From: William Lallemand Date: Wed, 23 Jul 2025 12:32:18 +0000 (+0200) Subject: BUG/MINOR: acme: allow "processing" in challenge requests X-Git-Tag: v3.3-dev4~38 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=02db0e6b9f5170d419302e202fead72c02887d49;p=thirdparty%2Fhaproxy.git BUG/MINOR: acme: allow "processing" in challenge requests Allow the "processing" status in the challenge object when requesting to do the challenge, in addition to "pending". According to RFC 8555 https://datatracker.ietf.org/doc/html/rfc8555/#section-7.1.6 Challenge objects are created in the "pending" state. They transition to the "processing" state when the client responds to the challenge (see Section 7.5.1) However some CA could respond with a "processing" state without ever transitioning to "pending". Must be backported to 3.2. --- diff --git a/src/acme.c b/src/acme.c index ca3179c8a..33f18420e 100644 --- a/src/acme.c +++ b/src/acme.c @@ -1230,7 +1230,7 @@ enum acme_ret acme_res_challenge(struct task *task, struct acme_ctx *ctx, struct } trash.data = res; - if (strncasecmp("pending", trash.area, trash.data) == 0) { + if (strncasecmp("pending", trash.area, trash.data) == 0 || strncasecmp("processing", trash.area, trash.data) == 0) { if (chk) { /* during challenge chk */ memprintf(errmsg, "challenge status: %.*s", (int)trash.data, trash.area); ret = ACME_RET_RETRY; @@ -1241,16 +1241,10 @@ enum acme_ret acme_res_challenge(struct task *task, struct acme_ctx *ctx, struct } } - /* during challenge check */ if (strncasecmp("valid", trash.area, trash.data) == 0) { ret = ACME_RET_OK; goto out; } - if (strncasecmp("processing", trash.area, trash.data) == 0) { - memprintf(errmsg, "challenge status: %.*s", (int)trash.data, trash.area); - ret = ACME_RET_RETRY; - goto out; - } if (hc->res.status < 200 || hc->res.status >= 300 || mjson_find(hc->res.buf.area, hc->res.buf.data, "$.error", NULL, NULL) == MJSON_TOK_OBJECT) { /* XXX: need a generic URN error parser */