Browse Source

Clean the hooks right after the current challenge has been validated

Cleaning hooks after the certificate has been retrieved is a mistake
since a failure somewhere in the process will prevent all called hook to
be cleaned. With the current implementation, only the currently failed
hook is left without being cleaned.
pull/5/head
Rodolphe Breard 6 years ago
parent
commit
75f79bcef5
  1. 3
      CHANGELOG.md
  2. 8
      acmed/src/acme_proto.rs

3
CHANGELOG.md

@ -18,6 +18,9 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
### Added ### Added
- Hooks now have the optional `allow_failure` field. - Hooks now have the optional `allow_failure` field.
### Changed
- Hooks are now cleaned right after the current challenge has been validated instead of after the certificate's retrieval.
### Fixed ### Fixed
- The http-01-echo hook now correctly sets the file's access rights - The http-01-echo hook now correctly sets the file's access rights

8
acmed/src/acme_proto.rs

@ -142,6 +142,10 @@ pub fn request_certificate(cert: &Certificate, root_certs: &[String]) -> Result<
let (_, new_nonce): (Authorization, String) = let (_, new_nonce): (Authorization, String) =
http::pool_obj(root_certs, &auth_url, &data_builder, &break_fn, &nonce)?; http::pool_obj(root_certs, &auth_url, &data_builder, &break_fn, &nonce)?;
nonce = new_nonce; nonce = new_nonce;
for (data, hook_type) in hook_datas.iter() {
cert.call_challenge_hooks_clean(&data, (*hook_type).to_owned())?;
}
hook_datas.clear();
} }
// 10. Pool the order in order to see whether or not it is ready // 10. Pool the order in order to see whether or not it is ready
@ -174,10 +178,6 @@ pub fn request_certificate(cert: &Certificate, root_certs: &[String]) -> Result<
let (crt, _) = http::get_certificate(root_certs, &crt_url, &data_builder, &nonce)?; let (crt, _) = http::get_certificate(root_certs, &crt_url, &data_builder, &nonce)?;
storage::write_certificate(cert, &crt.as_bytes())?; storage::write_certificate(cert, &crt.as_bytes())?;
for (data, hook_type) in hook_datas.iter() {
cert.call_challenge_hooks_clean(&data, (*hook_type).to_owned())?;
}
info!("Certificate renewed for {}", domains.join(", ")); info!("Certificate renewed for {}", domains.join(", "));
Ok(()) Ok(())
} }
Loading…
Cancel
Save