New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
x/crypto/acme: Rejected TOS results in inability to register #18379
Comments
This mostly affects autocert -- if you initially return false from prompt, then you have to kill the key even if you later return true. |
This is approximately the lowest priority bug. Don't expect things to work when you don't agree to the TOS. Actually, LetsEncrypt only has the TOS agreement in the protocol because it's a CA/B forum requirement to have a contractual relationship with their "customers". While we have the hook as a formality to respect the LetsEncrypt necessary legal formalities, you should just always return true. /cc @x1ddos |
I think this is actually WAI. The So, calling @taralx so what are you proposing, add a logic to Register and invoke UpdateReg under certain conditions and don't otherwise? I'm afraid that may lead to unexpected behavior and will certainly break some existing clients which rely on that same fact that Register returns "conflict" error if called with an existing key. This could be a feature request at best but not really sure it's worth it. Feels like very specific case and may cause more harm than good. Unless I'm missing something. |
I'm fine with switching this to autocert if it's WAI for acme, but it seems weird that you only get a free UpdateReg the first time you call Register, after which you get a conflict error and no UpdateReg. |
Opened #18433 for the autocert side. |
If that's the case, why does it call UpdateReg at all? This is the problem IMO -- the behavior w.r.t. UpdateReg is inconsistent. |
@taralx you're right. it should be consistent. I'll try to come up with a fix in the next days. |
Please answer these questions before submitting your issue. Thanks!
What version of Go are you using (
go version
)?1.6
What operating system and processor architecture are you using (
go env
)?amd64
What did you do?
Call acme.Register with a prompt that returns false, then again with a prompt that succeeds.
What did you expect to see?
Success
What did you see instead?
Register returns a conflict without calling UpdateReg.
The text was updated successfully, but these errors were encountered: