1 year ago · cc923713f6
--- a/go.mod
+++ b/go.mod
@@ -74,7 +74,7 @@ require (
 
				 	github.com/tailscale/certstore v0.1.1-0.20231202035212-d3fa0460f47e
			
 
				 	github.com/tailscale/depaware v0.0.0-20250112153213-b748de04d81b
			
 
				 	github.com/tailscale/goexpect v0.0.0-20210902213824-6e8c725cea41
			
 
				-	github.com/tailscale/golang-x-crypto v0.0.0-20240604161659-3fde5e568aa4
			
 
				+	github.com/tailscale/golang-x-crypto v0.0.0-20250218230618-9a281fd8faca
			
 
				 	github.com/tailscale/goupnp v1.0.1-0.20210804011211-c64d0f06ea05
			
 
				 	github.com/tailscale/hujson v0.0.0-20221223112325-20486734a56a
			
 
				 	github.com/tailscale/mkctr v0.0.0-20250110151924-54977352e4a6
			
--- a/go.sum
+++ b/go.sum
@@ -900,8 +900,8 @@ github.com/tailscale/go-winio v0.0.0-20231025203758-c4f33415bf55 h1:Gzfnfk2TWrk8
 
				 github.com/tailscale/go-winio v0.0.0-20231025203758-c4f33415bf55/go.mod h1:4k4QO+dQ3R5FofL+SanAUZe+/QfeK0+OIuwDIRu2vSg=
			
 
				 github.com/tailscale/goexpect v0.0.0-20210902213824-6e8c725cea41 h1:/V2rCMMWcsjYaYO2MeovLw+ClP63OtXgCF2Y1eb8+Ns=
			
 
				 github.com/tailscale/goexpect v0.0.0-20210902213824-6e8c725cea41/go.mod h1:/roCdA6gg6lQyw/Oz6gIIGu3ggJKYhF+WC/AQReE5XQ=
			
 
				-github.com/tailscale/golang-x-crypto v0.0.0-20240604161659-3fde5e568aa4 h1:rXZGgEa+k2vJM8xT0PoSKfVXwFGPQ3z3CJfmnHJkZZw=
			
 
				-github.com/tailscale/golang-x-crypto v0.0.0-20240604161659-3fde5e568aa4/go.mod h1:ikbF+YT089eInTp9f2vmvy4+ZVnW5hzX1q2WknxSprQ=
			
 
				+github.com/tailscale/golang-x-crypto v0.0.0-20250218230618-9a281fd8faca h1:ecjHwH73Yvqf/oIdQ2vxAX+zc6caQsYdPzsxNW1J3G8=
			
 
				+github.com/tailscale/golang-x-crypto v0.0.0-20250218230618-9a281fd8faca/go.mod h1:ikbF+YT089eInTp9f2vmvy4+ZVnW5hzX1q2WknxSprQ=
			
 
				 github.com/tailscale/goupnp v1.0.1-0.20210804011211-c64d0f06ea05 h1:4chzWmimtJPxRs2O36yuGRW3f9SYV+bMTTvMBI0EKio=
			
 
				 github.com/tailscale/goupnp v1.0.1-0.20210804011211-c64d0f06ea05/go.mod h1:PdCqy9JzfWMJf1H5UJW2ip33/d4YkoKN0r67yKH1mG8=
			
 
				 github.com/tailscale/hujson v0.0.0-20221223112325-20486734a56a h1:SJy1Pu0eH1C29XwJucQo73FrleVK6t4kYz4NVhp34Yw=
			
--- a/tempfork/acme/acme.go
+++ b/tempfork/acme/acme.go
@@ -557,7 +557,11 @@ func (c *Client) Accept(ctx context.Context, chal *Challenge) (*Challenge, error
 
				 		return nil, err
			
 
				 	}
			
 
				 
			
 
				-	res, err := c.post(ctx, nil, chal.URI, json.RawMessage("{}"), wantStatus(
			
 
				+	payload := json.RawMessage("{}")
			
 
				+	if len(chal.Payload) != 0 {
			
 
				+		payload = chal.Payload
			
 
				+	}
			
 
				+	res, err := c.post(ctx, nil, chal.URI, payload, wantStatus(
			
 
				 		http.StatusOK,       // according to the spec
			
 
				 		http.StatusAccepted, // Let's Encrypt: see https://goo.gl/WsJ7VT (acme-divergences.md)
			
 
				 	))
			
--- a/tempfork/acme/acme_test.go
+++ b/tempfork/acme/acme_test.go
@@ -875,7 +875,7 @@ func TestTLSALPN01ChallengeCert(t *testing.T) {
 
				 }
			
 
				 
			
 
				 func TestTLSChallengeCertOpt(t *testing.T) {
			
 
				-	key, err := rsa.GenerateKey(rand.Reader, 512)
			
 
				+	key, err := rsa.GenerateKey(rand.Reader, 1024)
			
 
				 	if err != nil {
			
 
				 		t.Fatal(err)
			
 
				 	}
			
--- a/tempfork/acme/http.go
+++ b/tempfork/acme/http.go
@@ -15,6 +15,7 @@ import (
 
				 	"io"
			
 
				 	"math/big"
			
 
				 	"net/http"
			
 
				+	"runtime/debug"
			
 
				 	"strconv"
			
 
				 	"strings"
			
 
				 	"time"
			
@@ -271,9 +272,27 @@ func (c *Client) httpClient() *http.Client {
 
				 }
			
 
				 
			
 
				 // packageVersion is the version of the module that contains this package, for
			
 
				-// sending as part of the User-Agent header. It's set in version_go112.go.
			
 
				+// sending as part of the User-Agent header.
			
 
				 var packageVersion string
			
 
				 
			
 
				+func init() {
			
 
				+	// Set packageVersion if the binary was built in modules mode and x/crypto
			
 
				+	// was not replaced with a different module.
			
 
				+	info, ok := debug.ReadBuildInfo()
			
 
				+	if !ok {
			
 
				+		return
			
 
				+	}
			
 
				+	for _, m := range info.Deps {
			
 
				+		if m.Path != "golang.org/x/crypto" {
			
 
				+			continue
			
 
				+		}
			
 
				+		if m.Replace == nil {
			
 
				+			packageVersion = m.Version
			
 
				+		}
			
 
				+		break
			
 
				+	}
			
 
				+}
			
 
				+
			
 
				 // userAgent returns the User-Agent header value. It includes the package name,
			
 
				 // the module version (if available), and the c.UserAgent value (if set).
			
 
				 func (c *Client) userAgent() string {
			
--- a/tempfork/acme/types.go
+++ b/tempfork/acme/types.go
@@ -7,6 +7,7 @@ package acme
 
				 import (
			
 
				 	"crypto"
			
 
				 	"crypto/x509"
			
 
				+	"encoding/json"
			
 
				 	"errors"
			
 
				 	"fmt"
			
 
				 	"net/http"
			
@@ -292,7 +293,7 @@ type Directory struct {
 
				 	// Renewal Information (ARI) Extension.
			
 
				 	RenewalInfoURL string
			
 
				 
			
 
				-	// Term is a URI identifying the current terms of service.
			
 
				+	// Terms is a URI identifying the current terms of service.
			
 
				 	Terms string
			
 
				 
			
 
				 	// Website is an HTTP or HTTPS URL locating a website
			
@@ -531,6 +532,16 @@ type Challenge struct {
 
				 	// when this challenge was used.
			
 
				 	// The type of a non-nil value is *Error.
			
 
				 	Error error
			
 
				+
			
 
				+	// Payload is the JSON-formatted payload that the client sends
			
 
				+	// to the server to indicate it is ready to respond to the challenge.
			
 
				+	// When unset, it defaults to an empty JSON object: {}.
			
 
				+	// For most challenges, the client must not set Payload,
			
 
				+	// see https://tools.ietf.org/html/rfc8555#section-7.5.1.
			
 
				+	// Payload is used only for newer challenges (such as "device-attest-01")
			
 
				+	// where the client must send additional data for the server to validate
			
 
				+	// the challenge.
			
 
				+	Payload json.RawMessage
			
 
				 }
			
 
				 
			
 
				 // wireChallenge is ACME JSON challenge representation.