Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Possible undefined behavoir regarding to RFC 8555 #4442

Closed
glatzert opened this issue Dec 19, 2022 · 1 comment
Closed

Possible undefined behavoir regarding to RFC 8555 #4442

glatzert opened this issue Dec 19, 2022 · 1 comment

Comments

@glatzert
Copy link

glatzert commented Dec 19, 2022
edited
Loading

As maintainer of an acme-server component, an issue has been brought to my attention, which seems to orgininate here:
https://github.com/acmesh-official/acme.sh/blob/master/acme.sh#L5032

The aforementioned line of code is responsible to request the current state of a challenge, which seems to be undefined behavior regarding to RFC8555. The RFC suggests, clients will use the authorization url to request the current state of the authorization process (https://www.rfc-editor.org/rfc/rfc8555#section-7.5.1).
The challenge url is used to signal, which challenge should be processed only - not to request the state of that particular challenge.

The original issue was raised here: glatzert/ACME-Server-ADCS#8 - it contains the debug log as well.
@acmesh-official acmesh-official deleted a comment from github-actions bot Jan 4, 2023
Neilpang pushed a commit that referenced this issue Jul 8, 2023
fix bug #4442
3761fb4
@Neilpang
Copy link
Member

Neilpang commented Jul 8, 2023

thanks for your info. it's fixed now.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@Neilpang @glatzert