Future proofing on Let's Encrypt
This commit is contained in:
parent
25b48baa79
commit
952d12825c
@ -2,6 +2,9 @@
|
|||||||
# This is a simplified rewrite of acme-tiny in Perl, since Python 3 is 125 MiB
|
# This is a simplified rewrite of acme-tiny in Perl, since Python 3 is 125 MiB
|
||||||
# but Perl is everywhere and JSON::PP mostly in default installations.
|
# but Perl is everywhere and JSON::PP mostly in default installations.
|
||||||
# Depends on curl and openssl.
|
# Depends on curl and openssl.
|
||||||
|
#
|
||||||
|
# TODO: eventually the ACME protocol will stabilize:
|
||||||
|
# https://github.com/ietf-wg-acme/acme/blob/master/draft-ietf-acme-acme.md
|
||||||
use strict;
|
use strict;
|
||||||
use warnings;
|
use warnings;
|
||||||
use MIME::Base64 qw(encode_base64 encode_base64url);
|
use MIME::Base64 qw(encode_base64 encode_base64url);
|
||||||
@ -46,7 +49,7 @@ sub communicate {
|
|||||||
return $resp;
|
return $resp;
|
||||||
}
|
}
|
||||||
|
|
||||||
# Use cURL to download a file over HTTPS but parse it ourselves
|
# Use cURL to download a file over HTTPS but parse it ourselves (quite silly)
|
||||||
sub get {
|
sub get {
|
||||||
my ($url, $data) = @_;
|
my ($url, $data) = @_;
|
||||||
my @args = ('curl', '-sS', '-D-', '-H', 'Expect:');
|
my @args = ('curl', '-sS', '-D-', '-H', 'Expect:');
|
||||||
@ -55,7 +58,7 @@ sub get {
|
|||||||
die 'cannot download' if $? >> 8;
|
die 'cannot download' if $? >> 8;
|
||||||
my ($code, $headers, $body) =
|
my ($code, $headers, $body) =
|
||||||
$resp =~ m#\AHTTP/\d\.\d (\d+) .*?\r\n(.*?)\r\n\r\n(.*)#sm;
|
$resp =~ m#\AHTTP/\d\.\d (\d+) .*?\r\n(.*?)\r\n\r\n(.*)#sm;
|
||||||
return ($code, $body, { $headers =~ /(\S+?): (.*)$/mg })
|
return ($code, $body, { $headers =~ /(\S+?): (.*)\r\n/mg })
|
||||||
}
|
}
|
||||||
|
|
||||||
# Make a signed request to an ACME endpoint
|
# Make a signed request to an ACME endpoint
|
||||||
@ -87,11 +90,12 @@ push @domains, map { substr $_, 4 } grep { /^DNS:/ } split(/, /)
|
|||||||
for $csr =~ /X509v3 Subject Alternative Name: \n +([^\n]+)\n/g;
|
for $csr =~ /X509v3 Subject Alternative Name: \n +([^\n]+)\n/g;
|
||||||
|
|
||||||
# Get certificate domains and expiration
|
# Get certificate domains and expiration
|
||||||
# FIXME: don't hardcode the agreement, that may stop working
|
my ($code, $result, $headers) = get "$ca/terms";
|
||||||
my ($code, $result) = send_signed("$ca/acme/new-reg", {
|
($code, $result) = send_signed("$ca/acme/new-reg", {
|
||||||
resource => 'new-reg',
|
resource => 'new-reg',
|
||||||
agreement => 'https://letsencrypt.org/documents/'
|
agreement => ($code == 302 && exists $headers->{Location})
|
||||||
. 'LE-SA-v1.1.1-August-1-2016.pdf'
|
? $headers->{Location}
|
||||||
|
: 'https://letsencrypt.org/documents/LE-SA-v1.1.1-August-1-2016.pdf'
|
||||||
});
|
});
|
||||||
die "cannot register: $code" if $code != 201 && $code != 409;
|
die "cannot register: $code" if $code != 201 && $code != 409;
|
||||||
|
|
||||||
|
Reference in New Issue
Block a user