Boulder: Implement wildcard validation

Created on 17 Jul 2017  路  1Comment  路  Source: letsencrypt/boulder

When presented with a CSR which contains a wildcard DNS name the RA should strip the leading wildcard label and create an authorization for the base domain instead.

policy/AuthorityImpl.ChallengesFor will need to have it's interface changed in order to be able either be told the identifier is a substitute for a wildcard or provide a way to restrict which challenges are returned (so that we can get only a core.ChallengeTypeDNS01). Another option is that we just don't bother calling policy/AuthorityImpl.ChallengesFor and manually create the challenges list at the call site but this seems like it could lead to issues down the road possibly?

arera areva layeapi

Most helpful comment

>All comments

Was this page helpful?
0 / 5 - 0 ratings