[pve-devel] [PATCH manager] fix #2784: always compare ACME domains in lower case

Wed, 17 Jun 2020 02:16:16 -0700 

otherwise the ACME endpoint might return the ordered domain in lower
case and we fail to find our plugin config.

Signed-off-by: Fabian Grünbichler <f.gruenbich...@proxmox.com>
---
 PVE/API2/ACME.pm  | 4 +++-
 PVE/NodeConfig.pm | 9 ++++++++-
 2 files changed, 11 insertions(+), 2 deletions(-)

diff --git a/PVE/API2/ACME.pm b/PVE/API2/ACME.pm
index c7d6e7e9..f4049db0 100644
--- a/PVE/API2/ACME.pm
+++ b/PVE/API2/ACME.pm
@@ -56,7 +56,9 @@ my $order_certificate = sub {
     for my $auth_url (@{$order->{authorizations}}) {
        print "\nGetting authorization details from '$auth_url'\n";
        my $auth = $acme->get_authorization($auth_url);
-       my $domain = $auth->{identifier}->{value};
+
+       # force lower case, like get_acme_conf does
+       my $domain = lc($auth->{identifier}->{value});
        if ($auth->{status} eq 'valid') {
            print "$domain is already validated!\n";
        } else {
diff --git a/PVE/NodeConfig.pm b/PVE/NodeConfig.pm
index af726b15..ad49e288 100644
--- a/PVE/NodeConfig.pm
+++ b/PVE/NodeConfig.pm
@@ -236,6 +236,9 @@ sub write_node_config {
     return $raw;
 }
 
+# we always convert domain values to lower case, since DNS entries are not case
+# sensitive and ACME implementations might convert the ordered identifiers
+# to lower case
 sub get_acme_conf {
     my ($node_conf, $noerr) = @_;
 
@@ -253,6 +256,10 @@ sub get_acme_conf {
        my $standalone_domains = delete($res->{domains}) // '';
        $res->{domains} = {};
        for my $domain (split(";", $standalone_domains)) {
+           $domain = lc($domain);
+           die "duplicate domain '$domain' in ACME config properties\n"
+               if defined($res->{domains}->{$domain});
+
            $res->{domains}->{$domain}->{plugin} = 'standalone';
            $res->{domains}->{$domain}->{_configkey} = 'acme';
        }
@@ -271,7 +278,7 @@ sub get_acme_conf {
            return undef if $noerr;
            die $err;
        }
-       my $domain = delete $parsed->{domain};
+       my $domain = lc(delete $parsed->{domain});
        if (my $exists = $res->{domains}->{$domain}) {
            return undef if $noerr;
            die "duplicate domain '$domain' in ACME config properties"
-- 
2.20.1


_______________________________________________
pve-devel mailing list
pve-devel@pve.proxmox.com
https://pve.proxmox.com/cgi-bin/mailman/listinfo/pve-devel

Reply via email to