order state before submitting to finalize

PKISharp / ACMESharpCore

An ACME v2 client library for .NET Standard (Let's Encrypt)

MIT License

325 stars 72 forks source link

order state before submitting to finalize #26

Open dolphinsd opened 5 years ago

dolphinsd commented 5 years ago

Per the docs, order should be in Ready state before finalization. See https://tools.ietf.org/html/draft-ietf-acme-acme-12#section-7.1.3

The code in AcmeHostedServices checks for PendingState, not readystate.

if (AcmeState.PendingStatus == _state.Order.Payload.Status) { _logger.LogInformation("Generating CSR");

WouterTinus commented 4 years ago

I'm not familiar with the section of code that you are referring to, but "Generating CSR" suggests that that the order cannot possibly be "ready" yet, because the CSR has to be submitted before the certificate can be generated.

dolphinsd commented 4 years ago

@WouterTinus , the code is from AcmeHostedServices sample, search for "Generating CSR" We traced the steps, and in our case, order is in ReadyState before generating csr. Check the states in the docs for explanation.

WouterTinus commented 4 years ago

You are right, this looks like a bug. Probably it works fine as long as the locally cached order object is not updated after submitting the authorization response(s), except when all host names just happened to have valid authorizations already (i.e. from a previous run) and so the new order immediately gets to the ready state.

omnibasissupport commented 4 years ago