letsencrypt
/
boulder
mirror of https://github.com/letsencrypt/boulder.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Remove LockCol from issuedNames. 

Also, limit size of reversedName column to 640.
This commit is contained in:
Jacob Hoffman-Andrews 2015-09-30 16:34:13 -07:00
parent 2dec5c740a
commit 322da1f6a1
4 changed files with 13 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
policy/policy-authority.go
View File

@ -47,6 +47,14 @@ func NewPolicyAuthorityImpl(dbMap *gorp.DbMap, enforceWhitelist bool) (*PolicyAu
const maxLabels = 10
// DNS defines max label length as 63 characters. Some implementations allow
// more, but we will be conservative.
const maxLabelLength = 63
// This is based off maxLabels * maxLabelLength, but is also a restriction based
// on the max size of indexed storage in the issuedNames table.
const maxDNSIdentifierLength = 640
var dnsLabelRegexp = regexp.MustCompile("^[a-zA-Z0-9][a-zA-Z0-9-]{0,62}$")
var punycodeRegexp = regexp.MustCompile("^xn--")
@ -143,9 +151,7 @@ func (pa PolicyAuthorityImpl) WillingToIssue(id core.AcmeIdentifier) error {
return SyntaxError{}
}
for _, label := range labels {
// DNS defines max label length as 63 characters. Some implementations allow
// more, but we will be conservative.
if len(label) < 1 || len(label) > 63 {
if len(label) < 1 || len(label) > maxLabelLength {
return SyntaxError{}
}

5
sa/_db/migrations/20150925184726_AddNamesTable.sql
View File

@ -4,10 +4,11 @@
CREATE TABLE `issuedNames` (
`id` int(11) NOT NULL AUTO_INCREMENT,
`reversedName` VARCHAR(1024) NOT NULL,
-- DNS names are restricted to the ASCII character set.
-- 640 char limit is enforced in policy-authority.go.
`reversedName` VARCHAR(640) CHARACTER SET ascii NOT NULL,
`issued` DATETIME NOT NULL,
`serial` VARCHAR(255) NOT NULL,
`LockCol` bigint(20) NOT NULL,
PRIMARY KEY (`id`),
KEY `reversedName_issued_Idx` (`reversedName`, `issued`)
) ENGINE=InnoDB DEFAULT CHARSET=utf8;

2
sa/database.go
View File

@ -142,7 +142,7 @@ func initTables(dbMap *gorp.DbMap) {
pendingAuthzTable.SetVersionCol("LockCol")
dbMap.AddTableWithName(authzModel{}, "authz").SetKeys(false, "ID")
dbMap.AddTableWithName(challModel{}, "challenges").SetKeys(true, "ID").SetVersionCol("LockCol")
dbMap.AddTableWithName(issuedNameModel{}, "issuedNames").SetKeys(true, "ID").SetVersionCol("LockCol")
dbMap.AddTableWithName(issuedNameModel{}, "issuedNames").SetKeys(true, "ID")
dbMap.AddTableWithName(core.Certificate{}, "certificates").SetKeys(false, "Serial")
dbMap.AddTableWithName(core.CertificateStatus{}, "certificateStatus").SetKeys(false, "Serial").SetVersionCol("LockCol")
dbMap.AddTableWithName(core.OCSPResponse{}, "ocspResponses").SetKeys(true, "ID")

1
sa/model.go
View File

@ -22,7 +22,6 @@ type issuedNameModel struct {
ReversedName string `db:"reversedName"`
Issued time.Time `db:"issued"`
Serial string `db:"serial"`
LockCol int64
}
// regModel is the description of a core.Registration in the database.