search

letsencrypt / challtestsrv

Small TEST-ONLY server for mock DNS & responding to HTTP-01, DNS-01, and TLS-ALPN-01 ACME challenges.
Mozilla Public License 2.0
18 stars 20 forks source link

Perform keyauth hashing in AddDNSOneChallenge, add ACME prefix #8

Open cpu opened 5 years ago

cpu commented 5 years ago

Presently the AddDNSOneChallenge function is quite simple and adds the provided content under the provided host:

https://github.com/letsencrypt/challtestsrv/blob/285efd6fac122954c72d2f32bf1f6e3f7c50ffb5/dnsone.go#L9-L15

That means callers have to add the _acme-challenge. prefix for RFC 8555 DNS-01 challenges to the host themselves. They're also responsible for hashing the key authorization for the content argument.

Since this is a function specifically for DNS-01 it should do more of this work automatically. This is an API breaking change and will need to bump the release accordingly.

cpu commented 5 years ago

It would probably be worthwhile to take this as a chance to holistically review the whole API and make similar improvements for TLS-ALPN-01 and HTTP-01 as appropriate. I think there could also be some consistency changes made in naming.