From 952d12825c2c480a839680d3c2ca0bd67a46aaac Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?P=C5=99emysl=20Janouch?= Date: Tue, 16 May 2017 20:13:29 +0200 Subject: [PATCH] Future proofing on Let's Encrypt --- acme-tinier.pl | 16 ++++++++++------ 1 file changed, 10 insertions(+), 6 deletions(-) diff --git a/acme-tinier.pl b/acme-tinier.pl index 22fd443..a09f112 100755 --- a/acme-tinier.pl +++ b/acme-tinier.pl @@ -2,6 +2,9 @@ # This is a simplified rewrite of acme-tiny in Perl, since Python 3 is 125 MiB # but Perl is everywhere and JSON::PP mostly in default installations. # Depends on curl and openssl. +# +# TODO: eventually the ACME protocol will stabilize: +# https://github.com/ietf-wg-acme/acme/blob/master/draft-ietf-acme-acme.md use strict; use warnings; use MIME::Base64 qw(encode_base64 encode_base64url); @@ -46,7 +49,7 @@ sub communicate { return $resp; } -# Use cURL to download a file over HTTPS but parse it ourselves +# Use cURL to download a file over HTTPS but parse it ourselves (quite silly) sub get { my ($url, $data) = @_; my @args = ('curl', '-sS', '-D-', '-H', 'Expect:'); @@ -55,7 +58,7 @@ sub get { die 'cannot download' if $? >> 8; my ($code, $headers, $body) = $resp =~ m#\AHTTP/\d\.\d (\d+) .*?\r\n(.*?)\r\n\r\n(.*)#sm; - return ($code, $body, { $headers =~ /(\S+?): (.*)$/mg }) + return ($code, $body, { $headers =~ /(\S+?): (.*)\r\n/mg }) } # Make a signed request to an ACME endpoint @@ -87,11 +90,12 @@ push @domains, map { substr $_, 4 } grep { /^DNS:/ } split(/, /) for $csr =~ /X509v3 Subject Alternative Name: \n +([^\n]+)\n/g; # Get certificate domains and expiration -# FIXME: don't hardcode the agreement, that may stop working -my ($code, $result) = send_signed("$ca/acme/new-reg", { +my ($code, $result, $headers) = get "$ca/terms"; +($code, $result) = send_signed("$ca/acme/new-reg", { resource => 'new-reg', - agreement => 'https://letsencrypt.org/documents/' - . 'LE-SA-v1.1.1-August-1-2016.pdf' + agreement => ($code == 302 && exists $headers->{Location}) + ? $headers->{Location} + : 'https://letsencrypt.org/documents/LE-SA-v1.1.1-August-1-2016.pdf' }); die "cannot register: $code" if $code != 201 && $code != 409;