From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from firstgate.proxmox.com (firstgate.proxmox.com [212.224.123.68]) by lore.proxmox.com (Postfix) with ESMTPS id C38921FF13C for ; Thu, 25 Jun 2026 16:13:51 +0200 (CEST) Received: from firstgate.proxmox.com (localhost [127.0.0.1]) by firstgate.proxmox.com (Proxmox) with ESMTP id 24C4E13068; Thu, 25 Jun 2026 16:13:45 +0200 (CEST) From: Manuel Federanko To: pbs-devel@lists.proxmox.com, pdm-devel@lists.proxmox.com Subject: [PATCH proxmox 2/7] acme: add retry-after header to renewal information. Date: Thu, 25 Jun 2026 16:13:32 +0200 Message-ID: <20260625141337.181684-3-m.federanko@proxmox.com> X-Mailer: git-send-email 2.47.3 In-Reply-To: <20260625141337.181684-1-m.federanko@proxmox.com> References: <20260625141337.181684-1-m.federanko@proxmox.com> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-SPAM-LEVEL: Spam detection results: 1 AWL -1.980 Adjusted score from AWL reputation of From: address BAYES_00 -1.9 Bayes spam probability is 0 to 1% DMARC_MISSING 0.1 Missing DMARC policy HEADER_FROM_DIFFERENT_DOMAINS 0.249 From and EnvelopeFrom 2nd level mail domains are different KAM_DMARC_STATUS 0.01 Test Rule for DKIM or SPF Failure with Strict Alignment KAM_LAZY_DOMAIN_SECURITY 1 Sending domain does not have any anti-forgery methods RCVD_IN_SBL_CSS 3.335 Received via a relay in Spamhaus SBL-CSS RDNS_NONE 0.793 Delivered to internal network by a host with no rDNS SPF_HELO_NONE 0.001 SPF: HELO does not publish an SPF Record SPF_NONE 0.001 SPF: sender does not publish an SPF Record URIBL_BLOCKED 0.001 ADMINISTRATOR NOTICE: The query to URIBL was blocked. See http://wiki.apache.org/spamassassin/DnsBlocklists#dnsbl-block for more information. [renewal.rs] Message-ID-Hash: 2NVWDUHTK6QREYI3CBMK2NPGKERAJFV5 X-Message-ID-Hash: 2NVWDUHTK6QREYI3CBMK2NPGKERAJFV5 X-MailFrom: mfederanko@dev.localdomain X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; loop; banned-address; emergency; member-moderation; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header X-Mailman-Version: 3.3.10 Precedence: list List-Id: Proxmox Backup Server development discussion List-Help: List-Owner: List-Post: List-Subscribe: List-Unsubscribe: This is not yet used but makes it easier to make the ARI workflow of the client smarter later. Signed-off-by: Manuel Federanko --- proxmox-acme/src/async_client.rs | 19 ++++++++++++++++++- proxmox-acme/src/renewal.rs | 3 +++ 2 files changed, 21 insertions(+), 1 deletion(-) diff --git a/proxmox-acme/src/async_client.rs b/proxmox-acme/src/async_client.rs index 6670bc24..c133a54e 100644 --- a/proxmox-acme/src/async_client.rs +++ b/proxmox-acme/src/async_client.rs @@ -360,7 +360,10 @@ impl AcmeClient { match Self::execute(&mut self.http_client, request, &mut self.nonce).await { Ok(response) => { let data: crate::renewal::RenewalInformationData = response.json()?; - Ok(Some(crate::renewal::RenewalInformation { data })) + Ok(Some(crate::renewal::RenewalInformation { + data, + retry_after: response.retry_after, + })) } Err(err) => Err(err.into()), } @@ -384,6 +387,7 @@ impl AcmeClient { struct AcmeResponse { body: Bytes, location: Option, + retry_after: Option, got_nonce: bool, } @@ -470,9 +474,22 @@ impl AcmeClient { }) .transpose()?; + let retry_after = parts + .headers + .get("Retry-After") + .map(|header| { + header.to_str().map(str::to_owned).map_err(|err| { + Error::Client(format!( + "received invalid retry-after header from ACME server: {err}" + )) + }) + }) + .transpose()?; + return Ok(AcmeResponse { body, location, + retry_after, got_nonce, }); } diff --git a/proxmox-acme/src/renewal.rs b/proxmox-acme/src/renewal.rs index eb4ff96a..6454affc 100644 --- a/proxmox-acme/src/renewal.rs +++ b/proxmox-acme/src/renewal.rs @@ -30,4 +30,7 @@ pub struct RenewalInformationData { pub struct RenewalInformation { /// the actual response of the acme server pub data: RenewalInformationData, + + /// when to check the renewal endpoint again + pub retry_after: Option, } -- 2.47.3