1
0
Fork 0
mirror of https://github.com/warmcat/libwebsockets.git synced 2025-03-09 00:00:04 +01:00

ACME: fixes

Increase polling time and poll the "order" endpoint instead of the "finalize" endpoint. These changes are required for ACME to work with Let's Encrypt as of 2024.
This commit is contained in:
James Darpinian 2024-06-24 01:44:57 -07:00 committed by Andy Green
parent fdde9119f7
commit 8674bf1585

View file

@ -1125,8 +1125,10 @@ pkt_add_hdrs:
goto pkt_add_hdrs;
case ACME_STATE_POLLING_CSR:
if (ac->goes_around)
break;
if (ac->goes_around) {
strcpy(ac->active_url, ac->order_url);
goto pkt_add_hdrs;
}
lwsl_vhost_notice(vhd->vhost, "Generating ACME CSR... may take a little while");
p += lws_snprintf(p, lws_ptr_diff_size_t(end, p), "{\"csr\":\"");
n = lws_tls_acme_sni_csr_create(vhd->context,
@ -1396,7 +1398,7 @@ poll_again:
lws_acme_report_status(vhd->vhost, LWS_CUS_CHALLENGE,
NULL);
if (ac->goes_around++ == 20) {
if (ac->goes_around++ == 200) {
lwsl_notice("%s: too many chall retries\n",
__func__);
@ -1470,13 +1472,13 @@ poll_again:
goto failed;
}
if (ac->resp != 200) {
if (ac->goes_around++ == 30) {
if (ac->resp != 200 || ac->cert_url[0] == '\0') {
if (ac->goes_around++ == 200) {
lwsl_vhost_warn(vhd->vhost, "Too many retries");
goto failed;
}
strcpy(buf, ac->finalize_url);
strcpy(buf, ac->order_url);
cwsi = lws_acme_client_connect(vhd->context,
vhd->vhost,
&ac->cwsi, &ac->i, buf,