This allows us to give a user-meaningful error about malformed names early on, instead of propagating internal errors from the new rate limiting system.
This moves the well-formedness logic from WillingToIssue into a new function WellFormedDomainNames, which calls ValidDomain on each name and combines the errors into suberrors if there is more than one. WillingToIssue now calls WellFormedDomainNames to keep the existing behavior. Additionally, WFE calls WellFormedDomainNames before checking rate limits.
This creates a slight behavior change: If an order contains both malformed domain names and wellformed but blocked domain names, suberrors will only be generated for the malformed domain names. This is reflected in the changes to TestWillingToIssue_Wildcard.
Adds a WFE test case for receiving malformed identifiers in a new-order request.
Follows up on #3323 and #7218
Fixes #7526
Some small incidental fixes:
checkWildcardHostList was checking pa.blocklist for nil before accessing pa.wildcardExactBlocklist. Fix that.
move table test for WillingToIssue into a new test case for WellFormedDomainNames
move two standalone test cases into the big table test
Spurious test failure from govulncheck because there's a security release of Go (1.22.4) and (I think) GitHub's concept of the "latest" Go version hasn't updated yet.
This allows us to give a user-meaningful error about malformed names early on, instead of propagating internal errors from the new rate limiting system.
This moves the well-formedness logic from
WillingToIssue
into a new functionWellFormedDomainNames
, which callsValidDomain
on each name and combines the errors into suberrors if there is more than one.WillingToIssue
now callsWellFormedDomainNames
to keep the existing behavior. Additionally, WFE callsWellFormedDomainNames
before checking rate limits.This creates a slight behavior change: If an order contains both malformed domain names and wellformed but blocked domain names, suberrors will only be generated for the malformed domain names. This is reflected in the changes to
TestWillingToIssue_Wildcard
.Adds a WFE test case for receiving malformed identifiers in a new-order request.
Follows up on #3323 and #7218
Fixes #7526
Some small incidental fixes:
pa.blocklist
fornil
before accessingpa.wildcardExactBlocklist
. Fix that.