Skip to content

ra: Add IdentifierTypes to profiles #8154

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 14 commits into from
May 16, 2025
Merged

ra: Add IdentifierTypes to profiles #8154

merged 14 commits into from
May 16, 2025
+141 −6

Conversation

jprenken
Copy link
Contributor

@jprenken jprenken commented May 3, 2025
edited
Loading

Add IdentifierTypes to validation profiles' config, defaulting to DNS if not set.

In NewOrder, check that the order's profile permits each identifier's type.

Fixes #8137
Depends on #8173

@jprenken jprenken mentioned this pull request May 14, 2025
Closed
@jprenken jprenken marked this pull request as ready for review May 14, 2025 22:53
@jprenken jprenken requested a review from a team as a code owner May 14, 2025 22:53
@jprenken jprenken requested a review from beautifulentropy May 14, 2025 22:53
@github-actions GitHub Actions
Copy link
Contributor

@jprenken, this PR appears to contain configuration and/or SQL schema changes. Please ensure that a corresponding deployment ticket has been filed with the new values.

@jprenken jprenken requested a review from aarongable May 14, 2025 22:53
aarongable
aarongable reviewed May 14, 2025
View reviewed changes
aarongable
aarongable previously approved these changes May 15, 2025
View reviewed changes
@jprenken jprenken requested a review from aarongable May 15, 2025 00:37
aarongable
aarongable previously approved these changes May 15, 2025
View reviewed changes
@aarongable aarongable requested a review from jsha May 16, 2025 18:50
beautifulentropy
beautifulentropy requested changes May 16, 2025
View reviewed changes
@jprenken jprenken merged commit 6003383 into main May 16, 2025
14 checks passed
@jprenken jprenken deleted the profile-based-ips branch May 16, 2025 20:57
@jprenken
Copy link
Contributor Author

Deployment ticket is IN-11341.

@jprenken jprenken mentioned this pull request May 22, 2025
Merged
jprenken added a commit that referenced this pull request May 27, 2025
@jprenken
wfe, csr: Add IP address identifier support & integration test (#8187)
103ffb0 
Permit all valid identifier types in `wfe.NewOrder` and `csr.VerifyCSR`.

Permit certs with just IP address identifiers to skip
`sa.addIssuedNames`.

Check that URI SANs are empty in `csr.VerifyCSR`, which was previously
missed.

Use a real (Let's Encrypt) IP address range in integration testing, to
let challtestsrv satisfy IP address challenges.

Fixes #8192
Depends on #8154
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@jsha jsha jsha approved these changes

@beautifulentropy beautifulentropy beautifulentropy approved these changes

@aarongable aarongable Awaiting requested review from aarongable

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Teach the RA to reject ipAddress orders unless they specify the short-lived profile
4 participants
@jprenken @jsha @aarongable @beautifulentropy