MINOR: acme: renewal notification over the dpapi sink

Output a sink message when the certificate was renewed by the ACME
client.

The message is emitted on the "dpapi" sink, and ends by \n\0.
Since the message contains this binary character, the right -0 parameter
must be used when consulting the sink over the CLI:

Example:

	$ echo "show events dpapi -nw -0" | socat -t9999 /tmp/haproxy.sock -
	<0>2025-05-19T15:56:23.059755+02:00 acme newcert foobar.pem.rsa\n\0

When used with the master CLI, @@1 should be used instead of @1 in order
to keep the connection to the worker.

Example:

	$ echo "@@1 show events dpapi -nw -0" | socat -t9999 /tmp/master.sock -
	<0>2025-05-19T15:56:23.059755+02:00 acme newcert foobar.pem.rsa\n\0

diff --git a/src/acme.c b/src/acme.c
index 2700adf5f38bdc0f5a08d1308cd6d4c8632e14ba..70bd95e8e4bb8f4e56f3f058cc3de31dab8eec35 100644 (file)
--- a/src/acme.c
+++ b/src/acme.c
@@ -29,6 +29,7 @@
 #include <haproxy/list.h>
 #include <haproxy/log.h>
 #include <haproxy/pattern.h>
+#include <haproxy/sink.h>
 #include <haproxy/ssl_ckch.h>
 #include <haproxy/ssl_sock.h>
 #include <haproxy/ssl_utils.h>
@@ -846,6 +847,8 @@ int acme_update_certificate(struct task *task, struct acme_ctx *ctx, char **errm
        int ret = 1;
        struct ckch_store *old_ckchs, *new_ckchs;
        struct ckch_inst *ckchi;
+       struct sink *dpapi;
+       struct ist line[3];
 
        new_ckchs = ctx->store;
 
@@ -878,6 +881,15 @@ int acme_update_certificate(struct task *task, struct acme_ctx *ctx, char **errm
 
        send_log(NULL, LOG_NOTICE,"acme: %s: Successful update of the certificate.\n", ctx->store->path);
 
+
+       line[0] = ist("acme newcert ");
+       line[1] = ist(ctx->store->path);
+       line[2] = ist("\n\0");
+
+       dpapi = sink_find("dpapi");
+       if (dpapi)
+               sink_write(dpapi, LOG_HEADER_NONE, 0, line, 3);
+
        ctx->store = NULL;
 
        ret = 0;