shithub: riscv

Download patch

ref: aebf92224f1977cfac6fae779d5c288e16afcebd
parent: 3f2a206151367ccf516f931aa2413d72e1c9951f
author: cinap_lenrek <cinap_lenrek@felloff.net>
date: Sat Oct 30 22:16:17 EDT 2021 

acmed: pass original utf8 subject domain to challengefn, simplify

try to keep everything in utf8 format.


--- a/sys/src/cmd/auth/acmed.c
+++ b/sys/src/cmd/auth/acmed.c
@@ -405,6 +405,15 @@
 	keyid = loc.val;
 }
 
+static char*
+idn(char *dom)
+{
+	static char buf[256];
+	if(utf2idn(dom, buf, sizeof(buf)) >= 0)
+		return buf;
+	return dom;
+}
+
 static JSON*
 submitorder(char **dom, int ndom, Hdr *hdr)
 {
@@ -422,7 +431,7 @@
 			"  \"type\": \"dns\","
 			"  \"value\": \"%E\""
 			"}",
-			sep, dom[i]);
+			sep, idn(dom[i]));
 		sep = ",";
 	}
 	req = seprint(req, rbuf+sizeof(rbuf),
@@ -555,6 +564,16 @@
 	char *resp;
 	int i, nresp;
 
+	if((ty = jsonbyname(j, "type")) == nil)
+		return -1;
+	if((url = jsonbyname(j, "url")) == nil)
+		return -1;
+	if((tok = jsonbyname(j, "token")) == nil)
+		return -1;
+
+	if(ty->t != JSONString || url->t != JSONString || tok->t != JSONString)
+		return -1;
+
 	if((dn = jsonbyname(id, "value")) == nil)
 		return -1;
 	if(dn->t != JSONString)
@@ -562,7 +581,7 @@
 
 	/* make sure the identifier matches the csr */
 	for(i = 0; i < ndom; i++){
-		if(cistrcmp(dom[i], dn->s) == 0)
+		if(cistrcmp(idn(dom[i]), dn->s) == 0)
 			break;
 	}
 	if(i >= ndom){
@@ -570,18 +589,8 @@
 		return -1;
 	}
 
-	if((ty = jsonbyname(j, "type")) == nil)
-		return -1;
-	if((url = jsonbyname(j, "url")) == nil)
-		return -1;
-	if((tok = jsonbyname(j, "token")) == nil)
-		return -1;
-
-	if(ty->t != JSONString || url->t != JSONString || tok->t != JSONString)
-		return -1;
-
-	dprint("trying challenge %s\n", ty->s);
-	if(challengefn(ty->s, dn->s, tok->s, matched) == -1){
+	dprint("trying challenge %s for %s (%s)\n", ty->s, dom[i], dn->s);
+	if(challengefn(ty->s, dom[i], tok->s, matched) == -1){
 		dprint("challengefn failed: %r\n");
 		return -1;
 	}
@@ -743,7 +752,7 @@
 {
 	char *csr, *dom[64], subj[2048];
 	uchar *der;
-	int nder, i, ndom, fd;
+	int nder, ndom, fd;
 	RSApub *rsa;
 	Hdr loc = { "location" };
 	JSON *o;
@@ -765,14 +774,6 @@
 	if((ndom = getfields(subj, dom, nelem(dom), 1, ", ")) == nelem(dom))
 		sysfatal("too man domains");
 
-	for(i = 0; i < ndom; i++){
-		char buf[256], *s = dom[i];
-		if(utf2idn(s, buf, sizeof(buf)) >= 0)
-			s = buf;
-		dprint("dom[%d]: %s\n", i, s);
-		dom[i] = strdup(s);
-	}
-
 	if((o = submitorder(dom, ndom, &loc)) == nil)
 		sysfatal("order: %r");
 	if(dochallenges(dom, ndom, o) == -1)
@@ -783,8 +784,6 @@
 	if(fetchcert(loc.val) == -1)
 		sysfatal("saving cert: %r");
 
-	for(i = 0; i < ndom; i++)
-		free(dom[i]);
 	free(csr);
 }