-
Notifications
You must be signed in to change notification settings - Fork 4.2k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add ACME HTTP-01 Challenge #20141
Add ACME HTTP-01 Challenge #20141
Conversation
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I think this is nits, but a little confused over whitespace, etc...
// too many validators waiting for slow hosts. | ||
DialContext: (&net.Dialer{ | ||
Timeout: 10 * time.Second, | ||
KeepAlive: -1 * time.Second, |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
We've disabled keep alive above, what does setting this to be negative do?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
The first is a HTTP keepalive, this is the TCP keepalive:
// KeepAlive specifies the interval between keep-alive
// probes for an active network connection.
// If zero, keep-alive probes are sent with a default value
// (currently 15 seconds), if supported by the protocol and operating
// system. Network protocols or operating systems that do
// not support keep-alives ignore this field.
// If negative, keep-alive probes are disabled.
KeepAlive [time](https://pkg.go.dev/time).[Duration](https://pkg.go.dev/time#Duration)
shouldFail bool | ||
} | ||
|
||
var keyAuthorizationTestCases = []keyAuthorizationTestCase{ |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Awesome(!)
03a699f
to
55cee2b
Compare
This will attempt to safely validate HTTP challenges, following a limited number of redirects and timing out after too much time has passed. Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>
Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>
Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>
Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>
55cee2b
to
d7bdf97
Compare
Thanks @stevendpclark and @kitography! |
This adds the initial challenge validation function for the HTTP-01 challenge, checking the remote server for the presence of the specified key authorization. We attempt to set some safety timeouts and buffers to avoid endlessly hanging the Vault server.