From: Thomas Lamprecht <t.lamprecht@proxmox.com>
To: Proxmox VE development discussion <pve-devel@lists.proxmox.com>,
Folke Gleumes <f.gleumes@proxmox.com>
Subject: [pve-devel] applied: [PATCH acme v3 0/5] fix #4497: add support for external account bindings
Date: Mon, 13 Nov 2023 12:26:22 +0100 [thread overview]
Message-ID: <8e7afe15-f1f9-4c1e-bdd5-99ad975466a1@proxmox.com> (raw)
In-Reply-To: <20231031090514.23629-1-f.gleumes@proxmox.com>
Am 31/10/2023 um 10:05 schrieb Folke Gleumes:
> Changes since v2:
> * reverted the new_account abi to be non breaking
>
> Changes since v1:
> * fixed nit's
> * expanded meta endpoint by all return values defined in the rfc
> * expanded new_account signature by field for eab credentials
> * allow for eab even if not required
>
> This patch series adds functionality to use acme directiories
> that require the use of external account binding, as specified
> in rfc 8555 section 7.3.4.
>
> To avoid code duplication and redundant calls to the CA,
> the `/cluster/acme/tos` endpoint has been deprecated and
> it's function will be covered by the new `/cluster/acme/meta`
> endpoint, which exposes all meta information provided by the CA,
> including the flag indicating that EAB needs to be used.
> The underlying call to the CA remains the same.
>
> The CLI interface will only ask for the EAB credentials if needed,
> similar to how it works for the ToS.
>
> The patches have been tested to work with and without EAB
> by using pebble [0] as the CA.
>
> [0] https://github.com/letsencrypt/pebble
>
>
> acme: Folke Gleumes (1):
> fix #4497: add support for external account bindings
>
> src/PVE/ACME.pm | 48 ++++++++++++++++++++++++++++++++++++++++++------
> 1 file changed, 42 insertions(+), 6 deletions(-)
>
>
> manager: Folke Gleumes (4):
> fix #4497: acme: add support for external account bindings
> api/acme: deprecate tos endpoint in favor of meta
> fix #4497: cli/acme: detect eab and ask for credentials
> ui/acme: switch to new meta endpoint
>
> PVE/API2/ACMEAccount.pm | 83 ++++++++++++++++++++++++++++++++++++++-
> PVE/CLI/pvenode.pm | 26 +++++++++++-
> www/manager6/node/ACME.js | 12 ++++--
> 3 files changed, 113 insertions(+), 8 deletions(-)
>
applied series with Fabian's R-b and T-b trailers, thanks!
But I commented w.r.t. return schema on patch 3/5, please check that out.
And some commits I'd have slightly favored a split the rework and addition
of new feature into two separate commits, like the proxmox-acme one, but no
biggie.
prev parent reply other threads:[~2023-11-13 11:26 UTC|newest]
Thread overview: 9+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-10-31 9:05 [pve-devel] " Folke Gleumes
2023-10-31 9:05 ` [pve-devel] [PATCH acme v3 1/5] " Folke Gleumes
2023-10-31 9:05 ` [pve-devel] [PATCH manager v3 2/5] fix #4497: acme: " Folke Gleumes
2023-10-31 9:05 ` [pve-devel] [PATCH manager v3 3/5] api/acme: deprecate tos endpoint in favor of meta Folke Gleumes
2023-11-13 11:24 ` Thomas Lamprecht
2023-10-31 9:05 ` [pve-devel] [PATCH manager v3 4/5] fix #4497: cli/acme: detect eab and ask for credentials Folke Gleumes
2023-10-31 9:05 ` [pve-devel] [PATCH manager v3 5/5] ui/acme: switch to new meta endpoint Folke Gleumes
2023-11-10 11:18 ` [pve-devel] [PATCH acme v3 0/5] fix #4497: add support for external account bindings Fabian Grünbichler
2023-11-13 11:26 ` Thomas Lamprecht [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=8e7afe15-f1f9-4c1e-bdd5-99ad975466a1@proxmox.com \
--to=t.lamprecht@proxmox.com \
--cc=f.gleumes@proxmox.com \
--cc=pve-devel@lists.proxmox.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.