ok!
Florian Obser([email protected]) on 2020.09.14 17:15:37 +0200:
>
> This fell through the cracks back in April.
>
> We need to be able to provide contact information to use the
> buypass.com acme api.
>
> OK?
>
> diff --git etc/examples/acme-client.conf etc/examples/acme-client.conf
> index 32ecd8e8655..40d231725ac 100644
> --- etc/examples/acme-client.conf
> +++ etc/examples/acme-client.conf
> @@ -11,6 +11,18 @@ authority letsencrypt-staging {
> account key "/etc/acme/letsencrypt-staging-privkey.pem"
> }
>
> +authority buypass {
> + api url "https://api.buypass.com/acme/directory";
> + account key "/etc/acme/buypass-privkey.pem"
> + contact "mailto:[email protected]";
> +}
> +
> +authority buypass-test {
> + api url "https://api.test4.buypass.no/acme/directory";
> + account key "/etc/acme/buypass-test-privkey.pem"
> + contact "mailto:[email protected]";
> +}
> +
> domain example.com {
> alternative names { secure.example.com }
> domain key "/etc/ssl/private/example.com.key"
> diff --git usr.sbin/acme-client/acme-client.conf.5
> usr.sbin/acme-client/acme-client.conf.5
> index 08a47a76ab7..41994d13676 100644
> --- usr.sbin/acme-client/acme-client.conf.5
> +++ usr.sbin/acme-client/acme-client.conf.5
> @@ -98,6 +98,11 @@ It defaults to
> Specify the
> .Ar url
> under which the ACME API is reachable.
> +.It Ic contact Ar contact
> +Optional
> +.Ar contact
> +URLs that the authority can use to contact the client for issues related to
> +this account.
> .El
> .Sh DOMAINS
> The certificates to be obtained through ACME.
> diff --git usr.sbin/acme-client/extern.h usr.sbin/acme-client/extern.h
> index 364425b0500..ee341e0950f 100644
> --- usr.sbin/acme-client/extern.h
> +++ usr.sbin/acme-client/extern.h
> @@ -263,7 +263,7 @@ char *json_getstr(struct jsmnn *, const char
> *);
>
> char *json_fmt_newcert(const char *);
> char *json_fmt_chkacc(void);
> -char *json_fmt_newacc(void);
> +char *json_fmt_newacc(const char *);
> char *json_fmt_neworder(const char *const *, size_t);
> char *json_fmt_protected_rsa(const char *,
> const char *, const char *, const char *);
> diff --git usr.sbin/acme-client/json.c usr.sbin/acme-client/json.c
> index a6762eeb258..9201f8d2fc3 100644
> --- usr.sbin/acme-client/json.c
> +++ usr.sbin/acme-client/json.c
> @@ -618,14 +618,24 @@ json_fmt_chkacc(void)
> * Format the "newAccount" resource request.
> */
> char *
> -json_fmt_newacc(void)
> +json_fmt_newacc(const char *contact)
> {
> int c;
> - char *p;
> + char *p, *cnt = NULL;
> +
> + if (contact != NULL) {
> + c = asprintf(&cnt, "\"contact\": [ \"%s\" ], ", contact);
> + if (c == -1) {
> + warn("asprintf");
> + return NULL;
> + }
> + }
>
> c = asprintf(&p, "{"
> + "%s"
> "\"termsOfServiceAgreed\": true"
> - "}");
> + "}", cnt == NULL ? "" : cnt);
> + free(cnt);
> if (c == -1) {
> warn("asprintf");
> p = NULL;
> diff --git usr.sbin/acme-client/netproc.c usr.sbin/acme-client/netproc.c
> index 05e36897c38..4490450003e 100644
> --- usr.sbin/acme-client/netproc.c
> +++ usr.sbin/acme-client/netproc.c
> @@ -369,14 +369,14 @@ sreq(struct conn *c, const char *addr, int kid, const
> char *req, char **loc)
> * Returns non-zero on success.
> */
> static int
> -donewacc(struct conn *c, const struct capaths *p)
> +donewacc(struct conn *c, const struct capaths *p, const char *contact)
> {
> struct jsmnn *j = NULL;
> int rc = 0;
> char *req, *detail, *error = NULL;
> long lc;
>
> - if ((req = json_fmt_newacc()) == NULL)
> + if ((req = json_fmt_newacc(contact)) == NULL)
> warnx("json_fmt_newacc");
> else if ((lc = sreq(c, p->newaccount, 0, req, &c->kid)) < 0)
> warnx("%s: bad comm", p->newaccount);
> @@ -410,7 +410,7 @@ donewacc(struct conn *c, const struct capaths *p)
> * Returns non-zero on success.
> */
> static int
> -dochkacc(struct conn *c, const struct capaths *p)
> +dochkacc(struct conn *c, const struct capaths *p, const char *contact)
> {
> int rc = 0;
> char *req;
> @@ -425,7 +425,7 @@ dochkacc(struct conn *c, const struct capaths *p)
> else if (c->buf.buf == NULL || c->buf.sz == 0)
> warnx("%s: empty response", p->newaccount);
> else if (lc == 400)
> - rc = donewacc(c, p);
> + rc = donewacc(c, p, contact);
> else
> rc = 1;
>
> @@ -755,7 +755,7 @@ netproc(int kfd, int afd, int Cfd, int cfd, int dfd, int
> rfd,
> c.newnonce = paths.newnonce;
>
> /* Check if our account already exists or create it. */
> - if (!dochkacc(&c, &paths))
> + if (!dochkacc(&c, &paths, authority->contact))
> goto out;
>
> /*
> diff --git usr.sbin/acme-client/parse.h usr.sbin/acme-client/parse.h
> index 9de5a490f69..c928a9de7da 100644
> --- usr.sbin/acme-client/parse.h
> +++ usr.sbin/acme-client/parse.h
> @@ -38,6 +38,7 @@ struct authority_c {
> char *api;
> char *account;
> enum keytype keytype;
> + char *contact;
> };
>
> struct domain_c {
> diff --git usr.sbin/acme-client/parse.y usr.sbin/acme-client/parse.y
> index 120f253a63f..c39b922f764 100644
> --- usr.sbin/acme-client/parse.y
> +++ usr.sbin/acme-client/parse.y
> @@ -100,7 +100,7 @@ typedef struct {
>
> %}
>
> -%token AUTHORITY URL API ACCOUNT
> +%token AUTHORITY URL API ACCOUNT CONTACT
> %token DOMAIN ALTERNATIVE NAME NAMES CERT FULL CHAIN KEY SIGN WITH
> CHALLENGEDIR
> %token YES NO
> %token INCLUDE
> @@ -230,6 +230,16 @@ authorityoptsl : API URL STRING {
> auth->account = s;
> auth->keytype = $4;
> }
> + | CONTACT STRING {
> + char *s;
> + if (auth->contact != NULL) {
> + yyerror("duplicate contact");
> + YYERROR;
> + }
> + if ((s = strdup($2)) == NULL)
> + err(EXIT_FAILURE, "strdup");
> + auth->contact = s;
> + }
> ;
>
> domain : DOMAIN STRING {
> @@ -452,6 +462,7 @@ lookup(char *s)
> {"certificate", CERT},
> {"chain", CHAIN},
> {"challengedir", CHALLENGEDIR},
> + {"contact", CONTACT},
> {"domain", DOMAIN},
> {"ecdsa", ECDSA},
> {"full", FULL},
>
>
> --
> I'm not entirely sure you are real.
>
