From d5dd8feccd81da0b9e69aee87614e0bdbd760bf5 Mon Sep 17 00:00:00 2001
From: Herman Slatman <hermanslatman@hotmail.com>
Date: Fri, 28 Jul 2023 14:39:35 +0200
Subject: [PATCH] Prevent internal errors from being returned to ACME clients

---
 acme/errors.go | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/acme/errors.go b/acme/errors.go
index e5baf87a..59bd2e11 100644
--- a/acme/errors.go
+++ b/acme/errors.go
@@ -309,6 +309,12 @@ func (e *Error) AddSubproblems(subproblems ...Subproblem) *Error {
 // to the existing (default) ACME error detail, providing
 // more information to the ACME client.
 func (e *Error) WithAdditionalErrorDetail() *Error {
+	// prevent internal server errors from disclosing
+	// the internal error to the client.
+	if e.Status >= 500 {
+		return e
+	}
+
 	e.Detail = fmt.Sprintf("%s: %s", e.Detail, e.Err)
 	return e
 }