letsencrypt
/
boulder
mirror of https://github.com/letsencrypt/boulder.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
boulder/test/config-next
History
Daniel McCarney ddfc620c44
va: exempt multi-va enforcement by domain/acct ID. (#4458) 
In order to move multi perspective validation forward we need to support policy
in Boulder configuration that can relax multi-va requirements temporarily.

A similar mechanism was used in support of the gradual deprecation of the
TLS-SNI-01 challenge type and with the introduction of CAA enforcement and has
shown to be a helpful tool to have available when introducing changes that are
expected to break sites.

When the VA "multiVAPolicyFile" is specified it is assumed to be a YAML file
containing two lists:

1. disabledNames - a list of domain names that are exempt from multi VA
   enforcement.
2. disabledAccounts - a list of account IDs that are exempt from multi VA
   enforcement.

When a hostname or account ID is added to the policy we'll begin communication
with the related ACME account contact to establish that this is a temporary
measure and the root problem will need to be addressed before an eventual
cut-off date.

Resolves https://github.com/letsencrypt/boulder/issues/4455
 		2019-10-07 16:43:11 -04:00
..
admin-revoker.json admin-revoker: use authz2 SA revocation RPC. (#4182) 2019-05-02 14:55:43 -04:00
akamai-purger.json Reduce akamai purger interval in integration tests (#4277) 2019-06-20 16:31:44 -04:00
ca-a.json orphan-finder: add OCSP generation (#4457) 2019-10-07 14:40:36 -04:00
ca-b.json Generate and store OCSP at precertificate signing time (#4420) 2019-09-09 12:21:20 -07:00
cert-checker.json cert-checker: allow ignoring lints by name. (#4272) 2019-06-20 13:09:10 -04:00
contact-exporter.json notify-mailer/contact-exporter bug fixes & documentation (#2016) 2016-07-06 14:15:22 -04:00
expiration-mailer.json Update gRPC (#3817) 2018-08-20 10:55:42 -04:00
janitor.json boulder-janitor: Calculate expiry cutoff in code rather than th… (#4439) 2019-09-23 12:33:54 -07:00
nonce.json Switch to more efficient multi nonce-service design (#4308) 2019-06-28 12:58:46 -04:00
notify-mailer.json notify-mailer/contact-exporter bug fixes & documentation (#2016) 2016-07-06 14:15:22 -04:00
ocsp-responder.json Add timeout to ocsp-responder (#3892) 2018-10-22 09:20:08 -04:00
ocsp-updater.json ocsp-updater: fix generateResponse for precerts w/o certs (#4468) 2019-10-07 13:11:31 -04:00
orphan-finder.json orphan-finder: add OCSP generation (#4457) 2019-10-07 14:40:36 -04:00
publisher.json Excise grpc maxConcurrentStreams configuration (#4257) 2019-06-12 09:35:24 -04:00
ra.json Support admin. blocking public keys. (#4419) 2019-09-06 16:54:26 -04:00
sa.json SA: Delete unused challenges (#4353) 2019-07-26 14:04:46 -04:00
va-remote-a.json test: update test/config with deployed configs. (#4396) 2019-08-09 12:08:56 -04:00
va-remote-b.json test: update test/config with deployed configs. (#4396) 2019-08-09 12:08:56 -04:00
va.json va: exempt multi-va enforcement by domain/acct ID. (#4458) 2019-10-07 16:43:11 -04:00
wfe.json Strip default scheme ports from Host headers (#4448) 2019-09-27 16:14:40 -07:00
wfe2.json Strip default scheme ports from Host headers (#4448) 2019-09-27 16:14:40 -07:00