From 0d4b16aadb18216eda1e4751c6ee86b30d4ec44b Mon Sep 17 00:00:00 2001 From: Felix Fontein Date: Mon, 30 Dec 2024 11:30:33 +0100 Subject: [PATCH] acme_certificate: be nicer to non-compliant CAs (#832) * Be nicer to non-compliant CAs. * Mark as a feature, not a bugfix. --- changelogs/fragments/832-acme-challenges.yml | 3 +++ plugins/module_utils/acme/challenges.py | 7 ++++++- 2 files changed, 9 insertions(+), 1 deletion(-) create mode 100644 changelogs/fragments/832-acme-challenges.yml diff --git a/changelogs/fragments/832-acme-challenges.yml b/changelogs/fragments/832-acme-challenges.yml new file mode 100644 index 000000000..bf3f1fc55 --- /dev/null +++ b/changelogs/fragments/832-acme-challenges.yml @@ -0,0 +1,3 @@ +minor_changes: + - "acme_certificate - add compatibility for ACME CAs that are not fully RFC8555 compliant and do not provide ``challenges`` in authz objects + (https://github.com/ansible-collections/community.crypto/issues/824, https://github.com/ansible-collections/community.crypto/pull/832)." diff --git a/plugins/module_utils/acme/challenges.py b/plugins/module_utils/acme/challenges.py index e37075a64..640a54ab8 100644 --- a/plugins/module_utils/acme/challenges.py +++ b/plugins/module_utils/acme/challenges.py @@ -141,7 +141,12 @@ class Authorization(object): def _setup(self, client, data): data['uri'] = self.url self.data = data - self.challenges = [Challenge.from_json(client, challenge) for challenge in data['challenges']] + # While 'challenges' is a required field, apparently not every CA cares + # (https://github.com/ansible-collections/community.crypto/issues/824) + if data.get('challenges'): + self.challenges = [Challenge.from_json(client, challenge) for challenge in data['challenges']] + else: + self.challenges = [] if client.version == 1 and 'status' not in data: # https://tools.ietf.org/html/draft-ietf-acme-acme-02#section-6.1.2 # "status (required, string): ...