Sebastian Krause umthombo wokungahambisani okungavamile nesevisi umbhalo , esetshenziselwa ukwenza ngokuzenzakalelayo ukwamukela izitifiketi ze-TLS kusetshenziswa iphrothokholi ye-ACME. Kokubili iklayenti lereferensi kanye ne-uacme isebenza nge-Bypass, kodwa ayiphelelwa amanzi emzimbeni (ngokunembe kakhulu, iphinde yasebenza ngezinye izindlela zokusebenza, kodwa ngemodi ye-dns-1 kuphela).
Isizathu sivele saba yinto encane: esikhundleni sokuhlaziya impendulo ngefomethi ye-JSON ngempela, umbhali we-dehydrated wasebenzisa isici sokufometha sokuphumayo kwe-JSON okuphuma kusevisi ethi Masibethele futhi wayihlukanisa esebenzisa isisho esivamile. Kodwa i-Bypass ayibuyi ifomethiwe kahle, kodwa i-JSON encishisiwe, kanye nesetshenzisiwe akusebenzanga. Le ndlela ayizibandakanyi izinkinga nge-LetsEncrypt uma le sevisi ishintsha ifomethi ekhishwayo esikhathini esizayo ngaphandle kwesixwayiso, kuyilapho ihlezi ngaphakathi kohlaka lwephrothokholi esemthethweni.
Lapho kuxoxwa ngenkinga, kuphakanyiswe ukuthi kusetshenziswe umhlahleli wangaphandle we-JSON njengokuthi noma (engeza u-'jq -r ".authorizations | .[]"' epayipini ukuze uhlukanise okulungile).
Ububi bale ndlela ukuhlanjululwa komqondo wokusebenzisa izindlela ezincane neziqinisekiswa kalula, kanye nezinkinga zokuphatha amaphutha.
Umbhali wephrojekthi ephelelwe amanzi emzimbeni (iphrojekthi isanda kwenzeka I-Apilayer GmbH) , ukuthi ukuncozulula i-JSON kuyinkinga enkulu, kodwa akacabangi ukwengeza abahlaluli bangaphandle umqondo omuhle, njengoba enye yezinzuzo ezibalulekile zeskripthi ukungabi khona kokubophezela kokuncika kwangaphandle. Njengamanje umatasatasa, kodwa unethemba lokuthi uzozinikela ekuxazululeni le nkinga ezinsukwini ezimbalwa ezizayo. Izinhlelo zibandakanya ukusetshenzwa kabusha komhlahleli we-JSON noma ukuhlanganisa umhlahleli osewakhiwe ngolimi lwegobolondo - .
Source: opennet.ru