github-personal/labca
1
0
Fork 0
mirror of https://github.com/outbackdingo/labca.git synced 2026-01-27 10:19:34 +00:00
Code Issues Packages Projects Releases Wiki Activity
Files
0febdd24e622697a0e7bc3336fc12fe39059f541
labca/patches/wfe2_main.patch
Arjan H 0febdd24e6 Bump boulder version to release-2025-05-27
2025-05-31 12:29:07 +02:00

75 lines
2.9 KiB
Diff
Raw Blame History

diff --git a/cmd/boulder-wfe2/main.go b/cmd/boulder-wfe2/main.go
index 1f33c4746..1b0ad2ddb 100644
--- a/cmd/boulder-wfe2/main.go
+++ b/cmd/boulder-wfe2/main.go
@@ -12,14 +12,17 @@ import (
"github.com/letsencrypt/boulder/cmd"
"github.com/letsencrypt/boulder/config"
+ "github.com/letsencrypt/boulder/core"
emailpb "github.com/letsencrypt/boulder/email/proto"
"github.com/letsencrypt/boulder/features"
"github.com/letsencrypt/boulder/goodkey"
"github.com/letsencrypt/boulder/goodkey/sagoodkey"
bgrpc "github.com/letsencrypt/boulder/grpc"
"github.com/letsencrypt/boulder/grpc/noncebalancer"
+ "github.com/letsencrypt/boulder/identifier"
"github.com/letsencrypt/boulder/issuance"
"github.com/letsencrypt/boulder/nonce"
+ "github.com/letsencrypt/boulder/policy"
rapb "github.com/letsencrypt/boulder/ra/proto"
"github.com/letsencrypt/boulder/ratelimits"
bredis "github.com/letsencrypt/boulder/redis"
@@ -99,7 +102,7 @@ type Config struct {
// DirectoryCAAIdentity is used for the /directory response's "meta"
// element's "caaIdentities" field. It should match the VA's "issuerDomain"
// configuration value (this value is the one used to enforce CAA)
- DirectoryCAAIdentity string `validate:"required,fqdn"`
+ DirectoryCAAIdentity string `validate:"required"`
// DirectoryWebsite is used for the /directory response's "meta" element's
// "website" field.
DirectoryWebsite string `validate:"required,url"`
@@ -175,6 +178,8 @@ type Config struct {
// to enable the pausing feature.
URL string `validate:"omitempty,required_with=HMACKey JWTLifetime,url,startswith=https://,endsnotwith=/"`
}
+
+ cmd.HostnamePolicyConfig
}
Syslog cmd.SyslogConfig
@@ -315,11 +320,25 @@ func main() {
var limiter *ratelimits.Limiter
var txnBuilder *ratelimits.TransactionBuilder
var limiterRedis *bredis.Ring
+ var pa *policy.AuthorityImpl
if c.WFE.Limiter.Defaults != "" {
// Setup rate limiting.
limiterRedis, err = bredis.NewRingFromConfig(*c.WFE.Limiter.Redis, stats, logger)
cmd.FailOnError(err, "Failed to create Redis ring")
+ // Set Policy Authority for ratelimits
+ pa, err = policy.New(
+ map[identifier.IdentifierType]bool{identifier.TypeDNS: true, identifier.TypeIP: true},
+ map[core.AcmeChallenge]bool{},
+ logger)
+ cmd.FailOnError(err, "Couldn't create PA")
+ if c.WFE.HostnamePolicyFile == "" {
+ cmd.Fail("HostnamePolicyFile must be provided.")
+ }
+ err = pa.LoadHostnamePolicyFile(c.WFE.HostnamePolicyFile)
+ cmd.FailOnError(err, "Couldn't load hostname policy file")
+ ratelimits.PA = pa
+
source := ratelimits.NewRedisSource(limiterRedis.Ring, clk, stats)
limiter, err = ratelimits.NewLimiter(clk, source, stats)
cmd.FailOnError(err, "Failed to create rate limiter")
@@ -359,6 +378,7 @@ func main() {
unpauseSigner,
c.WFE.Unpause.JWTLifetime.Duration,
c.WFE.Unpause.URL,
+ pa,
)
cmd.FailOnError(err, "Unable to create WFE")
Reference in New Issue View Git Blame Copy Permalink