Merge branch 'master' into must-staple

2016-01-27 23:28:00 -05:00 · 2016-01-27 23:28:00 -05:00 · d9fdfac666
parent 0afa843317 e23cf3991e
commit d9fdfac666
3 changed files with 10 additions and 3 deletions
--- a/bdns/mocks.go
+++ b/bdns/mocks.go
@ -99,6 +99,14 @@ func (mock *MockDNSResolver) LookupCAA(_ context.Context, domain string) ([]*dns
 		fallthrough
 	case "servfail.com":
 		return results, fmt.Errorf("SERVFAIL")
+	case "multi-crit-present.com":
+		record.Flag = 1
+		record.Tag = "issue"
+		record.Value = "symantec.com"
+		results = append(results, &record)
+		secondRecord := record
+		secondRecord.Value = "letsencrypt.org"
+		results = append(results, &secondRecord)
 	}
 	return results, nil
 }
--- a/va/validation-authority.go
+++ b/va/validation-authority.go
@ -658,9 +658,6 @@ func (va *ValidationAuthorityImpl) checkCAARecords(ctx context.Context, identifi
 			if caa.Value == va.IssuerDomain {
 				valid = true
 				return
-			} else if caa.Flag > 0 {
-				valid = false
-				return
 			}
 		}

--- a/va/validation-authority_test.go
+++ b/va/validation-authority_test.go
@ -679,6 +679,8 @@ func TestCAAChecking(t *testing.T) {
 		CAATest{"example.co.uk", false, true},
 		// Good (present)
 		CAATest{"present.com", true, true},
+		// Good (multiple critical, one matching)
+		CAATest{"multi-crit-present.com", true, true},
 	}

 	stats, _ := statsd.NewNoopClient()