From cc923713f6f1f1765bd5c07146596e59f0eb9e2f Mon Sep 17 00:00:00 2001 From: Andrew Lytvynov Date: Wed, 19 Feb 2025 10:42:06 -0800 Subject: [PATCH] tempfork/acme: pull in latest changes for Go 1.24 (#15062) https://github.com/tailscale/golang-x-crypto/commit/9a281fd8facad954dae80ef984c5d5d763f8ff91 Updates #15015 Signed-off-by: Andrew Lytvynov --- go.mod | 2 +- go.sum | 4 ++-- tempfork/acme/acme.go | 6 +++++- tempfork/acme/acme_test.go | 2 +- tempfork/acme/http.go | 21 ++++++++++++++++++++- tempfork/acme/types.go | 13 ++++++++++++- 6 files changed, 41 insertions(+), 7 deletions(-) diff --git a/go.mod b/go.mod index 0845008bb..c926e8428 100644 --- a/go.mod +++ b/go.mod @@ -74,7 +74,7 @@ require ( github.com/tailscale/certstore v0.1.1-0.20231202035212-d3fa0460f47e github.com/tailscale/depaware v0.0.0-20250112153213-b748de04d81b github.com/tailscale/goexpect v0.0.0-20210902213824-6e8c725cea41 - github.com/tailscale/golang-x-crypto v0.0.0-20240604161659-3fde5e568aa4 + github.com/tailscale/golang-x-crypto v0.0.0-20250218230618-9a281fd8faca github.com/tailscale/goupnp v1.0.1-0.20210804011211-c64d0f06ea05 github.com/tailscale/hujson v0.0.0-20221223112325-20486734a56a github.com/tailscale/mkctr v0.0.0-20250110151924-54977352e4a6 diff --git a/go.sum b/go.sum index 7be4c3eaf..be5fc57bc 100644 --- a/go.sum +++ b/go.sum @@ -900,8 +900,8 @@ github.com/tailscale/go-winio v0.0.0-20231025203758-c4f33415bf55 h1:Gzfnfk2TWrk8 github.com/tailscale/go-winio v0.0.0-20231025203758-c4f33415bf55/go.mod h1:4k4QO+dQ3R5FofL+SanAUZe+/QfeK0+OIuwDIRu2vSg= github.com/tailscale/goexpect v0.0.0-20210902213824-6e8c725cea41 h1:/V2rCMMWcsjYaYO2MeovLw+ClP63OtXgCF2Y1eb8+Ns= github.com/tailscale/goexpect v0.0.0-20210902213824-6e8c725cea41/go.mod h1:/roCdA6gg6lQyw/Oz6gIIGu3ggJKYhF+WC/AQReE5XQ= -github.com/tailscale/golang-x-crypto v0.0.0-20240604161659-3fde5e568aa4 h1:rXZGgEa+k2vJM8xT0PoSKfVXwFGPQ3z3CJfmnHJkZZw= -github.com/tailscale/golang-x-crypto v0.0.0-20240604161659-3fde5e568aa4/go.mod h1:ikbF+YT089eInTp9f2vmvy4+ZVnW5hzX1q2WknxSprQ= +github.com/tailscale/golang-x-crypto v0.0.0-20250218230618-9a281fd8faca h1:ecjHwH73Yvqf/oIdQ2vxAX+zc6caQsYdPzsxNW1J3G8= +github.com/tailscale/golang-x-crypto v0.0.0-20250218230618-9a281fd8faca/go.mod h1:ikbF+YT089eInTp9f2vmvy4+ZVnW5hzX1q2WknxSprQ= github.com/tailscale/goupnp v1.0.1-0.20210804011211-c64d0f06ea05 h1:4chzWmimtJPxRs2O36yuGRW3f9SYV+bMTTvMBI0EKio= github.com/tailscale/goupnp v1.0.1-0.20210804011211-c64d0f06ea05/go.mod h1:PdCqy9JzfWMJf1H5UJW2ip33/d4YkoKN0r67yKH1mG8= github.com/tailscale/hujson v0.0.0-20221223112325-20486734a56a h1:SJy1Pu0eH1C29XwJucQo73FrleVK6t4kYz4NVhp34Yw= diff --git a/tempfork/acme/acme.go b/tempfork/acme/acme.go index 8bc2ac16e..94234efe3 100644 --- a/tempfork/acme/acme.go +++ b/tempfork/acme/acme.go @@ -557,7 +557,11 @@ func (c *Client) Accept(ctx context.Context, chal *Challenge) (*Challenge, error return nil, err } - res, err := c.post(ctx, nil, chal.URI, json.RawMessage("{}"), wantStatus( + payload := json.RawMessage("{}") + if len(chal.Payload) != 0 { + payload = chal.Payload + } + res, err := c.post(ctx, nil, chal.URI, payload, wantStatus( http.StatusOK, // according to the spec http.StatusAccepted, // Let's Encrypt: see https://goo.gl/WsJ7VT (acme-divergences.md) )) diff --git a/tempfork/acme/acme_test.go b/tempfork/acme/acme_test.go index dcd214896..5473bbc2b 100644 --- a/tempfork/acme/acme_test.go +++ b/tempfork/acme/acme_test.go @@ -875,7 +875,7 @@ func TestTLSALPN01ChallengeCert(t *testing.T) { } func TestTLSChallengeCertOpt(t *testing.T) { - key, err := rsa.GenerateKey(rand.Reader, 512) + key, err := rsa.GenerateKey(rand.Reader, 1024) if err != nil { t.Fatal(err) } diff --git a/tempfork/acme/http.go b/tempfork/acme/http.go index 58836e5d3..d92ff232f 100644 --- a/tempfork/acme/http.go +++ b/tempfork/acme/http.go @@ -15,6 +15,7 @@ import ( "io" "math/big" "net/http" + "runtime/debug" "strconv" "strings" "time" @@ -271,9 +272,27 @@ func (c *Client) httpClient() *http.Client { } // packageVersion is the version of the module that contains this package, for -// sending as part of the User-Agent header. It's set in version_go112.go. +// sending as part of the User-Agent header. var packageVersion string +func init() { + // Set packageVersion if the binary was built in modules mode and x/crypto + // was not replaced with a different module. + info, ok := debug.ReadBuildInfo() + if !ok { + return + } + for _, m := range info.Deps { + if m.Path != "golang.org/x/crypto" { + continue + } + if m.Replace == nil { + packageVersion = m.Version + } + break + } +} + // userAgent returns the User-Agent header value. It includes the package name, // the module version (if available), and the c.UserAgent value (if set). func (c *Client) userAgent() string { diff --git a/tempfork/acme/types.go b/tempfork/acme/types.go index 9fad800b4..518fa2440 100644 --- a/tempfork/acme/types.go +++ b/tempfork/acme/types.go @@ -7,6 +7,7 @@ package acme import ( "crypto" "crypto/x509" + "encoding/json" "errors" "fmt" "net/http" @@ -292,7 +293,7 @@ type Directory struct { // Renewal Information (ARI) Extension. RenewalInfoURL string - // Term is a URI identifying the current terms of service. + // Terms is a URI identifying the current terms of service. Terms string // Website is an HTTP or HTTPS URL locating a website @@ -531,6 +532,16 @@ type Challenge struct { // when this challenge was used. // The type of a non-nil value is *Error. Error error + + // Payload is the JSON-formatted payload that the client sends + // to the server to indicate it is ready to respond to the challenge. + // When unset, it defaults to an empty JSON object: {}. + // For most challenges, the client must not set Payload, + // see https://tools.ietf.org/html/rfc8555#section-7.5.1. + // Payload is used only for newer challenges (such as "device-attest-01") + // where the client must send additional data for the server to validate + // the challenge. + Payload json.RawMessage } // wireChallenge is ACME JSON challenge representation.