public inbox for pbs-devel@lists.proxmox.com
 help / color / mirror / Atom feed
From: "Max R. Carrara" <m.carrara@proxmox.com>
To: "Proxmox Backup Server development discussion"
	<pbs-devel@lists.proxmox.com>
Subject: Re: [pbs-devel] [PATCH proxmox{-backup, } v4 0/8] fix #6939: acme: support servers returning 204 for nonce requests
Date: Tue, 09 Dec 2025 17:50:39 +0100	[thread overview]
Message-ID: <DETUA6ZP3M6X.2S90QXW3EYJXU@proxmox.com> (raw)
In-Reply-To: <20251203102217.59923-1-s.rufinatscha@proxmox.com>

On Wed Dec 3, 2025 at 11:22 AM CET, Samuel Rufinatscha wrote:
> Hi,
>
> this series fixes account registration for ACME providers that return
> HTTP 204 No Content to the newNonce request. Currently, both the PBS
> ACME client and the shared ACME client in proxmox-acme only accept
> HTTP 200 OK for this request. The issue was observed in PBS against a
> custom ACME deployment and reported as bug #6939 [1].
>
> [...]

Testing
-------

Tested this on my local PBS development instance with the DNS-01
challenge using one of my domains on OVH and Let's Encrypt Staging.

The cert was ordered without any problems. Everything worked just as
before.

Comments Regarding the Changes Made
-----------------------------------

Overall, looks pretty good! I only found a few minor things, see my
comments inline. 

What I would recommend overall is to make the changes in `proxmox`
first, and then use the new `async fn` you introduced in patch #4
(proxmox) in `proxmox-backup` instead of doing things the other way
around. That way you could perhaps use the function you introduced,
since I'm assuming you added it for good reason.

Conclusion
----------

LGTM—needs a teeny tiny bit more polish (see comments inline), but
otherwise works great already! :D Good to see a lot of redundant code
being removed.

The few things I mentioned inline aren't *strict* blockers IMO and can
maybe be addressed in a couple follow-up patches, if this gets merged as
is. Otherwise, should you release a v5 of this series, I'll do another
review.

Anyhow, should the maintainer decide to merge this series, please
consider:

Reviewed-by: Max R. Carrara <m.carrara@proxmox.com>
Tested-by: Max R. Carrara <m.carrara@proxmox.com>

>
> proxmox-backup:
>
> Samuel Rufinatscha (4):
>   acme: include proxmox-acme-api dependency
>   acme: drop local AcmeClient
>   acme: change API impls to use proxmox-acme-api handlers
>   acme: certificate ordering through proxmox-acme-api
>
>  Cargo.toml                             |   3 +
>  src/acme/client.rs                     | 691 -------------------------
>  src/acme/mod.rs                        |   5 -
>  src/acme/plugin.rs                     | 336 ------------
>  src/api2/config/acme.rs                | 407 ++-------------
>  src/api2/node/certificates.rs          | 240 ++-------
>  src/api2/types/acme.rs                 |  98 ----
>  src/api2/types/mod.rs                  |   3 -
>  src/bin/proxmox-backup-api.rs          |   2 +
>  src/bin/proxmox-backup-manager.rs      |   2 +
>  src/bin/proxmox-backup-proxy.rs        |   1 +
>  src/bin/proxmox_backup_manager/acme.rs |  21 +-
>  src/config/acme/mod.rs                 |  51 +-
>  src/config/acme/plugin.rs              |  99 +---
>  src/config/node.rs                     |  29 +-
>  src/lib.rs                             |   2 -
>  16 files changed, 103 insertions(+), 1887 deletions(-)
>  delete mode 100644 src/acme/client.rs
>  delete mode 100644 src/acme/mod.rs
>  delete mode 100644 src/acme/plugin.rs
>  delete mode 100644 src/api2/types/acme.rs
>
>
> proxmox:
>
> Samuel Rufinatscha (4):
>   acme-api: add helper to load client for an account
>   acme: reduce visibility of Request type
>   acme: introduce http_status module
>   fix #6939: acme: support servers returning 204 for nonce requests
>
>  proxmox-acme-api/src/account_api_impl.rs |  5 +++++
>  proxmox-acme-api/src/lib.rs              |  3 ++-
>  proxmox-acme/src/account.rs              | 27 +++++++++++++-----------
>  proxmox-acme/src/async_client.rs         |  8 +++----
>  proxmox-acme/src/authorization.rs        |  2 +-
>  proxmox-acme/src/client.rs               |  8 +++----
>  proxmox-acme/src/lib.rs                  |  6 ++----
>  proxmox-acme/src/order.rs                |  2 +-
>  proxmox-acme/src/request.rs              | 25 +++++++++++++++-------
>  9 files changed, 51 insertions(+), 35 deletions(-)
>
>
> Summary over all repositories:
>   25 files changed, 154 insertions(+), 1922 deletions(-)



_______________________________________________
pbs-devel mailing list
pbs-devel@lists.proxmox.com
https://lists.proxmox.com/cgi-bin/mailman/listinfo/pbs-devel

  parent reply	other threads:[~2025-12-09 16:50 UTC|newest]

Thread overview: 17+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2025-12-03 10:22 Samuel Rufinatscha
2025-12-03 10:22 ` [pbs-devel] [PATCH proxmox-backup v4 1/4] acme: include proxmox-acme-api dependency Samuel Rufinatscha
2025-12-03 10:22 ` [pbs-devel] [PATCH proxmox-backup v4 2/4] acme: drop local AcmeClient Samuel Rufinatscha
2025-12-09 16:50   ` Max R. Carrara
2025-12-03 10:22 ` [pbs-devel] [PATCH proxmox-backup v4 3/4] acme: change API impls to use proxmox-acme-api handlers Samuel Rufinatscha
2025-12-09 16:50   ` Max R. Carrara
2025-12-03 10:22 ` [pbs-devel] [PATCH proxmox-backup v4 4/4] acme: certificate ordering through proxmox-acme-api Samuel Rufinatscha
2025-12-09 16:50   ` Max R. Carrara
2025-12-03 10:22 ` [pbs-devel] [PATCH proxmox v4 1/4] acme-api: add helper to load client for an account Samuel Rufinatscha
2025-12-09 16:51   ` Max R. Carrara
2025-12-10 10:08     ` Samuel Rufinatscha
2025-12-03 10:22 ` [pbs-devel] [PATCH proxmox v4 2/4] acme: reduce visibility of Request type Samuel Rufinatscha
2025-12-09 16:51   ` Max R. Carrara
2025-12-03 10:22 ` [pbs-devel] [PATCH proxmox v4 3/4] acme: introduce http_status module Samuel Rufinatscha
2025-12-03 10:22 ` [pbs-devel] [PATCH proxmox v4 4/4] fix #6939: acme: support servers returning 204 for nonce requests Samuel Rufinatscha
2025-12-09 16:50 ` Max R. Carrara [this message]
2025-12-10  9:44   ` [pbs-devel] [PATCH proxmox{-backup, } v4 0/8] " Samuel Rufinatscha

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=DETUA6ZP3M6X.2S90QXW3EYJXU@proxmox.com \
    --to=m.carrara@proxmox.com \
    --cc=pbs-devel@lists.proxmox.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox
Service provided by Proxmox Server Solutions GmbH | Privacy | Legal