Sending a newOrder of
{"Identifiers":[{"Type":"dns","Value":"letsencrypt.org"},{"Type":"dns","Value":"invalid!"},{"Type":"dns","Value":"invalid.notatld"}]}
Gives back a top level problem with subproblems like:
{
"type": "urn:ietf:params:acme:error:rejectedIdentifier",
"detail": "Error creating new order :: Cannot issue for \"letsencrypt.org\": Invalid character in DNS name (and 1 more problems. Refer to sub-problems for more information.)",
"status": 400,
"subproblems": [
<snipped>
]
}
The top level problem detail should indicate either invalid! or invalid.notatld, not letsencrypt.org.
This appears to be pointer funkiness: https://github.com/letsencrypt/boulder/blob/88992e3f0d50403e4c94c95c38d6b3dd172319e3/policy/pa.go#L328-L333
Pretty sure the firstBadIdent will always be set to the last value in idents because the thing at the pointer for ident gets changed with each iteration of the loop.
Yep, good catch. I think I've seen this reported by the compiler as "loop variable escapes," but only in the context of goroutines. There's also a blog post about this gotcha: https://www.evanjones.ca/go-gotcha-loop-variables.html
Most helpful comment
This appears to be pointer funkiness: https://github.com/letsencrypt/boulder/blob/88992e3f0d50403e4c94c95c38d6b3dd172319e3/policy/pa.go#L328-L333
Pretty sure the
firstBadIdentwill always be set to the last value inidentsbecause the thing at the pointer foridentgets changed with each iteration of the loop.