github-personal/labca
1
0
Fork 0
mirror of https://github.com/outbackdingo/labca.git synced 2026-01-27 10:19:34 +00:00
Code Issues Packages Projects Releases Wiki Activity
Files
99b7138ecbc30e3994a772fe6d52a52eea272e78
labca/patches/wfe2_main.patch
Arjan H 407a08a1a3 Bump boulder version to release-2025-03-10
2025-03-13 21:20:26 +01:00

70 lines
2.7 KiB
Diff
Raw Blame History

diff --git a/cmd/boulder-wfe2/main.go b/cmd/boulder-wfe2/main.go
index 1f33c4746..65b670e96 100644
--- a/cmd/boulder-wfe2/main.go
+++ b/cmd/boulder-wfe2/main.go
@@ -12,6 +12,7 @@ import (
"github.com/letsencrypt/boulder/cmd"
"github.com/letsencrypt/boulder/config"
+ "github.com/letsencrypt/boulder/core"
emailpb "github.com/letsencrypt/boulder/email/proto"
"github.com/letsencrypt/boulder/features"
"github.com/letsencrypt/boulder/goodkey"
@@ -20,6 +21,7 @@ import (
"github.com/letsencrypt/boulder/grpc/noncebalancer"
"github.com/letsencrypt/boulder/issuance"
"github.com/letsencrypt/boulder/nonce"
+ "github.com/letsencrypt/boulder/policy"
rapb "github.com/letsencrypt/boulder/ra/proto"
"github.com/letsencrypt/boulder/ratelimits"
bredis "github.com/letsencrypt/boulder/redis"
@@ -99,7 +101,7 @@ type Config struct {
// DirectoryCAAIdentity is used for the /directory response's "meta"
// element's "caaIdentities" field. It should match the VA's "issuerDomain"
// configuration value (this value is the one used to enforce CAA)
- DirectoryCAAIdentity string `validate:"required,fqdn"`
+ DirectoryCAAIdentity string `validate:"required"`
// DirectoryWebsite is used for the /directory response's "meta" element's
// "website" field.
DirectoryWebsite string `validate:"required,url"`
@@ -175,6 +177,8 @@ type Config struct {
// to enable the pausing feature.
URL string `validate:"omitempty,required_with=HMACKey JWTLifetime,url,startswith=https://,endsnotwith=/"`
}
+
+ cmd.HostnamePolicyConfig
}
Syslog cmd.SyslogConfig
@@ -315,11 +319,22 @@ func main() {
var limiter *ratelimits.Limiter
var txnBuilder *ratelimits.TransactionBuilder
var limiterRedis *bredis.Ring
+ var pa *policy.AuthorityImpl
if c.WFE.Limiter.Defaults != "" {
// Setup rate limiting.
limiterRedis, err = bredis.NewRingFromConfig(*c.WFE.Limiter.Redis, stats, logger)
cmd.FailOnError(err, "Failed to create Redis ring")
+ // Set Policy Authority for ratelimits
+ pa, err = policy.New(map[core.AcmeChallenge]bool{}, logger)
+ cmd.FailOnError(err, "Couldn't create PA")
+ if c.WFE.HostnamePolicyFile == "" {
+ cmd.Fail("HostnamePolicyFile must be provided.")
+ }
+ err = pa.LoadHostnamePolicyFile(c.WFE.HostnamePolicyFile)
+ cmd.FailOnError(err, "Couldn't load hostname policy file")
+ ratelimits.PA = pa
+
source := ratelimits.NewRedisSource(limiterRedis.Ring, clk, stats)
limiter, err = ratelimits.NewLimiter(clk, source, stats)
cmd.FailOnError(err, "Failed to create rate limiter")
@@ -359,6 +374,7 @@ func main() {
unpauseSigner,
c.WFE.Unpause.JWTLifetime.Duration,
c.WFE.Unpause.URL,
+ pa,
)
cmd.FailOnError(err, "Unable to create WFE")
Reference in New Issue View Git Blame Copy Permalink