From: William Lallemand <wlallemand@haproxy.com>
Date: Fri, 7 Nov 2025 08:45:14 +0000 (+0100)
Subject: BUG/MINOR: acme: wrong dns-01 challenge in the log
X-Git-Tag: v3.3-dev12~11
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=3bc90d01d1e223a428b4a4fd3c2c68e9c214d2ce;p=thirdparty%2Fhaproxy.git

BUG/MINOR: acme: wrong dns-01 challenge in the log

Since 861fe532046 ("MINOR: acme: add the dns-01-record field to the
sink"), the dns-01 challenge is output in the dns_record trash, instead
of the global trash.

The send_log string was never updated with this change, and dumps some
data from the global trash instead. Since the last data emitted in the
trash seems to be the dns-01 token from the authorization object, it
looks like the response to the challenge.

This must be backported to 3.2.
---

diff --git a/src/acme.c b/src/acme.c
index 33fec5030..ac8a76dc2 100644
--- a/src/acme.c
+++ b/src/acme.c
@@ -1704,7 +1704,7 @@ int acme_res_auth(struct task *task, struct acme_ctx *ctx, struct acme_auth *aut
 			}
 
 			send_log(NULL, LOG_NOTICE,"acme: %s: dns-01 requires to set the \"_acme-challenge.%.*s\" TXT record to \"%.*s\" and use the \"acme challenge_ready %s domain %.*s\" command over the CLI\n",
-			                                             ctx->store->path, (int)auth->dns.len, auth->dns.ptr, (int)trash.data, trash.area, ctx->store->path, (int)auth->dns.len, auth->dns.ptr);
+			                                             ctx->store->path, (int)auth->dns.len, auth->dns.ptr, (int)dns_record->data, dns_record->area, ctx->store->path, (int)auth->dns.len, auth->dns.ptr);
 
 			/* dump to the "dpapi" sink */
 			line[nmsg++] = ist("acme deploy ");