This moves the RTT metrics calculation inside of the DNSResolver. This
cleans up code in the RA and VA and makes some adding retries to the
DNSResolver less ugly to do.
Note: this will put `Rate` and `RTT` after the name of DNS query
type (`A`, `MX`, etc.). I think that's fine and desirable. We aren't
using this data in alerts or many dashboards, yet, so a flag day is
okay.
Fixes#1124
Instead of returning a modified challenge, the validate methods now return a
slice of ValidationRecords and a ProblemDetails. These can then be assigned to
the relevant part of the challenge, and the challenge's status updated, in a
single place. This should help avoid errors where local modifications are made
to a challenge and then not returned.
Moves the DNS code from core to dns and renames the dns package to bdns
to be clearer.
Fixes#1260 and will be good to have while we add retries and such.
This fixes some mysterious breakages that Let's Encrypt users that also
used mod_security on their domains had.
There's some back and forth about whether the mod_security rule is wise,
but that's captured in a mod_security ticket linked from this PR's
ticket.
This patch is a one-line fix with no probable downside. We're not likely
to want to do many more things to satisfy misunderstandings around HTTP
but this seems fine to help our people out.
Fixes#1019.
This allows us to call the Google Safe Browsing calls through the VA.
If the RA config's boolean UseIsSafeDomain is true, the RA will make the RPC
call to the VA during its NewAuthorization.
If the VA config's GoogleSafeBrowsingConfig struct is not nil, the VA
will check the Google Safe Browsing API in
VA.IsSafeDomain. If the GoogleSafeBrowsingConfig struct is nil, it will
always return true.
In order to actually make requests, the VA's GoogleSafeBrowsingConfig
will need to have a directory on disk it can store the local GSB hashes
it will check first and a working Google API key for the GSB API.
Fixes#1058
also moves the first OCSP responses generation from the CA to the OCSP updater. This patch lays the
ground work for moving CT submission and adding CT backfill to the OCSP updater.
Jeff Hodges