Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Allow creation of ACME account with EAB directly from --issue command #5087

Open
wants to merge 4 commits into
base: dev
Choose a base branch
from

Conversation

clement-gouin
Copy link

_regAccount on --issue was not using --eab-kid and --eab-hmac-key parameters like --register-account does

Also, _eab_kid was changed to _eab_id for no reason along account registration

@clement-gouin clement-gouin changed the title Allow to create ACME account with EAB directly from --issue command Allow creation of ACME account with EAB directly from --issue command Apr 11, 2024
@Neilpang
Copy link
Member

Neilpang commented Nov 4, 2024

don't rename _eab_kid if for no reason.

@Klemek
Copy link

Klemek commented Nov 5, 2024

don't rename _eab_kid if for no reason.

I'ts actually how it's called on the RFC 8555 I don't think that's "no reason"

7.3.4. External Account Binding
[...]
o The "kid" field MUST contain the key identifier provided by the CA

It is also changed originally from _eab_kid to _eab_id when passing into registeraccount

  registeraccount)
    registeraccount "$_accountkeylength" "$_eab_kid" "$_eab_hmac_key" # <= here
    ;;

# ...

#account_key_length   eab-kid  eab-hmac-key
registeraccount() {
  _account_key_length="$1"
  _eab_id="$2"   # <= here
  _eab_hmac_key="$3"
  _initpath
  _regAccount "$_account_key_length" "$_eab_id" "$_eab_hmac_key"
}

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

3 participants