Add ACME HTTP-01 Challenge #20141
Merged
Add ACME HTTP-01 Challenge #20141
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
kitography
reviewed
Apr 13, 2023
| // too many validators waiting for slow hosts. | ||
| DialContext: (&net.Dialer{ | ||
| Timeout: 10 * time.Second, | ||
| KeepAlive: -1 * time.Second, |
There was a problem hiding this comment.
We've disabled keep alive above, what does setting this to be negative do?
There was a problem hiding this comment.
The first is a HTTP keepalive, this is the TCP keepalive:
// KeepAlive specifies the interval between keep-alive
// probes for an active network connection.
// If zero, keep-alive probes are sent with a default value
// (currently 15 seconds), if supported by the protocol and operating
// system. Network protocols or operating systems that do
// not support keep-alives ignore this field.
// If negative, keep-alive probes are disabled.
KeepAlive [time](https://pkg.go.dev/time).[Duration](https://pkg.go.dev/time#Duration)
| shouldFail bool | ||
| } | ||
|
|
||
| var keyAuthorizationTestCases = []keyAuthorizationTestCase{ |
cipherboy
force-pushed
the
cipherboy-start-acme-challenges
branch
from
03a699f
to
55cee2b
Compare
This will attempt to safely validate HTTP challenges, following a limited number of redirects and timing out after too much time has passed. Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>
Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>
Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>
Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>
cipherboy
force-pushed
the
cipherboy-start-acme-challenges
branch
from
55cee2b
to
d7bdf97
Compare
stevendpclark
approved these changes
Apr 17, 2023
|
Thanks @stevendpclark and @kitography! |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This adds the initial challenge validation function for the HTTP-01 challenge, checking the remote server for the presence of the specified key authorization. We attempt to set some safety timeouts and buffers to avoid endlessly hanging the Vault server.