rolandshoemaker
commented
7 years ago I think the easiest way to implement this would be to hold an in-memory map of authorization IDs that are currently being validated.
Open rolandshoemaker opened 7 years ago
rolandshoemaker
commented
7 years ago I think the easiest way to implement this would be to hold an in-memory map of authorization IDs that are currently being validated.
rolandshoemaker
commented
7 years ago 
jsha
commented
7 years ago This only works if you assume there's only ever one RA. I think a more robust approach would be for the RA to update the database to set the status of the challenge to "validating" before making a validation attempt, and refuse to re-attempt validation for stuff that's already validating.
rolandshoemaker
commented
7 years ago Ah yup, good point. I was trying to avoid having to actually touch the database but that looks like it's the only real solution that supports a multi-RA deployment 😕.
aarongable
commented
1 year ago I don't believe that parallel validations will cause 500s anymore, because we do validation in the background. If a client makes two requests to validate the same challenge in rapid succession, we will kick off two goroutines to do those checks. Presumably both checks will succeed, so we'll make two requests to the SA's FinalizeAuthorization2 method. One will succeed, the other will fail due to the "WHERE status = pending" clause. The failure will be audit logged but not result in a 500.
So I'm not sure it's worth expending effort on this anymore?
Since it'll trigger parallel challenge/authorization updates which can cause 500's because of gorp optimistic locking errors.