From 4cd64cd06df0369396b9b4284d8ed3351fbe926e Mon Sep 17 00:00:00 2001 From: Joris Vink Date: Fri, 25 Oct 2019 20:41:24 +0200 Subject: [PATCH] add error type and detail to authz error logs --- src/acme.c | 35 +++++++++++++++++++++++++++++++---- 1 file changed, 31 insertions(+), 4 deletions(-) diff --git a/src/acme.c b/src/acme.c index 65fbc31..91769c2 100644 --- a/src/acme.c +++ b/src/acme.c @@ -111,6 +111,8 @@ struct acme_challenge { char *url; char *type; char *token; + char *error_type; + char *error_detail; int (*process)(struct acme_order *, struct acme_challenge *); }; @@ -691,6 +693,8 @@ acme_order_remove(struct acme_order *order, const char *reason) while ((auth = LIST_FIRST(&order->auth)) != NULL) { LIST_REMOVE(auth, list); + kore_free(auth->challenge->error_detail); + kore_free(auth->challenge->error_type); kore_free(auth->challenge->token); kore_free(auth->challenge->type); kore_free(auth->challenge->url); @@ -719,9 +723,9 @@ acme_order_auth_log_error(struct acme_order *order) auth->challenge->status == ACME_STATUS_PROCESSING) continue; - kore_log(LOG_INFO, "[%s:auth:challenge] %s = %d", + kore_log(LOG_INFO, "[%s:auth:challenge] %s = %s (%s)", order->domain, auth->challenge->type, - auth->challenge->status); + auth->challenge->error_type, auth->challenge->error_detail); } } @@ -776,8 +780,8 @@ acme_order_auth_update(struct acme_order *order, struct acme_auth *auth) const u_int8_t *body; int ret, stval; struct acme_challenge *challenge; - struct kore_json_item *array, *object; struct kore_json_item *status, *type, *url, *token; + struct kore_json_item *array, *object, *err, *detail; ret = KORE_RESULT_ERROR; acme_request_prepare(&req, HTTP_METHOD_GET, auth->url, NULL, 0); @@ -880,9 +884,32 @@ acme_order_auth_update(struct acme_order *order, struct acme_auth *auth) challenge->type = kore_strdup(type->data.string); auth->challenge = challenge; + } else { + challenge = auth->challenge; + } + + challenge->status = stval; + + if (challenge->status == ACME_STATUS_INVALID && + (err = kore_json_find_object(object, "error")) != NULL) { + type = kore_json_find_string(err, "type"); + detail = kore_json_find_string(err, "detail"); + + if (type == NULL || detail == NULL) { + kore_log(LOG_NOTICE, + "[%s:auth:challenge] error missing fields", + order->domain); + } else { + kore_free(challenge->error_type); + kore_free(challenge->error_detail); + + challenge->error_type = + kore_strdup(type->data.string); + challenge->error_detail = + kore_strdup(detail->data.string); + } } - auth->challenge->status = stval; break; }