This fell through the cracks back in April.
We need to be able to provide contact information to use the
buypass.com acme api.
OK?
diff --git etc/examples/acme-client.conf etc/examples/acme-client.conf
index 32ecd8e8655..40d231725ac 100644
--- etc/examples/acme-client.conf
+++ etc/examples/acme-client.conf
@@ -11,6 +11,18 @@ authority letsencrypt-staging {
account key "/etc/acme/letsencrypt-staging-privkey.pem"
}
+authority buypass {
+ api url "https://api.buypass.com/acme/directory";
+ account key "/etc/acme/buypass-privkey.pem"
+ contact "mailto:[email protected]";
+}
+
+authority buypass-test {
+ api url "https://api.test4.buypass.no/acme/directory";
+ account key "/etc/acme/buypass-test-privkey.pem"
+ contact "mailto:[email protected]";
+}
+
domain example.com {
alternative names { secure.example.com }
domain key "/etc/ssl/private/example.com.key"
diff --git usr.sbin/acme-client/acme-client.conf.5
usr.sbin/acme-client/acme-client.conf.5
index 08a47a76ab7..41994d13676 100644
--- usr.sbin/acme-client/acme-client.conf.5
+++ usr.sbin/acme-client/acme-client.conf.5
@@ -98,6 +98,11 @@ It defaults to
Specify the
.Ar url
under which the ACME API is reachable.
+.It Ic contact Ar contact
+Optional
+.Ar contact
+URLs that the authority can use to contact the client for issues related to
+this account.
.El
.Sh DOMAINS
The certificates to be obtained through ACME.
diff --git usr.sbin/acme-client/extern.h usr.sbin/acme-client/extern.h
index 364425b0500..ee341e0950f 100644
--- usr.sbin/acme-client/extern.h
+++ usr.sbin/acme-client/extern.h
@@ -263,7 +263,7 @@ char *json_getstr(struct jsmnn *, const char
*);
char *json_fmt_newcert(const char *);
char *json_fmt_chkacc(void);
-char *json_fmt_newacc(void);
+char *json_fmt_newacc(const char *);
char *json_fmt_neworder(const char *const *, size_t);
char *json_fmt_protected_rsa(const char *,
const char *, const char *, const char *);
diff --git usr.sbin/acme-client/json.c usr.sbin/acme-client/json.c
index a6762eeb258..9201f8d2fc3 100644
--- usr.sbin/acme-client/json.c
+++ usr.sbin/acme-client/json.c
@@ -618,14 +618,24 @@ json_fmt_chkacc(void)
* Format the "newAccount" resource request.
*/
char *
-json_fmt_newacc(void)
+json_fmt_newacc(const char *contact)
{
int c;
- char *p;
+ char *p, *cnt = NULL;
+
+ if (contact != NULL) {
+ c = asprintf(&cnt, "\"contact\": [ \"%s\" ], ", contact);
+ if (c == -1) {
+ warn("asprintf");
+ return NULL;
+ }
+ }
c = asprintf(&p, "{"
+ "%s"
"\"termsOfServiceAgreed\": true"
- "}");
+ "}", cnt == NULL ? "" : cnt);
+ free(cnt);
if (c == -1) {
warn("asprintf");
p = NULL;
diff --git usr.sbin/acme-client/netproc.c usr.sbin/acme-client/netproc.c
index 05e36897c38..4490450003e 100644
--- usr.sbin/acme-client/netproc.c
+++ usr.sbin/acme-client/netproc.c
@@ -369,14 +369,14 @@ sreq(struct conn *c, const char *addr, int kid, const
char *req, char **loc)
* Returns non-zero on success.
*/
static int
-donewacc(struct conn *c, const struct capaths *p)
+donewacc(struct conn *c, const struct capaths *p, const char *contact)
{
struct jsmnn *j = NULL;
int rc = 0;
char *req, *detail, *error = NULL;
long lc;
- if ((req = json_fmt_newacc()) == NULL)
+ if ((req = json_fmt_newacc(contact)) == NULL)
warnx("json_fmt_newacc");
else if ((lc = sreq(c, p->newaccount, 0, req, &c->kid)) < 0)
warnx("%s: bad comm", p->newaccount);
@@ -410,7 +410,7 @@ donewacc(struct conn *c, const struct capaths *p)
* Returns non-zero on success.
*/
static int
-dochkacc(struct conn *c, const struct capaths *p)
+dochkacc(struct conn *c, const struct capaths *p, const char *contact)
{
int rc = 0;
char *req;
@@ -425,7 +425,7 @@ dochkacc(struct conn *c, const struct capaths *p)
else if (c->buf.buf == NULL || c->buf.sz == 0)
warnx("%s: empty response", p->newaccount);
else if (lc == 400)
- rc = donewacc(c, p);
+ rc = donewacc(c, p, contact);
else
rc = 1;
@@ -755,7 +755,7 @@ netproc(int kfd, int afd, int Cfd, int cfd, int dfd, int
rfd,
c.newnonce = paths.newnonce;
/* Check if our account already exists or create it. */
- if (!dochkacc(&c, &paths))
+ if (!dochkacc(&c, &paths, authority->contact))
goto out;
/*
diff --git usr.sbin/acme-client/parse.h usr.sbin/acme-client/parse.h
index 9de5a490f69..c928a9de7da 100644
--- usr.sbin/acme-client/parse.h
+++ usr.sbin/acme-client/parse.h
@@ -38,6 +38,7 @@ struct authority_c {
char *api;
char *account;
enum keytype keytype;
+ char *contact;
};
struct domain_c {
diff --git usr.sbin/acme-client/parse.y usr.sbin/acme-client/parse.y
index 120f253a63f..c39b922f764 100644
--- usr.sbin/acme-client/parse.y
+++ usr.sbin/acme-client/parse.y
@@ -100,7 +100,7 @@ typedef struct {
%}
-%token AUTHORITY URL API ACCOUNT
+%token AUTHORITY URL API ACCOUNT CONTACT
%token DOMAIN ALTERNATIVE NAME NAMES CERT FULL CHAIN KEY SIGN WITH CHALLENGEDIR
%token YES NO
%token INCLUDE
@@ -230,6 +230,16 @@ authorityoptsl : API URL STRING {
auth->account = s;
auth->keytype = $4;
}
+ | CONTACT STRING {
+ char *s;
+ if (auth->contact != NULL) {
+ yyerror("duplicate contact");
+ YYERROR;
+ }
+ if ((s = strdup($2)) == NULL)
+ err(EXIT_FAILURE, "strdup");
+ auth->contact = s;
+ }
;
domain : DOMAIN STRING {
@@ -452,6 +462,7 @@ lookup(char *s)
{"certificate", CERT},
{"chain", CHAIN},
{"challengedir", CHALLENGEDIR},
+ {"contact", CONTACT},
{"domain", DOMAIN},
{"ecdsa", ECDSA},
{"full", FULL},
--
I'm not entirely sure you are real.
