RFC8555 section 7.3.1 compliance

Hello,

With my ACMEv2 client implementation  https://github.com/bruncsak/ght-acme.sh I got the following error when trying to retrieve the KID:

HTTP/1.1 400 Bad Request

{"type":"urn:ietf:params:acme:error:unsupportedContact","detail":"The contact is malformed. Supported schemes: [tel:, mailto:]","code":400,"message":"UNSUPPORTED_CONTACT","details":"HTTP 400 Bad Request"}

The section 7.3.1 of RFC8555 is rather precise that:

   The body of this response represents the account object as it existed on
   the server before this request; any fields in the request object MUST
   be ignored.

Your code is checking the body of the request, what is not supposed to be done. I already implemented a workaround in my client, but you may wish to fix that in the server code to avoid the same issue with a different ACME v2 client.

4replies Oldest first
  • Oldest first
  • Newest first
  • Active threads
  • Popular
  • Hi Attila

     

    Thanks for reporting this case. We have added it to the bug tracker.

     

    Regards,

    Andriy

    Like
      • Attila
      • bruat
      • 1 mth ago
      • Reported - view

      Hello Andriy Mahats 

      Thanks for adding it to the bug tracker.

      There is some other issue.

      When the account is not authorized to revoke a certificate, your ACME server returns 401 HTTP error code. In the example of the RFC (section 7.6) the error code is 403.

       

      Best,

      Attila

      Like
    • Hi Attila 

       

      Sorry for late reply.

      Thanks for reporting. We plan to fix it.

       However ETA of the fix is currently unknown.

       

      Regards,

      Andriy

      Like
      • Attila
      • bruat
      • 10 days ago
      • Reported - view

      Andriy Mahats 

      Thank you very much for the follow-up.

      Best,

      Attila

      Like
Like Follow
  • 10 days agoLast active
  • 4Replies
  • 58Views
  • 2 Following

Buypass Official Community

This is the official community of Buypass.  A Root CA located in Norway.