certificates icon indicating copy to clipboard operation
certificates copied to clipboard

Published 20 hours ago verified publisher icon smallstep

Provide custom template error message to ACME clients

Open F13 opened this issue 4 years ago • 2 comments

Custom template errors from fail don't get passed back to ACME clients. For example:

{{- if typeIs "*rsa.PublicKey" .Insecure.CR.PublicKey }}
        {{ fail "No RSA keys please :)" }}

yields

{"type":"urn:ietf:params:acme:error:serverInternal","detail":"The server experienced an internal error"}

using acme.sh.

This would be great to inform clients why their certificate was rejected if there was some custom logic to do so.

F13 avatar Nov 11 '21 06:11 F13

Hey @F13 thanks for opening the issue. Error propagation is definitely a deficiency.

@maraino you mentioned you could point me to where templating errors are returned. If this is an easy / quick fix I could try to knock it out.

dopey avatar Nov 18 '21 03:11 dopey

@dopey It's here, as the error is wrapped you will need to look at the base error https://github.com/smallstep/certificates/blob/8d229b9a60a8e58c93e2479a7c9547ebeaf7d16f/authority/tls.go#L116-L121

maraino avatar Nov 18 '21 19:11 maraino