x/crypto/acme: Unable to get rate limit periods in a reliable way #19304

calavera · 2017-02-27T17:24:46Z

Please answer these questions before submitting your issue. Thanks!

What version of Go are you using (`go version`)?

Go 1.8.0

What operating system and processor architecture are you using (`go env`)?

GOARCH="amd64"
GOHOSTARCH="amd64"
GOHOSTOS="linux"
GOOS="linux"

What did you do?

I'm using crypto/acme to create certificates from Let's Encrypt. The ACME spec provides a way to get rate limit information from providers in a reliable way:

https://tools.ietf.org/html/draft-ietf-acme-acme-05#section-6.4.1

However, crypto/acme doesn't provider any straightforward way to get those limits, leaving to everyone that uses it to implement the same logic over and over again to get those values:

An example of what people need to do every time they use crypto/acme:

client := &acme.Client{
  Key: pk, 
  DirectoryURL: "directoryURL",
}

authz, err := client.Authorize(context.Background(), "example.com")
if ae, ok := err.(*acme.Error); ok {
  r := ae.Header.Get("Retry-After")
  if r != "" {
    	i, err := strconv.ParseInt(r, 10, 64)
	if err != nil {
		// check if the header value is a time value and parse it properly
	}
        time.Sleep(time.Duration(i) * time.Second)
        // retry logic
  }
}

What did you expect to see?

I think these kind of checks are frequent enough that the library should provide a more straightforward way to get the limit time or duration, something like this:

client := &acme.Client{
  Key: pk, 
  DirectoryURL: "directoryURL",
}

authz, err := client.Authorize(context.Background(), "example.com")
if d, ok := acme.IsRateLimited(err); ok {
  time.Sleep(d)
  // retry logic
}

What did you see instead?

I created a small helper in my project to handle this. But that's something that every developer using crypto/acme will have to implement. I think it'd make sense to provide that logic by default with the library.

I also created a change request: https://go-review.googlesource.com/#/c/37463/

The text was updated successfully, but these errors were encountered:

gopherbot · 2017-02-27T17:32:15Z

CL https://golang.org/cl/37463 mentions this issue.

gopherbot · 2017-03-22T02:16:17Z

CL https://golang.org/cl/38436 mentions this issue.

This change exposes a function to extract rate limit duration from a client error using Retry-After response header. Author: David Calavera <[email protected]>. Fixes golang/go#19304. Change-Id: Iec9cfab398b84c6f216b95d3265ffad1ce2f29a7 Reviewed-on: https://go-review.googlesource.com/37463 Run-TryBot: Brad Fitzpatrick <[email protected]> TryBot-Result: Gobot Gobot <[email protected]> Reviewed-by: Brad Fitzpatrick <[email protected]>

bradfitz changed the title ~~crypto/acme: Unable to get rate limit periods in a reliable way~~ x/crypto/acme: Unable to get rate limit periods in a reliable way Mar 21, 2017

bradfitz added this to the Unreleased milestone Mar 21, 2017

gopherbot closed this as completed in golang/crypto@5f995c0 Apr 25, 2017

golang locked and limited conversation to collaborators Apr 25, 2018

gopherbot added the FrozenDueToAge label Apr 25, 2018

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

x/crypto/acme: Unable to get rate limit periods in a reliable way #19304

x/crypto/acme: Unable to get rate limit periods in a reliable way #19304

calavera commented Feb 27, 2017

gopherbot commented Feb 27, 2017

gopherbot commented Mar 22, 2017

x/crypto/acme: Unable to get rate limit periods in a reliable way #19304

x/crypto/acme: Unable to get rate limit periods in a reliable way #19304

Comments

calavera commented Feb 27, 2017

What version of Go are you using (go version)?

What operating system and processor architecture are you using (go env)?

What did you do?

What did you expect to see?

What did you see instead?

gopherbot commented Feb 27, 2017

gopherbot commented Mar 22, 2017

What version of Go are you using (`go version`)?

What operating system and processor architecture are you using (`go env`)?