Page MenuHomePhabricator

Allow validation_dns_servers to be a list of hostnames
Closed, ResolvedPublic

Description

Right now setting up the validation_dns_servers with hostnames instead of IPs make certcentral crash:

Traceback (most recent call last):
  File "/Users/vgutierrez/.virtualenvs/certcentral/lib/python3.7/site-packages/mock/mock.py", line 1305, in patched
    return func(*args, **keywargs)
  File "/Users/vgutierrez/wikimedia.org/operations/software/certcentral/tests/test_certcentral.py", line 931, in test_issue_new_certificate_dns01
    status = cert_central._new_certificate(cert_id, key_type_id)
  File "/Users/vgutierrez/wikimedia.org/operations/software/certcentral/certcentral/certcentral.py", line 428, in _new_certificate
    status = self._handle_pushed_csr(cert_id, key_type_id)
  File "/Users/vgutierrez/wikimedia.org/operations/software/certcentral/certcentral/certcentral.py", line 471, in _handle_pushed_csr
    if challenge.validate(**validation_params) is not ACMEChallengeValidation.VALID:
  File "/Users/vgutierrez/wikimedia.org/operations/software/certcentral/certcentral/acme_requests.py", line 111, in validate
    answer = resolver.query(self.validation_domain_name, rdtype='TXT')
  File "/Users/vgutierrez/.virtualenvs/certcentral/lib/python3.7/site-packages/dns/resolver.py", line 962, in query
    source_port=source_port)
  File "/Users/vgutierrez/.virtualenvs/certcentral/lib/python3.7/site-packages/dns/query.py", line 242, in udp
    if _addresses_equal(af, from_address, destination) or \
  File "/Users/vgutierrez/.virtualenvs/certcentral/lib/python3.7/site-packages/dns/query.py", line 169, in _addresses_equal
    n2 = dns.inet.inet_pton(af, a2[0])
  File "/Users/vgutierrez/.virtualenvs/certcentral/lib/python3.7/site-packages/dns/inet.py", line 51, in inet_pton
    return dns.ipv4.inet_aton(text)
  File "/Users/vgutierrez/.virtualenvs/certcentral/lib/python3.7/site-packages/dns/ipv4.py", line 48, in inet_aton
    raise dns.exception.SyntaxError
dns.exception.SyntaxError: Text input is malformed.

Event Timeline

Restricted Application added a subscriber: Aklapper. · View Herald TranscriptOct 19 2018, 11:40 AM
Vgutierrez triaged this task as High priority.Oct 19 2018, 11:40 AM

Change 468554 had a related patch set uploaded (by Vgutierrez; owner: Vgutierrez):
[operations/software/certcentral@master] dns_validation: Allow hostnames as DNS validation sync_dns_servers

https://gerrit.wikimedia.org/r/468554

Change 468564 had a related patch set uploaded (by Alex Monk; owner: Vgutierrez):
[operations/software/certcentral@debian] dns_validation: Allow hostnames as DNS validation servers

https://gerrit.wikimedia.org/r/468564

Change 468564 merged by Vgutierrez:
[operations/software/certcentral@debian] dns_validation: Allow hostnames as DNS validation servers

https://gerrit.wikimedia.org/r/468564

Krenair closed this task as Resolved.Oct 19 2018, 12:45 PM

Change 468554 merged by Alex Monk:
[operations/software/certcentral@master] dns_validation: Allow hostnames as DNS validation servers

https://gerrit.wikimedia.org/r/468554

Mentioned in SAL (#wikimedia-operations) [2018-10-19T13:58:18Z] <vgutierrez> Uploaded certcentral 0.2 to apt.wikimedia.org (stretch) - T207457