From: William Lallemand <wlallemand@haproxy.com>
Date: Fri, 21 Nov 2025 11:10:21 +0000 (+0100)
Subject: BUG/MINOR: acme: handle multiple auth with the same name
X-Git-Tag: v3.3-dev14~2
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=26093121a33fb6f84c21ffb21e70a9432a63e70e;p=thirdparty%2Fhaproxy.git

BUG/MINOR: acme: handle multiple auth with the same name

In case of the dns-01 challenge, it is possible to have a domain
"example.com" and "*.example.com" in the same request. This will create
2 different auth objects, which need 2 different challenges.

However the associated domain is "example.com" for both auth objects.

When doing a "challenge_ready", the algorithm will break at the first
domain found. But since you can have multiple time the same domain in
this case, breaking at the first one prevent to have all auth objects in
a ready state.

This patch just remove the break so we can loop on every auth objects.

Must be backported to 3.2.
---

diff --git a/src/acme.c b/src/acme.c
index f649ba72f..787f3612e 100644
--- a/src/acme.c
+++ b/src/acme.c
@@ -2890,7 +2890,6 @@ static int cli_acme_chall_ready_parse(char **args, char *payload, struct appctx
 				} else {
 					memprintf(&errmsg, "ACME challenge for crt \"%s\" and dns \"%s\" was already READY !\n", crt, dns);
 				}
-				break;
 			}
 			auth = auth->next;
 		}