boulder

History

Daniel McCarney 4a6e34fc4e va: clean up DNS error handling for HTTP-01 challenges. (#4409 ) This PR changes the VA to return `dns` problem type for errors when performing HTTP-01 challenges for domains that have no IP addresses, or errors looking up the IP addresses. The `va.getAddrs` function is internal to the VA and can return `berrors.BoulderError`s with a DNS type when there is an error, allowing the calling code to convert this to a problem when required using an updated `detailedError` function. This avoids some clunky conversion the HTTP-01 code was doing that misrepresented DNS level errors as connection problems with a DNS detail message. In order to add an integration test for challenge validation that results in `getAddrs` DNS level errors the Boulder tools image had to be bumped to a tag that includes the latest `pebble-challtestsrv` that supports mocking SERVFAILs. It isn't possible to mock this case with internal IP addresses because our VA test configuration does not filter internal addresses to support the testing context. Additionally this branch removes the `UnknownHostProblem` from the `probs` package: 1. It isn't used anywhere after `532c210` 2. It's not a real RFC 8555 problem type. We should/do use the DNS type for this. Resolves https://github.com/letsencrypt/boulder/issues/4407	2019-08-28 15:47:35 -04:00
..
errors.go	va: clean up DNS error handling for HTTP-01 challenges. (#4409 )	2019-08-28 15:47:35 -04:00
errors_test.go	Implement suberrors & subproblems (#4227 )	2019-05-23 19:41:55 -07:00

va: clean up DNS error handling for HTTP-01 challenges. (#4409 )

This PR changes the VA to return `dns` problem type for errors when performing
HTTP-01 challenges for domains that have no IP addresses, or errors looking up
the IP addresses.

The `va.getAddrs` function is internal to the VA and can return
`berrors.BoulderError`s with a DNS type when there is an error, allowing the
calling code to convert this to a problem when required
using an updated `detailedError` function. This avoids some clunky conversion
the HTTP-01 code was doing that misrepresented DNS level errors as connection
problems with a DNS detail message.

In order to add an integration test for challenge validation that results in
`getAddrs` DNS level errors the Boulder tools image had to be bumped to a tag
that includes the latest `pebble-challtestsrv` that
supports mocking SERVFAILs. It isn't possible to mock this case with internal IP
addresses because our VA test configuration does not filter internal addresses
to support the testing context.

Additionally this branch removes the `UnknownHostProblem` from the `probs`
package:

1. It isn't used anywhere after 532c210
2. It's not a real RFC 8555 problem type. We should/do use the
   DNS type for this.

Resolves https://github.com/letsencrypt/boulder/issues/4407

2019-08-28 15:47:35 -04:00

errors.go va: clean up DNS error handling for HTTP-01 challenges. (#4409 ) 2019-08-28 15:47:35 -04:00

errors_test.go Implement suberrors & subproblems (#4227 ) 2019-05-23 19:41:55 -07:00