Remove fqdn restriction from wfe2 DirectoryCAAIdentity config (#76)

Let's Encrypt added validation on this field in their b2224eb4b commit from 2023-03-21, but this seems unnecessarily strict when looking at the CAA rfc. It's a problem for LabCA users only using one top level domain, e.g. 'home'.
2026-01-27 10:19:34 +00:00 · 2023-07-01 14:24:15 +02:00
parent 2a518ae03a
commit e3e0767303
2 changed files with 14 additions and 0 deletions
--- a/patch.sh
+++ b/patch.sh
@@ -51,6 +51,7 @@ if [ "$SUDO" == "" ]; then
 fi
 $SUDO patch -p1 < $cloneDir/patches/storer_storer.patch
 $SUDO patch -p1 < $cloneDir/patches/updater_updater.patch
+$SUDO patch -p1 < $cloneDir/patches/wfe2_main.patch

 sed -i -e "s|./test|./labca|" start.py

--- a/patches/wfe2_main.patch
+++ b/patches/wfe2_main.patch
@@ -0,0 +1,13 @@
+diff --git a/cmd/boulder-wfe2/main.go b/cmd/boulder-wfe2/main.go
+index 9ea4b47ab..9beca8778 100644
+--- a/cmd/boulder-wfe2/main.go
+++ b/cmd/boulder-wfe2/main.go
+@@ -104,7 +104,7 @@ type Config struct {
+ 		// DirectoryCAAIdentity is used for the /directory response's "meta"
+ 		// element's "caaIdentities" field. It should match the VA's "issuerDomain"
+ 		// configuration value (this value is the one used to enforce CAA)
+-		DirectoryCAAIdentity string `validate:"required,fqdn"`
+		DirectoryCAAIdentity string `validate:"required"`
+ 		// DirectoryWebsite is used for the /directory response's "meta" element's
+ 		// "website" field.
+ 		DirectoryWebsite string `validate:"required,url"`