letsencrypt
/
boulder
mirror of https://github.com/letsencrypt/boulder.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Use a more proper algorithm for testing validation completeness

This commit is contained in:
Richard Barnes 2015-05-31 23:17:05 -04:00
parent 6b20a0a489
commit 8ea6de26b9
1 changed files with 18 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

24
ra/registration-authority.go
View File

@ -306,7 +306,7 @@ func (ra *RegistrationAuthorityImpl) RevokeCertificate(cert x509.Certificate) er
// AUDIT[ Revocation Requests ] 4e85d791-09c0-4ab3-a837-d3d67e945134 // AUDIT[ Revocation Requests ] 4e85d791-09c0-4ab3-a837-d3d67e945134
if err != nil { if err != nil {
ra.log.Audit(fmt.Sprintf("Revocation error - %s - %s", serialString, err)) ra.log.Audit(fmt.Sprintf("Revocation error - %s - %s", serialString, err))
return return err
} }
ra.log.Audit(fmt.Sprintf("Revocation - %s", serialString)) ra.log.Audit(fmt.Sprintf("Revocation - %s", serialString))
@ -314,12 +314,24 @@ func (ra *RegistrationAuthorityImpl) RevokeCertificate(cert x509.Certificate) er
} }
func (ra *RegistrationAuthorityImpl) OnValidationUpdate(authz core.Authorization) error { func (ra *RegistrationAuthorityImpl) OnValidationUpdate(authz core.Authorization) error {
// Check to see whether the updated validations are sufficient // Consider validation successful if any of the combinations
// Current policy is to accept if any validation succeeded // specified in the authorizatoin has been fulfilled
for _, val := range authz.Challenges { validated := map[int]bool{}
if val.Status == core.StatusValid { for i, ch := range authz.Challenges {
if ch.Status == core.StatusValid {
validated[i] = true
}
}
for _, combo := range authz.Combinations {
comboValid := true
for _, i := range combo {
if !validated[i] {
comboValid = false
break
}
}
if comboValid {
authz.Status = core.StatusValid authz.Status = core.StatusValid
break
} }
} }