letsencrypt
/
boulder
mirror of https://github.com/letsencrypt/boulder.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

va: Put most recent, not original, IP in error messages (add'l case) (#8028) 

Fix a remaining edge case after #7468: one call to `newIPError` did not
account for when we retry *successfully,* but then are served a redirect
which errors. In those cases, our `client.Do` call results in our
redirect handler `processRedirect` appending yet another validation
record to `records`, which was missed.

Fixes #7347
This commit is contained in:
James Renken 2025-03-04 11:35:16 -08:00 committed by GitHub
parent 28b49a82d4
commit 49ebc99e8e
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
1 changed files with 1 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
va/http.go
View File

@ -592,7 +592,7 @@ func (va *ValidationAuthorityImpl) processHTTPValidation(
// If the retry still failed there isn't anything more to do, return the
// error immediately.
if err != nil {
return nil, records, newIPError(retryRecord.AddressUsed, err)
return nil, records, newIPError(records[len(records)-1].AddressUsed, err)
}
} else if err != nil {
// if the error was not a fallbackErr then return immediately.