Tags: moderntld/boulder
Tags
Continue work on more SMTP errors (letsencrypt#4039) Instead of just on 401. Pulled the various error codes from a handful of SMTP docs I could find, they could probably use a second once over by others though.
RA: fix valid authz reuse control for V2 newOrder. (letsencrypt#4027) Before fixing `ra.NewOrder` the `TestNewOrderAuthzReuseDisabled` test from this branch fails as expected based on letsencrypt#4026: ``` === RUN TestNewOrderAuthzReuseDisabled --- FAIL: TestNewOrderAuthzReuseDisabled (0.24s) ra_test.go:2477: "reused-valid-authz" == "reused-valid-authz" FAIL FAIL github.com/letsencrypt/boulder/ra 0.270s ``` Afterwards it passes: ``` === RUN TestNewOrderAuthzReuseDisabled --- PASS: TestNewOrderAuthzReuseDisabled (0.26s) PASS ok github.com/letsencrypt/boulder/ra 1.291s ```
VA: Rework SimplifiedVAHTTP for pre-resolved dials. (letsencrypt#4016) The URL construction approach we were previously using for the refactored VA HTTP-01 validation code was nice but broke SNI for HTTP->HTTPS redirects. In order to preserve this functionality we need to use a custom `DialContext` handler on the HTTP Transport that overrides the target host to use a pre-resolved IP. Resolves letsencrypt#3969
Shrink byte size of WFE request logs. (letsencrypt#3997) - Log the simple, non-whitespace-containing fields as positional parameters to avoid the JSON overhead for them. - Log latency in milliseconds rather than seconds (saves "0."). - Hoist some fields from the "Extra" sub-object and give them shorter names. This saves the bytes for rendering the "Extra" field plus the bytes for the longer names. Example output from integration tests: Before (1687 bytes): I205230 boulder-wfe JSON={"Endpoint":"/directory","Method":"GET","UserAgent":"Boulder integration tester","Latency":0.001,"Code":0} I205230 boulder-wfe JSON={"Endpoint":"/acme/new-reg","Method":"HEAD","Error":"405 :: malformed :: Method not allowed","UserAgent":"Boulder integration tester","Latency":0,"Code":405} I205230 boulder-wfe JSON={"Endpoint":"/acme/new-reg","Method":"POST","Requester":611,"Contacts":[],"UserAgent":"Boulder integration tester","Latency":0.025,"Code":201,"Payload":"{\n \"resource\": \"new-reg\"\n}"} I205230 boulder-wfe JSON={"Endpoint":"/acme/reg/","Slug":"611","Method":"POST","Requester":611,"Contacts":[],"UserAgent":"Boulder integration tester","Latency":0.021,"Code":202,"Payload":"{\n \"status\": \"valid\", \n \"resource\": \"reg\", \n \"agreement\": \"http://boulder:4000/terms/v1\", \n \"key\": {\n \"e\": \"AQAB\", \n \"kty\": \"RSA\", \n \"n\": \"r1zCJC8Muw5K8ti-pjojivHxyNxOZye-N5aX_i7kBiHrAOp9qxgQUHUyU3COCjFPrSzScTpKoIyCwdL7x-1mPX3pby7CzGugtY9da_LZkDmsDE8LIuQkZ_wRLyh1103OQZEd71AlddMx1iwLLVl4UTICoJFUfYvXHvkqmsE5xhBPJhl-SdSrJM6F7Kn7k0WycA5ig_QPbjVbzJlQq-C65iGDJtc_LvY0FFF4exThZM7xsvucJywJMHCEWZUktm9YB-CBNA1gVbL52u22jQpX-MN52UVdqSh9ZipoJLtxKjZx31DHB_bcdgtJ8YGIE4lY_ZAax1Ut-a5WTJvVq2Hk8w\"\n }\n}"} I205230 boulder-wfe JSON={"Endpoint":"/acme/new-authz","Method":"POST","Requester":611,"Contacts":[],"UserAgent":"Boulder integration tester","Latency":0.031,"Code":201,"Payload":"{\n \"identifier\": {\n \"type\": \"dns\", \n \"value\": \"rand.18fe4d73.xyz\"\n }, \n \"resource\": \"new-authz\"\n}","Extra":{"AuthzID":"PgF1JQ3TK6c1FR0wVdm_mYows_xWSsyYgyezSvSNI-0","Identifier":{"type":"dns","value":"rand.18fe4d73.xyz"}}} After (1406 bytes): I210117 boulder-wfe GET /directory 0 0 0 0.0.0.0 JSON={"ua":"Boulder integration tester"} I210117 boulder-wfe HEAD /acme/new-reg 0 405 0 0.0.0.0 JSON={"Error":"405 :: malformed :: Method not allowed","ua":"Boulder integration tester"} I210117 boulder-wfe POST /acme/new-reg 676 201 23 0.0.0.0 JSON={"Contacts":[],"ua":"Boulder integration tester","Payload":"{\n \"resource\": \"new-reg\"\n}"} I210117 boulder-wfe POST /acme/reg/ 676 202 23 0.0.0.0 JSON={"Slug":"676","Contacts":[],"ua":"Boulder integration tester","Payload":"{\n \"status\": \"valid\", \n \"resource\": \"reg\", \n \"agreement\": \"http://boulder:4000/terms/v1\", \n \"key\": {\n \"e\": \"AQAB\", \n \"kty\": \"RSA\", \n \"n\": \"zXSFAzdzwwFGjNysmG0YE7MxAwQ8JkkvLQ7Qs7xB1h5kFM_F-W2jxYEmrRTrA0ylfuzb4RQMBrsLfv0XV8rsDIuP_t92ADBjfd25ajuuia9EGrhpHitFimEUlZjsqGQp8F49xLhDMAqm1SLBY_k1pY8TKSLHeyOyLYIKLaL3Ra9yZ63qB65oGuNhXroKqqx7nUjyZtqtUV5NUPvPgvhJgXgYKMjck3jXWgr4ZGqYyJQqNqydYSk3uJGfruChakZThwl3vbH8aUPaeoXcvPA8KaQl56JUf7jAVY3n9qKKb5mgT96vDKWUpJaI5YE1rMZIJfkaFK-ZZIhFeeKCSsSJlQ\"\n }\n}"} I210117 boulder-wfe POST /acme/new-authz 676 201 35 0.0.0.0 JSON={"Contacts":[],"ua":"Boulder integration tester","Payload":"{\n \"identifier\": {\n \"type\": \"dns\", \n \"value\": \"rand.14ebdfd1.xyz\"\n }, \n \"resource\": \"new-authz\"\n}","Created":"Z-soxIEhsGlMK3GYyDqYrSlxDFEeH6q3mrd6aoi2iIs","DNSName":"rand.14ebdfd1.xyz"}
wfe2: Return Status 200 for HEAD to new-nonce endpoint. (letsencrypt#… …3992) Previously we mistakenly returned status 204 (no content) for all requests to new-nonce, including HEAD. This status should only be used for GET requests. When the `HeadNonceStatusOK` feature flag is enabled we will now return the correct status for HEAD requests. When the flag is disabled we return status 204 to preserve backwards compatibility.
PreviousNext