BUG/MINOR: acme: fix fallback state after failed initial DNS check

When the opportunistic initial DNS check (ACME_INITIAL_RSLV_READY) fails,
the state machine was incorrectly transitioning to ACME_RSLV_RETRY_DELAY
instead of ACME_CLI_WAIT. This caused the challenge to enter the DNS retry
loop rather than falling back to the normal cond_ready flow that waits for
the CLI signal.

Also reorder ACME_CLI_WAIT in the state enum and trace switch to reflect
the actual execution order introduced in the previous commit: it comes after
ACME_INITIAL_RSLV_READY, not before ACME_INITIAL_RSLV_TRIGGER.

No backport needed.

diff --git a/include/haproxy/acme-t.h b/include/haproxy/acme-t.h
index b12a95be1042d4a9f21f54038229fdc4dab04519..091dcd708530ff71bb181473412fe862f9e4ed80 100644 (file)
--- a/include/haproxy/acme-t.h
+++ b/include/haproxy/acme-t.h
@@ -53,9 +53,9 @@ enum acme_st {
        ACME_NEWACCOUNT,
        ACME_NEWORDER,
        ACME_AUTH,
-       ACME_CLI_WAIT,               /* wait for the ACME_RDY_CLI */
        ACME_INITIAL_RSLV_TRIGGER,   /* opportunistic DNS check avoid cond_ready steps */
        ACME_INITIAL_RSLV_READY,
+       ACME_CLI_WAIT,               /* wait for the ACME_RDY_CLI */
        ACME_INITIAL_DELAY,
        ACME_RSLV_RETRY_DELAY,
        ACME_RSLV_TRIGGER,

diff --git a/src/acme.c b/src/acme.c
index 7a392d6d20dd3af3ea2444933681d0b68ec156bd..6e79769551479e3af47411771497fd46ef34556c 100644 (file)
--- a/src/acme.c
+++ b/src/acme.c
@@ -123,9 +123,9 @@ static void acme_trace(enum trace_level level, uint64_t mask, const struct trace
                        case ACME_NEWACCOUNT:               chunk_appendf(&trace_buf, "ACME_NEWACCOUNT");              break;
                        case ACME_NEWORDER:                 chunk_appendf(&trace_buf, "ACME_NEWORDER");                break;
                        case ACME_AUTH:                     chunk_appendf(&trace_buf, "ACME_AUTH");                    break;
-                       case ACME_CLI_WAIT :                chunk_appendf(&trace_buf, "ACME_CLI_WAIT");                break;
                        case ACME_INITIAL_RSLV_TRIGGER:     chunk_appendf(&trace_buf, "ACME_INITIAL_RSLV_TRIGGER");    break;
                        case ACME_INITIAL_RSLV_READY:       chunk_appendf(&trace_buf, "ACME_INITIAL_RSLV_READY");      break;
+                       case ACME_CLI_WAIT :                chunk_appendf(&trace_buf, "ACME_CLI_WAIT");                break;
                        case ACME_INITIAL_DELAY:            chunk_appendf(&trace_buf, "ACME_INITIAL_DELAY");           break;
                        case ACME_RSLV_RETRY_DELAY:         chunk_appendf(&trace_buf, "ACME_RSLV_RETRY_DELAY");        break;
                        case ACME_RSLV_TRIGGER:             chunk_appendf(&trace_buf, "ACME_RSLV_TRIGGER");            break;
@@ -2548,7 +2548,7 @@ re:
                        }
 
                        /* opportunistic DNS check failed, try the ready_cond */
-                       st = ACME_RSLV_RETRY_DELAY;
+                       st = ACME_CLI_WAIT;
                        goto nextreq;
                }
                break;