Browse Source

Fix for fetching alt root certs

master
Isaac 2 years ago
parent
commit
d96775356a
  1. 12
      certificate.go
  2. 30
      certificate_test.go

12
certificate.go

@ -67,12 +67,16 @@ func (c Client) FetchAllCertificates(account Account, certificateURL string) (ma
alternates := fetchLinks(resp, "alternate")
for _, v := range alternates {
altCertChain, err := c.decodeCertificateChain(body, resp, account)
for _, altURL := range alternates {
altResp, altBody, err := c.postRaw(0, altURL, account.URL, account.PrivateKey, "", []int{http.StatusOK})
if err != nil {
return certs, fmt.Errorf("acme: error fetching alt cert chain at %q - %v", v, err)
return certs, fmt.Errorf("acme: error fetching alt cert chain at %q - %v", altURL, err)
}
certs[v] = altCertChain
altCertChain, err := c.decodeCertificateChain(altBody, altResp, account)
if err != nil {
return certs, fmt.Errorf("acme: error decoding alt cert chain at %q - %v", altURL, err)
}
certs[altURL] = altCertChain
}
return certs, nil

30
certificate_test.go

@ -1,8 +1,6 @@
package acme
import (
"os"
"strconv"
"testing"
)
@ -26,10 +24,6 @@ func TestClient_FetchCertificates(t *testing.T) {
}
func TestClient_FetchAllCertificates(t *testing.T) {
if testClientMeta.Software == clientBoulder {
t.Skip("boulder doesnt support alt cert chains: https://github.com/letsencrypt/boulder/issues/4567")
return
}
account, order, _ := makeOrderFinalised(t, nil)
if order.Certificate == "" {
t.Fatalf("no certificate: %+v", order)
@ -38,16 +32,22 @@ func TestClient_FetchAllCertificates(t *testing.T) {
if err != nil {
t.Fatalf("expeceted no error, got: %v", err)
}
roots, ok := os.LookupEnv("PEBBLE_ALTERNATE_ROOTS")
if !ok {
return
}
numRoots, err := strconv.Atoi(roots)
if err != nil {
panic(err)
if len(certs) == 1 {
t.Skip("no alternative root certificates")
}
if numRoots > 0 && len(certs) <= numRoots {
t.Fatalf("expected > %d cert chains, got: %d", numRoots, len(certs))
for url1, certs1 := range certs {
for url2, certs2 := range certs {
if url2 == url1 {
continue
}
root1 := certs1[len(certs1)-1].Issuer.String()
root2 := certs2[len(certs2)-1].Issuer.String()
if root1 == root2 {
t.Fatalf("same root on cetificates: %s", root1)
}
}
}
}

Loading…
Cancel
Save