From: William Lallemand <wlallemand@haproxy.com>
Date: Fri, 21 Nov 2025 11:25:42 +0000 (+0100)
Subject: BUG/MINOR: acme: prevent creating map entries with dns-01
X-Git-Tag: v3.3-dev14~1
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=548e7079cd4edb3f386def3fede6ce6d876de347;p=thirdparty%2Fhaproxy.git

BUG/MINOR: acme: prevent creating map entries with dns-01

We don't need map entries with dns-01.

The patch must be backported to 3.2.
---

diff --git a/src/acme.c b/src/acme.c
index 787f3612e..1383b7169 100644
--- a/src/acme.c
+++ b/src/acme.c
@@ -1752,12 +1752,12 @@ int acme_res_auth(struct task *task, struct acme_ctx *ctx, struct acme_auth *aut
 			dpapi = sink_find("dpapi");
 			if (dpapi)
 				sink_write(dpapi, LOG_HEADER_NONE, 0, line, nmsg);
-		}
-
-		/* only useful for http-01 */
-		if (acme_add_challenge_map(ctx->cfg->map, auth->token.ptr, ctx->cfg->account.thumbprint, errmsg) != 0) {
-			memprintf(errmsg, "couldn't add the token to the '%s' map: %s", ctx->cfg->map, *errmsg);
-			goto error;
+		} else {
+			/* only useful for http-01 */
+			if (acme_add_challenge_map(ctx->cfg->map, auth->token.ptr, ctx->cfg->account.thumbprint, errmsg) != 0) {
+				memprintf(errmsg, "couldn't add the token to the '%s' map: %s", ctx->cfg->map, *errmsg);
+				goto error;
+			}
 		}
 
 		/* we only need one challenge, and iteration is only used to found the right one */