From de0ff358872d90d32d38c1ac6f8ebc3ea6151b9b Mon Sep 17 00:00:00 2001 From: sthen Date: Mon, 7 Oct 2024 23:47:00 +0000 Subject: [PATCH] When acme-client is run with -v, show the account URI from the Location header sent by the server in response to the newAccount API call (used for every cert request). This is useful if you want to set a CAA DNS record restricting issuance to a specific user account, rather than just "all of $whichever_acme_CA". ok florian --- usr.sbin/acme-client/netproc.c | 17 ++++++++++++++--- 1 file changed, 14 insertions(+), 3 deletions(-) diff --git a/usr.sbin/acme-client/netproc.c b/usr.sbin/acme-client/netproc.c index 3b53ccfe527..79dcadf3873 100644 --- a/usr.sbin/acme-client/netproc.c +++ b/usr.sbin/acme-client/netproc.c @@ -1,4 +1,4 @@ -/* $Id: netproc.c,v 1.35 2024/04/28 10:09:25 tb Exp $ */ +/* $Id: netproc.c,v 1.36 2024/10/07 23:47:00 sthen Exp $ */ /* * Copyright (c) 2016 Kristaps Dzonsons * @@ -359,7 +359,7 @@ donewacc(struct conn *c, const struct capaths *p, const char *contact) { struct jsmnn *j = NULL; int rc = 0; - char *req, *detail, *error = NULL; + char *req, *detail, *error = NULL, *accturi = NULL; long lc; if ((req = json_fmt_newacc(contact)) == NULL) @@ -384,6 +384,12 @@ donewacc(struct conn *c, const struct capaths *p, const char *contact) else rc = 1; + if (c->kid != NULL) { + if (stravis(&accturi, c->kid, VIS_SAFE) != -1) + dodbg("account key: %s", accturi); + free(accturi); + } + if (rc == 0 || verbose > 1) buf_dump(&c->buf); free(req); @@ -399,7 +405,7 @@ static int dochkacc(struct conn *c, const struct capaths *p, const char *contact) { int rc = 0; - char *req; + char *req, *accturi = NULL; long lc; if ((req = json_fmt_chkacc()) == NULL) @@ -417,6 +423,11 @@ dochkacc(struct conn *c, const struct capaths *p, const char *contact) if (c->kid == NULL) rc = 0; + else { + if (stravis(&accturi, c->kid, VIS_SAFE) != -1) + dodbg("account key: %s", accturi); + free(accturi); + } if (rc == 0 || verbose > 1) buf_dump(&c->buf); -- 2.20.1