Commit a7d50ce8 authored by Adrien Dorsaz's avatar Adrien Dorsaz

acme_dns_tiny: compute key authorization without checking token validity

Indeed, the token is created by the server
parent 474f4b63
......@@ -213,8 +213,7 @@ def get_crt(config, log=LOGGER):
log.info("Install DNS TXT resource for domain: %s", domain)
challenge = [c for c in authorization["challenges"] if c["type"] == "dns-01"][0]
token = re.sub(r"[^A-Za-z0-9_\-]", "_", challenge["token"])
keyauthorization = "{0}.{1}".format(token, jwk_thumbprint)
keyauthorization = challenge["token"] + "." + jwk_thumbprint
keydigest64 = _base64(hashlib.sha256(keyauthorization.encode("utf8")).digest())
dnsrr_domain = "_acme-challenge.{0}.".format(domain)
try: # a CNAME resource can be used for advanced TSIG configuration
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment