letsencrypt
/
boulder
mirror of https://github.com/letsencrypt/boulder.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Update divergences for mandatory POST-as-GET (#5564) 

We do not plan to turn on mandatory POST-as-GET in production
at any time in the immediate future. Update the "divergences" doc
to reflect this.
This commit is contained in:
Aaron Gable 2021-08-04 17:16:09 -07:00 committed by GitHub
parent b7ce627572
commit a216f348cf
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 4 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
docs/acme-divergences.md
View File

@ -7,9 +7,10 @@ Presently, Boulder diverges from the RFC 8555 ACME spec in the following ways:
## [Section 6.3](https://tools.ietf.org/html/rfc8555#section-6.3)
We support POST-as-GET but do not yet mandate it. We
[plan to mandate](https://community.letsencrypt.org/t/acme-v2-scheduled-deprecation-of-unauthenticated-resource-gets/74380)
POST-as-GET for all ACMEv2 requests in November 2020.
Boulder supports POST-as-GET but does not mandate it by default for requests
that simply fetch a resource (certificate, order, authorization, or challenge).
This behavior is configurable with a flag: Let's Encrypt's Staging environment
does mandate POST-as-GET, while the Production environment does not.
## [Section 6.6](https://tools.ietf.org/html/rfc8555#section-6.6)