On Fri, Mar 27, 2026 at 03:54:35PM +0100, William Lallemand wrote: > On Mon, Mar 09, 2026 at 07:39:43PM +0200, Mia Kanashi wrote: > > > > I'm thinking of this: https://github.com/kanashimia/haproxy/tree/polling-fix > > Can you take a quick look at the first commit there? Should be easy to read. > > > > Poll logic that used acme_res_challenge() will use acme_res_auth() instead. > > It makes the code of acme_res_auth() quite a bit more messy though, > > as auth response contains an array of challenges, so finding a correct one > > requires looping, but it is the correct logic. > > Since the Authorisation object contains the challenge objects, and we're only > using 1 challenge, so the status of the challenge and the one of the > authorization is really 1:1. > > Are you seeing cases were this is problematic or would optimize something? >
I just checked the RFC again, https://datatracker.ietf.org/doc/html/rfc8555#section-7.5.1 "Usually, the validation process will take some time, so the client will need to poll the authorization resource to see when it is finalized." Well, that's probably better then, if we could avoid URL recycling or things like that. -- William Lallemand
