git.kaiwu.me - haproxy.git/commit

]> git.kaiwu.me - haproxy.git/commit

projects / haproxy.git / commit

summary | shortlog | log | commit | commitdiff | tree
(parent: 6ca83eb) | patch

author	William Lallemand <wlallemand@haproxy.com>
	Thu, 2 Apr 2026 14:15:12 +0000 (16:15 +0200)
committer	William Lallemand <wlallemand@haproxy.com>
	Thu, 2 Apr 2026 16:29:26 +0000 (18:29 +0200)
commit	6df3662077824f15704e6fbc3c15fa07f527565e
tree	23fd40d549fc75756c733a79cd0c6c6ade5d16f8	tree \| snapshot
parent	6ca83eb731b87208d20884445cb703c5332cee54	commit \| diff

MEDIUM: acme: split the initial delay from the retry DNS delay

The previous ACME_RSLV_WAIT state served a dual role: it applied the
initial dns-delay before the first DNS probe and also handled the
delay between retries. There was no way to simply wait a fixed delay
before submitting the challenge without also triggering DNS pre-checks.

Replace ACME_RSLV_WAIT with two distinct states:
  - ACME_INITIAL_DELAY: an optional initial wait before proceeding,
    only applied when "challenge-ready" includes the new "delay" keyword
  - ACME_RSLV_RETRY_DELAY: the delay between resolution retries, always
    applied when DNS pre-checks are in progress

The new "delay" keyword in "challenge-ready" can be used standalone
(wait then submit the challenge directly) or combined with "dns" (wait
then start the DNS pre-checks). When "delay" is not set, the first DNS
probe fires immediately.

Update the documentation accordingly.

doc/configuration.txt		diff \| blob \| history
include/haproxy/acme-t.h		diff \| blob \| history
src/acme.c		diff \| blob \| history

haproxy upstream