Allow OCSP requests with nonce

[felixbuenemann]

The current version of hapos-upd work fine for my existing Let's Encrypt Certs, but I re-issued a certificate with the OCSP Must Staple extension today and OCSP updates consinstenly fail with Responder Error: unauthorized (6) unless I remove the -no_nonce switch from the script.

I suggest to either completely drop the -no_nonce flag from the script or add an option to enable or disable OCSP request nonces.

I can certianly come up with a PR if I know what direction to go in.

Update: Turns out the error was related to a bad cache in the Let's Encrypt OCSP responder that could be worked around by requesting with a nonce. See diskussion below for details.

[felixbuenemann]

Some more info can be found at acmesh-official/acme.sh#2900 which deals with the same problem for issuing news certs with OCSP Must Staple using the haproxy deploy hook in acme.sh.

[pierky]

I suggest to either completely drop the -no_nonce flag from the script or add an option to enable or disable OCSP request nonces.

I can certianly come up with a PR if I know what direction to go in.

Hello, thanks for filing this issue.

I would suggest to introduce an option to enable nonces, and use the -no_nonce argument only when that option is set. Basically baking -no_nonce disabled by default, but still keeping a way to use it. WDYT?

[felixbuenemann]

Sounds good, I'll look i to it.

[felixbuenemann]

I have done some more research into the implications of having vs not having a nonce with OCSP stapling.

Basically, when not using a nonce the OCSP server is allowed to use a cached response, while when a nonce is provided it is supposed to be re-generated.

It also means that stapled response should not contain a nonce in the response, since it is implicitly cached.

I just tried the OCSP request that failed yesterday with -no_nonce again today and it worked fine, indicating that the problem was a bad cache entry, likely because the haproxy deloy hook in acme.sh requests the OCSP response immediately after issuing the certificate and it might just not be ready.

For Let's Encrypt even when requesting an OCSP response with a nonce, the response does not contain a nonce, so it is fine to use it for OCSP stapling and as such I still think the fix for the acme.sh haproxy deploy hook is fine, since it is likely to hit the aforementioned race condition, I don't think changing the default for hapos-upd makes sense.

It could still make sense to add a command line option to enable request nonces to work around caching problems, but it should probably only be used if the OCSP responder does not use a nonce in the response, even if one is used in the request.

What do you think?