From: Stuart Henderson Subject: acme-client: print account uri with -v To: tech Date: Mon, 7 Oct 2024 14:41:08 +0100 Extracted from an avalanche of emails in a huge thread on another list ;) this teaches acme-client -v to print the account uri as returned by the ACME server (https://datatracker.ietf.org/doc/html/rfc8555#section-7.3 - it's in the Location header). This is useful if you want to add CAA records that restrict issuance to a specific user account rather than just a specific CA, for example: CAA 0 issue "letsencrypt.org;accounturi=https://acme-v02.api.letsencrypt.org/acme/acct/1234567890" It's not super pretty, but this isn't something anyone will run often, just once manually when adding the CAA record. OK? Index: netproc.c =================================================================== RCS file: /cvs/src/usr.sbin/acme-client/netproc.c,v diff -u -p -r1.35 netproc.c --- netproc.c 28 Apr 2024 10:09:25 -0000 1.35 +++ netproc.c 7 Oct 2024 13:32:22 -0000 @@ -359,7 +359,7 @@ donewacc(struct conn *c, const struct ca { struct jsmnn *j = NULL; int rc = 0; - char *req, *detail, *error = NULL; + char *req, *detail, *error = NULL, *accturi = NULL; long lc; if ((req = json_fmt_newacc(contact)) == NULL) @@ -384,6 +384,14 @@ donewacc(struct conn *c, const struct ca else rc = 1; + if (c->kid != NULL) { + if (stravis(&accturi, c->kid, VIS_SAFE) != -1) + warn("%s", accturi); + else + dodbg("account key: %s", accturi); + free(accturi); + } + if (rc == 0 || verbose > 1) buf_dump(&c->buf); free(req); @@ -399,7 +407,7 @@ static int dochkacc(struct conn *c, const struct capaths *p, const char *contact) { int rc = 0; - char *req; + char *req, *accturi = NULL; long lc; if ((req = json_fmt_chkacc()) == NULL) @@ -417,6 +425,13 @@ dochkacc(struct conn *c, const struct ca if (c->kid == NULL) rc = 0; + else { + if (stravis(&accturi, c->kid, VIS_SAFE) != -1) + warn("%s", accturi); + else + dodbg("account key: %s", accturi); + free(accturi); + } if (rc == 0 || verbose > 1) buf_dump(&c->buf);