letsencrypt
/
boulder
mirror of https://github.com/letsencrypt/boulder.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
boulder/wfe2
History
Samantha b141fa7c78
WFE: Correct Error Handling for Nonce Redemption RPCs with Unknown Prefixes (#7004) 
Fix an issue related to the custom gRPC Picker implementation introduced
in #6618. When a nonce contained a prefix not associated with a known
backend, the Picker would continuously rebuild, re-resolve DNS, and
eventually throw a 500 "Server Error" at RPC timeout. The Picker now
promptly returns a 400 "Bad Nonce" error as expected, in response the
requesting client should retry their request with a fresh nonce.

Additionally:
- WFE unit tests use derived nonces when `"BOULDER_CONFIG_DIR" ==
"test/config-next"`.
- `Balancer.Build()` in "noncebalancer" forces a rebuild until non-zero
backends are available. This matches the
[balancer/roundrobin](d524b40946/balancer/roundrobin/roundrobin.go (L49-L53))
implementation.
- Nonces with no matching backend increment "jose_errors" with label
`"type": "JWSInvalidNonce"` and "nonce_no_backend_found".
- Nonces of incorrect length are now rejected at the WFE and increment
"jose_errors" with label `"type": "JWSMalformedNonce"` instead of
`"type": "JWSInvalidNonce"`.
- Nonces not encoded as base64url are now rejected at the WFE and
increment "jose_errors" with label `"type": "JWSMalformedNonce"` instead
of `"type": "JWSInvalidNonce"`.

Fixes #6969
Part of #6974
 		2023-07-28 12:07:52 -04:00
..
test Fix various WFE2 bugs. (#3292) 2017-12-19 13:13:29 -08:00
README.md Duplicate WFE to WFE2. (#2839) 2017-07-05 13:32:45 -07:00
cache.go Add account cache to WFE (#5855) 2021-12-15 11:10:23 -08:00
cache_test.go Add account cache to WFE (#5855) 2021-12-15 11:10:23 -08:00
prod_aia.go Fixup staticcheck and stylecheck, and violations thereof (#5897) 2022-01-20 16:22:30 -08:00
stale.go Unwrap SA Get[Pre]Certificate methods (#5588) 2021-08-19 15:43:48 -07:00
stale_test.go GRPC: Unwrap ra.DeactivateAuthorization (#5567) 2021-08-12 11:30:57 -07:00
stats.go WFE: Correct Error Handling for Nonce Redemption RPCs with Unknown Prefixes (#7004) 2023-07-28 12:07:52 -04:00
test_aia.go Remove wfe1 integration tests (#5840) 2021-12-10 12:40:22 -08:00
verify.go WFE: Correct Error Handling for Nonce Redemption RPCs with Unknown Prefixes (#7004) 2023-07-28 12:07:52 -04:00
verify_test.go WFE: Correct Error Handling for Nonce Redemption RPCs with Unknown Prefixes (#7004) 2023-07-28 12:07:52 -04:00
wfe.go wfe: remove special "multiple certificates" error (#6983) 2023-07-11 09:53:16 -04:00
wfe_test.go WFE: Correct Error Handling for Nonce Redemption RPCs with Unknown Prefixes (#7004) 2023-07-28 12:07:52 -04:00

README.md

WFE v2

The wfe2 package is copied from the wfe package in order to implement the "ACME v2" API. This design choice was made to facilitate a clean separation between v1 and v2 code and to support running a separate API process on a different port alongside the v1 API process.