Update ACME RFC links from draft to RFC8555. (#1004)

acme/api/api.go

@@ -71,7 +71,7 @@ func (a *Core) post(uri string, reqBody, response interface{}) (*http.Response,
 }
 
 // postAsGet performs an HTTP POST ("POST-as-GET") request.
-// https://tools.ietf.org/html/draft-ietf-acme-acme-16#section-6.3
+// https://tools.ietf.org/html/rfc8555#section-6.3
 func (a *Core) postAsGet(uri string, response interface{}) (*http.Response, error) {
 	return a.retrievablePost(uri, []byte{}, response)
 }

acme/api/certificate.go

@@ -71,7 +71,7 @@ func (c *CertificateService) get(certURL string) ([]byte, string, error) {
 
 	// The issuer certificate link may be supplied via an "up" link
 	// in the response headers of a new certificate.
-	// See https://tools.ietf.org/html/draft-ietf-acme-acme-12#section-7.4.2
+	// See https://tools.ietf.org/html/rfc8555#section-7.4.2
 	up := getLink(resp.Header, "up")
 
 	return cert, up, err

acme/commons.go

@@ -1,5 +1,5 @@
 // Package acme contains all objects related the ACME endpoints.
-// https://tools.ietf.org/html/draft-ietf-acme-acme-16
+// https://tools.ietf.org/html/rfc8555
 package acme
 
 import (
@@ -8,7 +8,7 @@ import (
 )
 
 // Challenge statuses
-// https://tools.ietf.org/html/draft-ietf-acme-acme-16#section-7.1.6
+// https://tools.ietf.org/html/rfc8555#section-7.1.6
 const (
 	StatusPending     = "pending"
 	StatusInvalid     = "invalid"
@@ -20,7 +20,7 @@ const (
 )
 
 // Directory the ACME directory object.
-// - https://tools.ietf.org/html/draft-ietf-acme-acme-16#section-7.1.1
+// - https://tools.ietf.org/html/rfc8555#section-7.1.1
 type Directory struct {
 	NewNonceURL   string `json:"newNonce"`
 	NewAccountURL string `json:"newAccount"`
@@ -32,7 +32,7 @@ type Directory struct {
 }
 
 // Meta the ACME meta object (related to Directory).
-// - https://tools.ietf.org/html/draft-ietf-acme-acme-16#section-7.1.1
+// - https://tools.ietf.org/html/rfc8555#section-7.1.1
 type Meta struct {
 	// termsOfService (optional, string):
 	// A URL identifying the current terms of service.
@@ -65,8 +65,8 @@ type ExtendedAccount struct {
 }
 
 // Account the ACME account Object.
-// - https://tools.ietf.org/html/draft-ietf-acme-acme-16#section-7.1.2
+// - https://tools.ietf.org/html/rfc8555#section-7.1.2
-// - https://tools.ietf.org/html/draft-ietf-acme-acme-16#section-7.3
+// - https://tools.ietf.org/html/rfc8555#section-7.3
 type Account struct {
 	// status (required, string):
 	// The status of this account.
@@ -111,7 +111,7 @@ type ExtendedOrder struct {
 }
 
 // Order the ACME order Object.
-// - https://tools.ietf.org/html/draft-ietf-acme-acme-16#section-7.1.3
+// - https://tools.ietf.org/html/rfc8555#section-7.1.3
 type Order struct {
 	// status (required, string):
 	// The status of this order.
@@ -164,7 +164,7 @@ type Order struct {
 }
 
 // Authorization the ACME authorization object.
-// - https://tools.ietf.org/html/draft-ietf-acme-acme-16#section-7.1.4
+// - https://tools.ietf.org/html/rfc8555#section-7.1.4
 type Authorization struct {
 	// status (required, string):
 	// The status of this authorization.
@@ -206,8 +206,8 @@ type ExtendedChallenge struct {
 }
 
 // Challenge the ACME challenge object.
-// - https://tools.ietf.org/html/draft-ietf-acme-acme-16#section-7.1.5
+// - https://tools.ietf.org/html/rfc8555#section-7.1.5
-// - https://tools.ietf.org/html/draft-ietf-acme-acme-16#section-8
+// - https://tools.ietf.org/html/rfc8555#section-8
 type Challenge struct {
 	// type (required, string):
 	// The type of challenge encoded in the object.
@@ -240,23 +240,23 @@ type Challenge struct {
 	// It MUST NOT contain any characters outside the base64url alphabet,
 	// and MUST NOT include base64 padding characters ("=").
 	// See [RFC4086] for additional information on randomness requirements.
-	// https://tools.ietf.org/html/draft-ietf-acme-acme-16#section-8.3
+	// https://tools.ietf.org/html/rfc8555#section-8.3
-	// https://tools.ietf.org/html/draft-ietf-acme-acme-16#section-8.4
+	// https://tools.ietf.org/html/rfc8555#section-8.4
 	Token string `json:"token"`
 
-	// https://tools.ietf.org/html/draft-ietf-acme-acme-16#section-8.1
+	// https://tools.ietf.org/html/rfc8555#section-8.1
 	KeyAuthorization string `json:"keyAuthorization"`
 }
 
 // Identifier the ACME identifier object.
-// - https://tools.ietf.org/html/draft-ietf-acme-acme-16#section-9.7.7
+// - https://tools.ietf.org/html/rfc8555#section-9.7.7
 type Identifier struct {
 	Type  string `json:"type"`
 	Value string `json:"value"`
 }
 
 // CSRMessage Certificate Signing Request
-// - https://tools.ietf.org/html/draft-ietf-acme-acme-16#section-7.4
+// - https://tools.ietf.org/html/rfc8555#section-7.4
 type CSRMessage struct {
 	// csr (required, string):
 	// A CSR encoding the parameters for the certificate being requested [RFC2986].
@@ -266,7 +266,7 @@ type CSRMessage struct {
 }
 
 // RevokeCertMessage a certificate revocation message
-// - https://tools.ietf.org/html/draft-ietf-acme-acme-16#section-7.6
+// - https://tools.ietf.org/html/rfc8555#section-7.6
 // - https://tools.ietf.org/html/rfc5280#section-5.3.1
 type RevokeCertMessage struct {
 	// certificate (required, string):

acme/errors.go

@@ -12,7 +12,7 @@ const (
 
 // ProblemDetails the problem details object
 // - https://tools.ietf.org/html/rfc7807#section-3.1
-// - https://tools.ietf.org/html/draft-ietf-acme-acme-16#section-7.3.3
+// - https://tools.ietf.org/html/rfc8555#section-7.3.3
 type ProblemDetails struct {
 	Type        string       `json:"type,omitempty"`
 	Detail      string       `json:"detail,omitempty"`
@@ -26,7 +26,7 @@ type ProblemDetails struct {
 }
 
 // SubProblem a "subproblems"
-// - https://tools.ietf.org/html/draft-ietf-acme-acme-16#section-6.7.1
+// - https://tools.ietf.org/html/rfc8555#section-6.7.1
 type SubProblem struct {
 	Type       string     `json:"type,omitempty"`
 	Detail     string     `json:"detail,omitempty"`

certificate/certificates.go

@@ -210,8 +210,8 @@ func (c *Certifier) getForOrder(domains []string, order acme.ExtendedOrder, bund
 	// Determine certificate name(s) based on the authorization resources
 	commonName := domains[0]
 
-	// ACME draft Section 7.4 "Applying for Certificate Issuance"
+	// RFC8555 Section 7.4 "Applying for Certificate Issuance"
-	// https://tools.ietf.org/html/draft-ietf-acme-acme-12#section-7.4
+	// https://tools.ietf.org/html/rfc8555#section-7.4
 	// says:
 	//   Clients SHOULD NOT make any assumptions about the sort order of
 	//   "identifiers" or "authorizations" elements in the returned order
@@ -502,7 +502,7 @@ func checkOrderStatus(order acme.Order) (bool, error) {
 	}
 }
 
-// https://tools.ietf.org/html/draft-ietf-acme-acme-16#section-7.1.4
+// https://tools.ietf.org/html/rfc8555#section-7.1.4
 // The domain name MUST be encoded
 //   in the form in which it would appear in a certificate.  That is, it
 //   MUST be encoded according to the rules in Section 7 of [RFC5280].

challenge/challenges.go

@@ -10,15 +10,15 @@ import (
 type Type string
 
 const (
-	// HTTP01 is the "http-01" ACME challenge https://tools.ietf.org/html/draft-ietf-acme-acme-16#section-8.3
+	// HTTP01 is the "http-01" ACME challenge https://tools.ietf.org/html/rfc8555#section-8.3
 	// Note: ChallengePath returns the URL path to fulfill this challenge
 	HTTP01 = Type("http-01")
 
-	// DNS01 is the "dns-01" ACME challenge https://tools.ietf.org/html/draft-ietf-acme-acme-16#section-8.4
+	// DNS01 is the "dns-01" ACME challenge https://tools.ietf.org/html/rfc8555#section-8.4
 	// Note: GetRecord returns a DNS record which will fulfill this challenge
 	DNS01 = Type("dns-01")
 
-	// TLSALPN01 is the "tls-alpn-01" ACME challenge https://tools.ietf.org/html/draft-ietf-acme-tls-alpn-05
+	// TLSALPN01 is the "tls-alpn-01" ACME challenge https://tools.ietf.org/html/draft-ietf-acme-tls-alpn-07
 	TLSALPN01 = Type("tls-alpn-01")
 )
 

challenge/tlsalpn01/tls_alpn_challenge.go

@@ -16,7 +16,7 @@ import (
 )
 
 // idPeAcmeIdentifierV1 is the SMI Security for PKIX Certification Extension OID referencing the ACME extension.
-// Reference: https://tools.ietf.org/html/draft-ietf-acme-tls-alpn-05#section-5.1
+// Reference: https://tools.ietf.org/html/draft-ietf-acme-tls-alpn-07#section-6.1
 var idPeAcmeIdentifierV1 = asn1.ObjectIdentifier{1, 3, 6, 1, 5, 5, 7, 1, 31}
 
 type ValidateFunc func(core *api.Core, domain string, chlng acme.Challenge) error
@@ -83,7 +83,7 @@ func ChallengeBlocks(domain, keyAuth string) ([]byte, []byte, error) {
 
 	// Add the keyAuth digest as the acmeValidation-v1 extension
 	// (marked as critical such that it won't be used by non-ACME software).
-	// Reference: https://tools.ietf.org/html/draft-ietf-acme-tls-alpn-05#section-3
+	// Reference: https://tools.ietf.org/html/draft-ietf-acme-tls-alpn-07#section-3
 	extensions := []pkix.Extension{
 		{
 			Id:       idPeAcmeIdentifierV1,

challenge/tlsalpn01/tls_alpn_challenge_server.go

@@ -60,7 +60,7 @@ func (s *ProviderServer) Present(domain, token, keyAuth string) error {
 
 	// We must set that the `acme-tls/1` application level protocol is supported
 	// so that the protocol negotiation can succeed. Reference:
-	// https://tools.ietf.org/html/draft-ietf-acme-tls-alpn-01#section-5.2
+	// https://tools.ietf.org/html/draft-ietf-acme-tls-alpn-07#section-6.2
 	tlsConf.NextProtos = []string{ACMETLS1Protocol}
 
 	// Create the listener with the created tls.Config.