challtestsrv icon indicating copy to clipboard operation
challtestsrv copied to clipboard
verified publisher icon letsencrypt

Perform keyauth hashing in AddDNSOneChallenge, add ACME prefix

Open cpu opened this issue 6 years ago • 1 comments

Presently the AddDNSOneChallenge function is quite simple and adds the provided content under the provided host:

https://github.com/letsencrypt/challtestsrv/blob/285efd6fac122954c72d2f32bf1f6e3f7c50ffb5/dnsone.go#L9-L15

That means callers have to add the _acme-challenge. prefix for RFC 8555 DNS-01 challenges to the host themselves. They're also responsible for hashing the key authorization for the content argument.

Since this is a function specifically for DNS-01 it should do more of this work automatically. This is an API breaking change and will need to bump the release accordingly.

cpu avatar Apr 04 '19 17:04 cpu

It would probably be worthwhile to take this as a chance to holistically review the whole API and make similar improvements for TLS-ALPN-01 and HTTP-01 as appropriate. I think there could also be some consistency changes made in naming.

cpu avatar Apr 04 '19 18:04 cpu