benoit <benno@openbsd.org> * @@ -38,6 +38,7 @@ struct authority_c { char *api; char *account; enum keytype keytype; + char *contact; }; struct domain_c { diff --git a/usr.sbin/acme-client/parse.y b/usr.sbin/acme-client/parse.y index 120f253a63f..1febcb10a3a 100644 --- a/usr.sbin/acme-client/parse.y +++ b/usr.sbin/acme-client/parse.y @@ -1,4 +1,4 @@ -/* $OpenBSD: parse.y,v 1.41 2020/05/16 20:19:23 sthen Exp $ */ +/* $OpenBSD: parse.y,v 1.42 2020/09/14 16:00:17 florian Exp $ */ /* * Copyright (c) 2016 Kristaps Dzonsons <kristaps@bsd.lv> @@ -100,7 +100,7 @@ typedef struct { %} -%token AUTHORITY URL API ACCOUNT +%token AUTHORITY URL API ACCOUNT CONTACT %token DOMAIN ALTERNATIVE NAME NAMES CERT FULL CHAIN KEY SIGN WITH CHALLENGEDIR %token YES NO %token INCLUDE @@ -230,6 +230,16 @@ authorityoptsl : API URL STRING { auth->account = s; auth->keytype = $4; } + | CONTACT STRING { + char *s; + if (auth->contact != NULL) { + yyerror("duplicate contact"); + YYERROR; + } + if ((s = strdup($2)) == NULL) + err(EXIT_FAILURE, "strdup"); + auth->contact = s; + } ; domain : DOMAIN STRING { @@ -452,6 +462,7 @@ lookup(char *s) {"certificate", CERT}, {"chain", CHAIN}, {"challengedir", CHALLENGEDIR}, + {"contact", CONTACT}, {"domain", DOMAIN}, {"ecdsa", ECDSA}, {"full", FULL}, |