diff --git a/ra/ra.go b/ra/ra.go index c352a6176..69c0aee3f 100644 --- a/ra/ra.go +++ b/ra/ra.go @@ -1487,6 +1487,13 @@ func (ra *RegistrationAuthorityImpl) UpdateAuthorization(ctx context.Context, ba vaCtx := context.Background() go func(authz core.Authorization) { + // We will mutate challenges later in this goroutine to change status and + // add error, but we also return a copy of authz immediately. To avoid a + // data race, make a copy of the challenges slice here for mutation. + challenges := make([]core.Challenge, len(authz.Challenges)) + copy(challenges, authz.Challenges) + authz.Challenges = challenges + records, err := ra.VA.PerformValidation(vaCtx, authz.Identifier.Value, authz.Challenges[challengeIndex], authz) var prob *probs.ProblemDetails if p, ok := err.(*probs.ProblemDetails); ok { diff --git a/ra/ra_test.go b/ra/ra_test.go index 2f32698b6..c9015040c 100644 --- a/ra/ra_test.go +++ b/ra/ra_test.go @@ -950,17 +950,18 @@ func TestUpdateAuthorizationNewRPC(t *testing.T) { t.Fatal("Timed out waiting for DummyValidationAuthority.PerformValidation to complete") } - // Verify that returned authz same as DB - dbAuthz, err := sa.GetAuthorization(ctx, authz.ID) - test.AssertNotError(t, err, "Could not fetch authorization from database") - assertAuthzEqual(t, authz, dbAuthz) - // Verify that the VA got the authz, and it's the same as the others assertAuthzEqual(t, authz, vaAuthz) + // Sleep so the RA has a chance to write to the SA + time.Sleep(100 * time.Millisecond) + + dbAuthz, err := sa.GetAuthorization(ctx, authz.ID) + test.AssertNotError(t, err, "Could not fetch authorization from database") + // Verify that the responses are reflected test.Assert(t, len(vaAuthz.Challenges) > 0, "Authz passed to VA has no challenges") - test.Assert(t, authz.Challenges[ResponseIndex].Status == core.StatusValid, "challenge was not marked as valid") + test.Assert(t, dbAuthz.Challenges[ResponseIndex].Status == core.StatusValid, "challenge was not marked as valid") } func TestCertificateKeyNotEqualAccountKey(t *testing.T) {