x/crypto/acme/autocert: ToS prompt check for ToS-less ACME servers #64881

benburkert · 2023-12-27T19:12:09Z

Go version

go version go1.21.4 darwin/arm64

What operating system and processor architecture are you using (`go env`)?

GO111MODULE=''
GOARCH='arm64'
GOBIN=''
GOCACHE='/Users/benburkert/Library/Caches/go-build'
GOENV='/Users/benburkert/Library/Application Support/go/env'
GOEXE=''
GOEXPERIMENT=''
GOFLAGS=''
GOHOSTARCH='arm64'
GOHOSTOS='darwin'
GOINSECURE=''
GOMODCACHE='/Users/benburkert/.asdf/installs/golang/1.21.4/packages/pkg/mod'
GONOPROXY=''
GONOSUMDB=''
GOOS='darwin'
GOPATH='/Users/benburkert/.asdf/installs/golang/1.21.4/packages'
GOPRIVATE=''
GOPROXY='https://proxy.golang.org,direct'
GOROOT='/Users/benburkert/.asdf/installs/golang/1.21.4/go'
GOSUMDB='sum.golang.org'
GOTMPDIR=''
GOTOOLCHAIN='auto'
GOTOOLDIR='/Users/benburkert/.asdf/installs/golang/1.21.4/go/pkg/tool/darwin_arm64'
GOVCS=''
GOVERSION='go1.21.4'
GCCGO='gccgo'
AR='ar'
CC='clang'
CXX='clang++'
CGO_ENABLED='1'
GOMOD='/Users/benburkert/src/golang.org/x/crypto/go.mod'
GOWORK=''
CGO_CFLAGS='-O2 -g'
CGO_CPPFLAGS=''
CGO_CXXFLAGS='-O2 -g'
CGO_FFLAGS='-O2 -g'
CGO_LDFLAGS='-O2 -g'
PKG_CONFIG='pkg-config'
GOGCCFLAGS='-fPIC -arch arm64 -pthread -fno-caret-diagnostics -Qunused-arguments -fmessage-length=0 -ffile-prefix-map=/var/folders/yw/d_dr0rn16ks575_14_fppcfw0000gn/T/go-build1407559308=/tmp/go-build -gno-record-gcc-switches -fno-common'

What did you do?

Use (x/crypto/acme/autocert).Manager without initializing the Prompt field to request a certificate from an ACME provider (https://zerossl.com/ for example) that doesn't require the optional termsOfServiceAgreed portion of newAccount requests:

&autocert.Manager{
	HostPolicy: autocert.HostWhitelist("example-domain.test"),

	Client: &acme.Client{
		DirectoryURL: "https://acme.zerossl.com/v2/DV90",
	},

	ExternalAccountBinding: &acme.ExternalAccountBinding{
		KID: eabKID,
		Key: eabKey,
	},
}

What did you expect to see?

A valid certificate via the autocert.Manager. The Manager.Client.DirectoryURL is explicitly being set so the check for nil Prompt field does not seem necessary.

What did you see instead?

An error message log: http: TLS handshake error from <redacted>: acme/autocert: Manager.Prompt not set

The text was updated successfully, but these errors were encountered:

seankhliao · 2023-12-27T19:20:54Z

Note the field comment:

To always accept the terms, the callers can use AcceptTOS.

cc @golang/security

benburkert · 2023-12-27T19:42:28Z

Yes, and even setting Prompt to func(string) { return false } works for this ACME provider, since they do account provisioning beforehand. It seems quirky to require the Prompt field when the part of the RFC that it maps to is marked as optional. Changing this m.Prompt == nil to a m.Prompt == nil && (m.Client == nil || m.Client.DirectoryURL == "") would keep the check for the default provider (Let's Encrypt requires it) and drop it for a custom provider.

gopherbot added this to the Unreleased milestone Dec 27, 2023

dmitshur added the NeedsInvestigation Someone must examine and confirm this is a valid issue and not a duplicate of an existing one. label Jan 9, 2024

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

x/crypto/acme/autocert: ToS prompt check for ToS-less ACME servers #64881

x/crypto/acme/autocert: ToS prompt check for ToS-less ACME servers #64881

benburkert commented Dec 27, 2023

seankhliao commented Dec 27, 2023

benburkert commented Dec 27, 2023

x/crypto/acme/autocert: ToS prompt check for ToS-less ACME servers #64881

x/crypto/acme/autocert: ToS prompt check for ToS-less ACME servers #64881

Comments

benburkert commented Dec 27, 2023

Go version

What operating system and processor architecture are you using (go env)?

What did you do?

What did you expect to see?

What did you see instead?

seankhliao commented Dec 27, 2023

benburkert commented Dec 27, 2023

What operating system and processor architecture are you using (`go env`)?