This is a cleanup / followup to #7993
The max names per cert is now enforced at the per-profile level in the RA. The config change has been deployed (IN-11055) so we can remove the config item left behind:
|
// TODO(#7993): Remove this fallback and make ValidationProfile.MaxNames a |
|
// required config field. We don't do any validation on the value of this |
|
// top-level MaxNames because that happens inside the call to |
|
// NewValidationProfiles below. |
|
for _, pc := range c.RA.ValidationProfiles { |
|
if pc.MaxNames == 0 { |
|
pc.MaxNames = c.RA.MaxNames |
|
} |
|
} |
If we like, we can also remove the configurable enforcement in the CA:
|
// MaxNames is the maximum number of subjectAltNames in a single cert. |
|
// The value supplied MUST be greater than 0 and no more than 100. These |
|
// limits are per section 7.1 of our combined CP/CPS, under "DV-SSL |
|
// Subscriber Certificate". The value must match the RA and WFE |
|
// configurations. |
|
MaxNames int `validate:"required,min=1,max=100"` |
This could be replaced with a custom lint, as suggested by #5492
This is a cleanup / followup to #7993
The max names per cert is now enforced at the per-profile level in the RA. The config change has been deployed (IN-11055) so we can remove the config item left behind:
boulder/cmd/boulder-ra/main.go
Lines 243 to 251 in 3250145
If we like, we can also remove the configurable enforcement in the CA:
boulder/cmd/boulder-ca/main.go
Lines 71 to 76 in 3250145
This could be replaced with a custom lint, as suggested by #5492