boulder

History

Jacob Hoffman-Andrews e198d3529d wfe: check well-formedness of requested names early (#7530 ) This allows us to give a user-meaningful error about malformed names early on, instead of propagating internal errors from the new rate limiting system. This moves the well-formedness logic from `WillingToIssue` into a new function `WellFormedDomainNames`, which calls `ValidDomain` on each name and combines the errors into suberrors if there is more than one. `WillingToIssue` now calls `WellFormedDomainNames` to keep the existing behavior. Additionally, WFE calls `WellFormedDomainNames` before checking rate limits. This creates a slight behavior change: If an order contains both malformed domain names and wellformed but blocked domain names, suberrors will only be generated for the malformed domain names. This is reflected in the changes to `TestWillingToIssue_Wildcard`. Adds a WFE test case for receiving malformed identifiers in a new-order request. Follows up on #3323 and #7218 Fixes #7526 Some small incidental fixes: - checkWildcardHostList was checking `pa.blocklist` for `nil` before accessing `pa.wildcardExactBlocklist`. Fix that. - move table test for WillingToIssue into a new test case for WellFormedDomainNames - move two standalone test cases into the big table test	2024-06-10 13:46:55 -07:00
..
pa.go	wfe: check well-formedness of requested names early (#7530 )	2024-06-10 13:46:55 -07:00
pa_test.go	wfe: check well-formedness of requested names early (#7530 )	2024-06-10 13:46:55 -07:00

Jacob Hoffman-Andrews e198d3529d

wfe: check well-formedness of requested names early (#7530 )

This allows us to give a user-meaningful error about malformed names
early on, instead of propagating internal errors from the new rate
limiting system.

This moves the well-formedness logic from `WillingToIssue` into a new
function `WellFormedDomainNames`, which calls `ValidDomain` on each name
and combines the errors into suberrors if there is more than one.
`WillingToIssue` now calls `WellFormedDomainNames` to keep the existing
behavior. Additionally, WFE calls `WellFormedDomainNames` before
checking rate limits.

This creates a slight behavior change: If an order contains both
malformed domain names and wellformed but blocked domain names,
suberrors will only be generated for the malformed domain names. This is
reflected in the changes to `TestWillingToIssue_Wildcard`.

Adds a WFE test case for receiving malformed identifiers in a new-order
request.

Follows up on #3323 and #7218

Fixes #7526

Some small incidental fixes:

- checkWildcardHostList was checking `pa.blocklist` for `nil` before
accessing `pa.wildcardExactBlocklist`. Fix that.
- move table test for WillingToIssue into a new test case for
WellFormedDomainNames
 - move two standalone test cases into the big table test

2024-06-10 13:46:55 -07:00

pa.go

wfe: check well-formedness of requested names early (#7530 )

2024-06-10 13:46:55 -07:00

pa_test.go

wfe: check well-formedness of requested names early (#7530 )

2024-06-10 13:46:55 -07:00