go x/crypto/acme: 目录.AuthzURL未检查预授权支持,在客户端.Authorize()中,

uqdfh47h  于 6个月前  发布在  Go
关注(0)|答案(4)|浏览(50)

你使用的Go版本是什么(go version)?

go version go1.14.7 darwin/amd64

这个问题在最新版本中是否重现?

是的,在支持ACMEv2的crypto/acme任何版本中都会出现

你做了什么?

_, err := lestencryptStagingV2client.Authorize("example.com")

你期望看到什么?

{directotyURL} doesn't support pre-authorization flow

但你看到的是什么?

Post "": unsupported protocol scheme ""

这个模糊的错误是因为AuthzURL为空,而在调用POST之前没有测试AuthzURL。

w1e3prcc

w1e3prcc1#

/cc @FiloSottile@x1ddos per owners .

uidvcgyl

uidvcgyl2#

// AuthzURL is used to initiate identifier pre-authorization flow.
// Empty string indicates the flow is unsupported by the CA.
AuthzURL string

https://godoc.org/golang.org/x/crypto/acme#Directory

v440hwme

v440hwme3#

在以下文件中:https://github.com/golang/crypto/blob/123391ffb6de/acme/acme.go#L466,您可以看到:

if _, err := c.Discover(ctx); err != nil {
		return nil, err
	}

这里进行了一个发现,但是......没有对目录进行任何操作,接下来的指令是执行一个 POSTAuthzURL 的操作。我的观点是:
AuthzURL 可以在这里检查并在 AuthzURL 为空时返回错误,以避免这种类型的错误 Post "": unsupported protocol scheme ""

1szpjjfi

1szpjjfi4#

这个问题是关于开发体验的,而不是密码学或查阅手册。
我已经阅读了手册,也阅读了RFC,@x1ddos怎么可能猜到呢?
如果我忽略ACMEv1预认证是强制性的,但在ACMEv2中不是这样,我如何知道这是一个问题,因为ACMEv2?
开发体验问题是Authorize()如果AuthzURL为空,可以返回一个有意义的错误。
错误{directotyURL} doesn't support pre-authorization flowPost "": unsupported protocol scheme ""更有意义,但Post "": unsupported protocol scheme ""是由post()返回的。
所以Authorize()需要检查AuthzURL是否为空,以返回一个有意义的错误。
go不是一个单人业余项目。
仅用手册引用回复,似乎至少有点激进。
而且,如果可以确定这种激进的回复是在没有任何努力去理解问题的情况下做出的,那可能成为一种行为问题。
英语不是我的母语,我生活在一个大脑受伤(外伤性损伤)的情况下,这使得任何语言下的这种社交互动都非常困难。
我没有要求任何帮助,我只是希望得到一个与https://golang.org/conduct兼容的回复。

These are the values to which people in the Go community (“Gophers”) should aspire.

    Be friendly and welcoming
    Be patient
        Remember that people have varying communication styles and that not everyone is using their native language. (Meaning and tone can be lost in translation.) 
    Be thoughtful
        Productive communication requires effort. Think about how your words will be interpreted.
        Remember that sometimes it is best to refrain entirely from commenting. 
    Be respectful
        In particular, respect differences of opinion. 
    Be charitable
        Interpret the arguments of others in good faith, do not seek to disagree.
        When we do disagree, try to understand why. 
    Avoid destructive behavior:
        Derailing: stay on topic; if you want to talk about something else, start a new conversation.
        Unconstructive criticism: don't merely decry the current state of affairs; offer—or at least solicit—suggestions as to how things may be improved.
        Snarking (pithy, unproductive, sniping comments)
        Discussing potentially offensive or sensitive issues; this all too often leads to unnecessary conflict.
        Microaggressions: brief and commonplace verbal, behavioral and environmental indignities that communicate hostile, derogatory or negative slights and insults to a person or group. 

People are complicated. You should expect to be misunderstood and to misunderstand others; when this inevitably occurs, resist the urge to be defensive or assign blame. Try not to take offense where no offense was intended. Give people the benefit of the doubt. Even if the intent was to provoke, do not rise to it. It is the responsibility of all parties to de-escalate conflict when it arises.

相关问题