mirror of
https://github.com/certbot/certbot.git
synced 2026-03-27 12:53:05 -04:00
109 lines
3.7 KiB
Protocol Buffer
109 lines
3.7 KiB
Protocol Buffer
message chocolatemessage {
|
|
|
|
/* Definitions of message data types. */
|
|
|
|
message SigningRequest {
|
|
required int64 timestamp = 2;
|
|
required string recipient = 3;
|
|
required string csr = 4; /* Use only \n for EOL, not \r\n. */
|
|
required bytes sig = 5;
|
|
optional string clientpuzzle = 6;
|
|
/* server can specify difficulty somehow? */
|
|
}
|
|
|
|
enum FailureReason {
|
|
UnsupportedVersion = 0;
|
|
AbandonedRequest = 1;
|
|
ServerOutage = 2;
|
|
ServerGone = 3;
|
|
StaleRequest = 4;
|
|
BadSignature = 5;
|
|
BadCSR = 6;
|
|
BadRequest = 7;
|
|
NeedClientPuzzle = 8;
|
|
CannotIssueThatName = 9;
|
|
ExistingCertificate = 10;
|
|
UnsafeKey = 11;
|
|
ChallengeFailed = 12;
|
|
ChallengeTimeout = 13;
|
|
}
|
|
|
|
message Failure {
|
|
required FailureReason cause = 1;
|
|
optional string URI = 2; /* for more human-readable information */
|
|
// optional string affectedrequest = 3; /* nonce of the SigningRequest that provoked this failure */
|
|
}
|
|
|
|
message Proceed {
|
|
required int64 timestamp = 1;
|
|
optional int32 polldelay = 2;
|
|
}
|
|
|
|
enum ChallengeType {
|
|
DomainValidateSNI = 0;
|
|
DomainValidateTLSExt = 1;
|
|
EmailValidate = 2;
|
|
Payment = 3;
|
|
}
|
|
|
|
message Challenge {
|
|
required ChallengeType type = 1;
|
|
optional string name = 2;
|
|
repeated bytes data = 3; /* Each challenge type must define
|
|
a particular number of data fields
|
|
to be used, their order, and their
|
|
semantics. Changing these details
|
|
requires creating a NEW challenge
|
|
type. */
|
|
optional string URI = 4;
|
|
optional bool succeeded = 5;
|
|
/* from server: true if server ACK success,
|
|
false if server NAK success,
|
|
omit if server doesn't know if client
|
|
has attempted yet.
|
|
|
|
from client: true if claiming to be done,
|
|
false if unable,
|
|
omit if client hasn't attempted yet. */
|
|
}
|
|
|
|
message Success {
|
|
required string certificate = 1;
|
|
}
|
|
|
|
|
|
/* Beginning of protocol fields. */
|
|
|
|
/* Sent by CLIENT and SERVER to identify the protocol version. */
|
|
required int32 chocolateversion = 1;
|
|
|
|
/* Sent by CLIENT and SERVER to identify the session. Set to
|
|
empty string by client at beginning of new session. */
|
|
required string session = 2; /* 64 hex digits chosen by the server */
|
|
|
|
/* Sent by CLIENT at beginning of session */
|
|
optional SigningRequest request = 3; /* There should just be one request and the request
|
|
must use subject alternate names for every name that
|
|
we want to have signed. There could still be multiple
|
|
challenges in response -- one or more challenges per
|
|
name. */
|
|
|
|
/* Sent by CLIENT or SERVER to abandon a session */
|
|
optional Failure failure = 4; /* Each failure is completely fatal to the protocol, requiring it
|
|
to be restarted from the beginning. */
|
|
|
|
/* Sent by SERVER to request the client to check back later */
|
|
optional Proceed proceed = 5;
|
|
|
|
/* Sent by SERVER to announce challenges or update the client
|
|
on whether the server believes the client has successfully
|
|
completed them */
|
|
repeated Challenge challenge = 6;
|
|
|
|
/* Sent by CLIENT to announce that the client believes it has
|
|
successfully completed a challenge */
|
|
repeated Challenge completedchallenge = 7;
|
|
|
|
/* Sent by SERVER to issue the requested certificate */
|
|
optional Success success = 8;
|
|
}
|