diff --git a/acme/api/api.go b/acme/api/api.go index f4a52f26..5fa51d63 100644 --- a/acme/api/api.go +++ b/acme/api/api.go @@ -71,7 +71,7 @@ func (a *Core) post(uri string, reqBody, response interface{}) (*http.Response, } // postAsGet performs an HTTP POST ("POST-as-GET") request. -// https://tools.ietf.org/html/draft-ietf-acme-acme-16#section-6.3 +// https://tools.ietf.org/html/rfc8555#section-6.3 func (a *Core) postAsGet(uri string, response interface{}) (*http.Response, error) { return a.retrievablePost(uri, []byte{}, response) } diff --git a/acme/api/certificate.go b/acme/api/certificate.go index 279e9da2..51e0aae6 100644 --- a/acme/api/certificate.go +++ b/acme/api/certificate.go @@ -71,7 +71,7 @@ func (c *CertificateService) get(certURL string) ([]byte, string, error) { // The issuer certificate link may be supplied via an "up" link // in the response headers of a new certificate. - // See https://tools.ietf.org/html/draft-ietf-acme-acme-12#section-7.4.2 + // See https://tools.ietf.org/html/rfc8555#section-7.4.2 up := getLink(resp.Header, "up") return cert, up, err diff --git a/acme/commons.go b/acme/commons.go index c4493696..52a991bb 100644 --- a/acme/commons.go +++ b/acme/commons.go @@ -1,5 +1,5 @@ // Package acme contains all objects related the ACME endpoints. -// https://tools.ietf.org/html/draft-ietf-acme-acme-16 +// https://tools.ietf.org/html/rfc8555 package acme import ( @@ -8,7 +8,7 @@ import ( ) // Challenge statuses -// https://tools.ietf.org/html/draft-ietf-acme-acme-16#section-7.1.6 +// https://tools.ietf.org/html/rfc8555#section-7.1.6 const ( StatusPending = "pending" StatusInvalid = "invalid" @@ -20,7 +20,7 @@ const ( ) // Directory the ACME directory object. -// - https://tools.ietf.org/html/draft-ietf-acme-acme-16#section-7.1.1 +// - https://tools.ietf.org/html/rfc8555#section-7.1.1 type Directory struct { NewNonceURL string `json:"newNonce"` NewAccountURL string `json:"newAccount"` @@ -32,7 +32,7 @@ type Directory struct { } // Meta the ACME meta object (related to Directory). -// - https://tools.ietf.org/html/draft-ietf-acme-acme-16#section-7.1.1 +// - https://tools.ietf.org/html/rfc8555#section-7.1.1 type Meta struct { // termsOfService (optional, string): // A URL identifying the current terms of service. @@ -65,8 +65,8 @@ type ExtendedAccount struct { } // Account the ACME account Object. -// - https://tools.ietf.org/html/draft-ietf-acme-acme-16#section-7.1.2 -// - https://tools.ietf.org/html/draft-ietf-acme-acme-16#section-7.3 +// - https://tools.ietf.org/html/rfc8555#section-7.1.2 +// - https://tools.ietf.org/html/rfc8555#section-7.3 type Account struct { // status (required, string): // The status of this account. @@ -111,7 +111,7 @@ type ExtendedOrder struct { } // Order the ACME order Object. -// - https://tools.ietf.org/html/draft-ietf-acme-acme-16#section-7.1.3 +// - https://tools.ietf.org/html/rfc8555#section-7.1.3 type Order struct { // status (required, string): // The status of this order. @@ -164,7 +164,7 @@ type Order struct { } // Authorization the ACME authorization object. -// - https://tools.ietf.org/html/draft-ietf-acme-acme-16#section-7.1.4 +// - https://tools.ietf.org/html/rfc8555#section-7.1.4 type Authorization struct { // status (required, string): // The status of this authorization. @@ -206,8 +206,8 @@ type ExtendedChallenge struct { } // Challenge the ACME challenge object. -// - https://tools.ietf.org/html/draft-ietf-acme-acme-16#section-7.1.5 -// - https://tools.ietf.org/html/draft-ietf-acme-acme-16#section-8 +// - https://tools.ietf.org/html/rfc8555#section-7.1.5 +// - https://tools.ietf.org/html/rfc8555#section-8 type Challenge struct { // type (required, string): // The type of challenge encoded in the object. @@ -240,23 +240,23 @@ type Challenge struct { // It MUST NOT contain any characters outside the base64url alphabet, // and MUST NOT include base64 padding characters ("="). // See [RFC4086] for additional information on randomness requirements. - // https://tools.ietf.org/html/draft-ietf-acme-acme-16#section-8.3 - // https://tools.ietf.org/html/draft-ietf-acme-acme-16#section-8.4 + // https://tools.ietf.org/html/rfc8555#section-8.3 + // https://tools.ietf.org/html/rfc8555#section-8.4 Token string `json:"token"` - // https://tools.ietf.org/html/draft-ietf-acme-acme-16#section-8.1 + // https://tools.ietf.org/html/rfc8555#section-8.1 KeyAuthorization string `json:"keyAuthorization"` } // Identifier the ACME identifier object. -// - https://tools.ietf.org/html/draft-ietf-acme-acme-16#section-9.7.7 +// - https://tools.ietf.org/html/rfc8555#section-9.7.7 type Identifier struct { Type string `json:"type"` Value string `json:"value"` } // CSRMessage Certificate Signing Request -// - https://tools.ietf.org/html/draft-ietf-acme-acme-16#section-7.4 +// - https://tools.ietf.org/html/rfc8555#section-7.4 type CSRMessage struct { // csr (required, string): // A CSR encoding the parameters for the certificate being requested [RFC2986]. @@ -266,7 +266,7 @@ type CSRMessage struct { } // RevokeCertMessage a certificate revocation message -// - https://tools.ietf.org/html/draft-ietf-acme-acme-16#section-7.6 +// - https://tools.ietf.org/html/rfc8555#section-7.6 // - https://tools.ietf.org/html/rfc5280#section-5.3.1 type RevokeCertMessage struct { // certificate (required, string): diff --git a/acme/errors.go b/acme/errors.go index 1658fe8d..02a7d92c 100644 --- a/acme/errors.go +++ b/acme/errors.go @@ -12,7 +12,7 @@ const ( // ProblemDetails the problem details object // - https://tools.ietf.org/html/rfc7807#section-3.1 -// - https://tools.ietf.org/html/draft-ietf-acme-acme-16#section-7.3.3 +// - https://tools.ietf.org/html/rfc8555#section-7.3.3 type ProblemDetails struct { Type string `json:"type,omitempty"` Detail string `json:"detail,omitempty"` @@ -26,7 +26,7 @@ type ProblemDetails struct { } // SubProblem a "subproblems" -// - https://tools.ietf.org/html/draft-ietf-acme-acme-16#section-6.7.1 +// - https://tools.ietf.org/html/rfc8555#section-6.7.1 type SubProblem struct { Type string `json:"type,omitempty"` Detail string `json:"detail,omitempty"` diff --git a/certificate/certificates.go b/certificate/certificates.go index 8f54a58c..cca8b265 100644 --- a/certificate/certificates.go +++ b/certificate/certificates.go @@ -210,8 +210,8 @@ func (c *Certifier) getForOrder(domains []string, order acme.ExtendedOrder, bund // Determine certificate name(s) based on the authorization resources commonName := domains[0] - // ACME draft Section 7.4 "Applying for Certificate Issuance" - // https://tools.ietf.org/html/draft-ietf-acme-acme-12#section-7.4 + // RFC8555 Section 7.4 "Applying for Certificate Issuance" + // https://tools.ietf.org/html/rfc8555#section-7.4 // says: // Clients SHOULD NOT make any assumptions about the sort order of // "identifiers" or "authorizations" elements in the returned order @@ -502,7 +502,7 @@ func checkOrderStatus(order acme.Order) (bool, error) { } } -// https://tools.ietf.org/html/draft-ietf-acme-acme-16#section-7.1.4 +// https://tools.ietf.org/html/rfc8555#section-7.1.4 // The domain name MUST be encoded // in the form in which it would appear in a certificate. That is, it // MUST be encoded according to the rules in Section 7 of [RFC5280]. diff --git a/challenge/challenges.go b/challenge/challenges.go index 15dc8b34..f1cac006 100644 --- a/challenge/challenges.go +++ b/challenge/challenges.go @@ -10,15 +10,15 @@ import ( type Type string const ( - // HTTP01 is the "http-01" ACME challenge https://tools.ietf.org/html/draft-ietf-acme-acme-16#section-8.3 + // HTTP01 is the "http-01" ACME challenge https://tools.ietf.org/html/rfc8555#section-8.3 // Note: ChallengePath returns the URL path to fulfill this challenge HTTP01 = Type("http-01") - // DNS01 is the "dns-01" ACME challenge https://tools.ietf.org/html/draft-ietf-acme-acme-16#section-8.4 + // DNS01 is the "dns-01" ACME challenge https://tools.ietf.org/html/rfc8555#section-8.4 // Note: GetRecord returns a DNS record which will fulfill this challenge DNS01 = Type("dns-01") - // TLSALPN01 is the "tls-alpn-01" ACME challenge https://tools.ietf.org/html/draft-ietf-acme-tls-alpn-05 + // TLSALPN01 is the "tls-alpn-01" ACME challenge https://tools.ietf.org/html/draft-ietf-acme-tls-alpn-07 TLSALPN01 = Type("tls-alpn-01") ) diff --git a/challenge/tlsalpn01/tls_alpn_challenge.go b/challenge/tlsalpn01/tls_alpn_challenge.go index aca8706c..6e33911f 100644 --- a/challenge/tlsalpn01/tls_alpn_challenge.go +++ b/challenge/tlsalpn01/tls_alpn_challenge.go @@ -16,7 +16,7 @@ import ( ) // idPeAcmeIdentifierV1 is the SMI Security for PKIX Certification Extension OID referencing the ACME extension. -// Reference: https://tools.ietf.org/html/draft-ietf-acme-tls-alpn-05#section-5.1 +// Reference: https://tools.ietf.org/html/draft-ietf-acme-tls-alpn-07#section-6.1 var idPeAcmeIdentifierV1 = asn1.ObjectIdentifier{1, 3, 6, 1, 5, 5, 7, 1, 31} type ValidateFunc func(core *api.Core, domain string, chlng acme.Challenge) error @@ -83,7 +83,7 @@ func ChallengeBlocks(domain, keyAuth string) ([]byte, []byte, error) { // Add the keyAuth digest as the acmeValidation-v1 extension // (marked as critical such that it won't be used by non-ACME software). - // Reference: https://tools.ietf.org/html/draft-ietf-acme-tls-alpn-05#section-3 + // Reference: https://tools.ietf.org/html/draft-ietf-acme-tls-alpn-07#section-3 extensions := []pkix.Extension{ { Id: idPeAcmeIdentifierV1, diff --git a/challenge/tlsalpn01/tls_alpn_challenge_server.go b/challenge/tlsalpn01/tls_alpn_challenge_server.go index 85d0d546..d6c49b57 100644 --- a/challenge/tlsalpn01/tls_alpn_challenge_server.go +++ b/challenge/tlsalpn01/tls_alpn_challenge_server.go @@ -60,7 +60,7 @@ func (s *ProviderServer) Present(domain, token, keyAuth string) error { // We must set that the `acme-tls/1` application level protocol is supported // so that the protocol negotiation can succeed. Reference: - // https://tools.ietf.org/html/draft-ietf-acme-tls-alpn-01#section-5.2 + // https://tools.ietf.org/html/draft-ietf-acme-tls-alpn-07#section-6.2 tlsConf.NextProtos = []string{ACMETLS1Protocol} // Create the listener with the created tls.Config.