Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add verifier for CAA records #30

Open
kelunik opened this issue Jan 24, 2018 · 2 comments
Open

Add verifier for CAA records #30

kelunik opened this issue Jan 24, 2018 · 2 comments
Labels
feature

Comments

@kelunik
Copy link
Owner

kelunik commented Jan 24, 2018

CAA records are now enforced and issue attempts which are blocked due to CAA give an unhelpful error message currently. A CAA validator should be added to catch such errors early and provide helpful error messages.
@kelunik kelunik mentioned this issue Jan 24, 2018
Open
@cpu
Copy link

cpu commented Jan 24, 2018

@kelunik The idea of validating CAA ahead of time is a good idea 👍 I also wanted to mention that when you POST an authorization's challenge and it fails because of a CAA record that doesn't allow issuance you should get back a problem document in the response that has a clear detail message that can be echoed to the user. Something like "CAA record for example.com prevents issuance".

@kelunik
Copy link
Owner Author

kelunik commented Jan 24, 2018

Wasn't sure what ACME currently reports, but a self-verify like for challenges can be useful anyway.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
feature
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@cpu @kelunik