pogpp/lego
1
0
Fork 0
forked from TrueCloudLab/lego
Code Pull requests Activity

Fix missing issuer certificates from Let's Encrypt (#587)

Browse source
This commit is contained in:
Bill Shupp 2018-06-30 17:35:39 -07:00 committed by Ludovic Fernandez
parent 3a1c6202f6
commit e0d512138c
1 changed files with 11 additions and 2 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

13
acme/client.go
View file

@ -5,6 +5,7 @@ import (
"crypto" "crypto"
"crypto/x509" "crypto/x509"
"encoding/base64" "encoding/base64"
"encoding/pem"
"errors" "errors"
"fmt" "fmt"
"io/ioutil" "io/ioutil"
@ -762,8 +763,9 @@ func (c *Client) checkCertResponse(order orderMessage, certRes *CertificateResou
return false, err return false, err
} }
// The issuer certificate link is always supplied via an "up" link // The issuer certificate link may be supplied via an "up" link
// in the response headers of a new certificate. // in the response headers of a new certificate. See
// https://tools.ietf.org/html/draft-ietf-acme-acme-12#section-7.4.2
links := parseLinks(resp.Header["Link"]) links := parseLinks(resp.Header["Link"])
if link, ok := links["up"]; ok { if link, ok := links["up"]; ok {
issuerCert, err := c.getIssuerCertificate(link) issuerCert, err := c.getIssuerCertificate(link)
@ -782,6 +784,13 @@ func (c *Client) checkCertResponse(order orderMessage, certRes *CertificateResou
certRes.IssuerCertificate = issuerCert certRes.IssuerCertificate = issuerCert
} }
} else {
// Get issuerCert from bundled response from Let's Encrypt
// See https://community.letsencrypt.org/t/acme-v2-no-up-link-in-response/64962
_, rest := pem.Decode(cert)
if rest != nil {
certRes.IssuerCertificate = rest
}
} }
certRes.Certificate = cert certRes.Certificate = cert