Hello,
Let's Encrypt announced it is "Enabling ACME CAA Account and Method
Binding"
https://community.letsencrypt.org/t/enabling-acme-caa-account-and-method-binding/189588
as of Dec 15th 2022. To make use of this, we add a CAA DNS record of the
form "example.com. IN CAA 0 issue "letsencrypt.org;
accounturi=ACCOUNT_URI_HERE". However, according to
https://letsencrypt.org/docs/account-id/, finding the account id
(account uri) is implementation specific.
Since there doesn't appear to be a prior need to expose the account id
to the user, acme-client(1) does not provide a way to retrieve it, nor
did I see it in the verbose output log (-vv). I've never submitted a
patch before, nor is C my primary language (go easy on me) -- but here
goes...
V/r,
--
Charlie
diff --git acme-client.1 acme-client.1
index 403e161dd8a..a327b030547 100644
--- acme-client.1
+++ acme-client.1
@@ -75,6 +75,8 @@ Specify an alternative configuration file.
No operation: check and print configuration.
.It Fl r
Revoke the X.509 certificate.
+.It Fl i
+Print account id.
.It Fl v
Verbose operation.
Specify twice to also trace communication and data transfers.
diff --git extern.h extern.h
index 4b43b6ef4ac..cb0b1896962 100644
--- extern.h
+++ extern.h
@@ -210,7 +210,7 @@ int fileproc(int, const char *, const char *,
const char *,
const char *);
int keyproc(int, const char *, const char **, size_t,
enum keytype);
-int netproc(int, int, int, int, int, int, int,
+int netproc(int, int, int, int, int, int, int, int,
struct authority_c *, const char *const *,
size_t);
diff --git main.c main.c
index bec17254297..b7f2846ef89 100644
--- main.c
+++ main.c
@@ -47,7 +47,7 @@ main(int argc, char *argv[])
int key_fds[2], acct_fds[2], chng_fds[2], cert_fds[2];
int file_fds[2], dns_fds[2], rvk_fds[2];
int force = 0;
- int c, rc, revocate = 0;
+ int c, rc, revocate, print_account_id = 0;
int popts = 0;
pid_t pids[COMP__MAX];
size_t i, altsz, ne;
@@ -60,7 +60,7 @@ main(int argc, char *argv[])
if (setlocale(LC_CTYPE, "C") == NULL)
errx(1, "setlocale");
- while ((c = getopt(argc, argv, "Fnrvf:")) != -1)
+ while ((c = getopt(argc, argv, "Fnrivf:")) != -1)
switch (c) {
case 'F':
force = 1;
@@ -75,6 +75,9 @@ main(int argc, char *argv[])
case 'r':
revocate = 1;
break;
+ case 'i':
+ print_account_id = 1;
+ break;
case 'v':
verbose = verbose ? 2 : 1;
popts |= ACME_OPT_VERBOSE;
@@ -220,7 +223,7 @@ main(int argc, char *argv[])
c = netproc(key_fds[1], acct_fds[1],
chng_fds[1], cert_fds[1],
dns_fds[1], rvk_fds[1],
- revocate, authority,
+ revocate, print_account_id, authority,
(const char *const *)alts, altsz);
exit(c ? EXIT_SUCCESS : EXIT_FAILURE);
}
@@ -380,6 +383,6 @@ main(int argc, char *argv[])
return rc != COMP__MAX ? EXIT_FAILURE : (c == 2 ? EXIT_SUCCESS : 2);
usage:
fprintf(stderr,
- "usage: acme-client [-Fnrv] [-f configfile] handle\n");
+ "usage: acme-client [-Fnriv] [-f configfile] handle\n");
return EXIT_FAILURE;
}
diff --git netproc.c netproc.c
index cd1b8716ca7..c8a5cfa28c6 100644
--- netproc.c
+++ netproc.c
@@ -19,6 +19,7 @@
#include <ctype.h>
#include <err.h>
#include <errno.h>
+#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <unistd.h>
@@ -673,7 +674,7 @@ dodirs(struct conn *c, const char *addr, struct capaths
*paths)
*/
int
netproc(int kfd, int afd, int Cfd, int cfd, int dfd, int rfd,
- int revocate, struct authority_c *authority,
+ int revocate, int print_account_id, struct authority_c *authority,
const char *const *alts, size_t altsz)
{
int rc = 0;
@@ -759,6 +760,11 @@ netproc(int kfd, int afd, int Cfd, int cfd, int dfd, int
rfd,
if (!dochkacc(&c, &paths, authority->contact))
goto out;
+ /* Print account id. */
+ if (print_account_id) {
+ printf("%s\n", c.kid);
+ }
+
/*
* If we're meant to revoke, then wait for revokeproc to send us
* the certificate (if it's found at all).
