https-github-com-bit
diff --git a/‎bdns/mocks.go‎
Lines changed: 7 additions & 0 deletions b/‎bdns/mocks.go‎
Lines changed: 7 additions & 0 deletions
diff --git a/‎core/objects.go‎
Lines changed: 15 additions & 0 deletions b/‎core/objects.go‎
Lines changed: 15 additions & 0 deletions
diff --git a/‎core/proto/core.pb.go‎
Lines changed: 47 additions & 35 deletions b/‎core/proto/core.pb.go‎
Lines changed: 47 additions & 35 deletions
diff --git a/‎core/proto/core.proto‎
Lines changed: 4 additions & 0 deletions b/‎core/proto/core.proto‎
Lines changed: 4 additions & 0 deletions
diff --git a/‎features/featureflag_string.go‎
Lines changed: 2 additions & 2 deletions b/‎features/featureflag_string.go‎
Lines changed: 2 additions & 2 deletions
diff --git a/‎features/features.go‎
Lines changed: 2 additions & 0 deletions b/‎features/features.go‎
Lines changed: 2 additions & 0 deletions
diff --git a/‎grpc/pb-marshalling.go‎
Lines changed: 10 additions & 0 deletions b/‎grpc/pb-marshalling.go‎
Lines changed: 10 additions & 0 deletions
diff --git a/‎grpc/pb-marshalling_test.go‎
Lines changed: 4 additions & 0 deletions b/‎grpc/pb-marshalling_test.go‎
Lines changed: 4 additions & 0 deletions
diff --git a/‎test/config-next/va.json‎
Lines changed: 2 additions & 1 deletion b/‎test/config-next/va.json‎
Lines changed: 2 additions & 1 deletion
@@ -73,6 +73,13 @@ func (mock *MockDNSResolver) LookupHost(_ context.Context, hostname string) ([]n
 			Err: errors.New("some net error"),
 		}, -1}
 	}
+	// dual-homed host with an IPv6 and an IPv4 address
+	if hostname == "ipv4.and.ipv6.localhost" {
+		return []net.IP{
+			net.ParseIP("::1"),
+			net.ParseIP("127.0.0.1"),
+		}, nil
+	}
 	ip := net.ParseIP("127.0.0.1")
 	return []net.IP{ip}, nil
 }
 
@@ -182,6 +182,21 @@ type ValidationRecord struct {
 	Port              string   `json:"port"`
 	AddressesResolved []net.IP `json:"addressesResolved"`
 	AddressUsed       net.IP   `json:"addressUsed"`
+	// AddressesTried contains a list of addresses tried before the `AddressUsed`.
+	// Presently this will only ever be one IP from `AddressesResolved` since the
+	// only retry is in the case of a v6 failure with one v4 fallback. E.g. if
+	// a record with `AddressesResolved: { 127.0.0.1, ::1 }` were processed for
+	// a challenge validation with the IPv6 first flag on and the ::1 address
+	// failed but the 127.0.0.1 retry succeeded then the record would end up
+	// being:
+	// {
+	//   ...
+	//   AddressesResolved: [ 127.0.0.1, ::1 ],
+	//   AddressUsed: 127.0.0.1
+	//   AddressesTried: [ ::1 ],
+	//   ...
+	// }
+	AddressesTried []net.IP `json:"addressesTried"`
 }
 
 func looksLikeKeyAuthorization(str string) error {
 
@@ -22,6 +22,10 @@ message ValidationRecord {
 
         repeated string authorities = 5;
         optional string url = 6;
+        // A list of addresses tried before the address used (see
+        // core/objects.go and the comment on the ValidationRecord structure
+        // definition for more information.
+        repeated bytes addressesTried = 7; // net.IP.MarshalText()
 }
 
 message ProblemDetails {
 
@@ -21,6 +21,7 @@ const (
 	AllowTLS02Challenges
 	GenerateOCSPEarly
 	CountCertificatesExact
+	IPv6First
 )
 
 // List of features and their default value, protected by fMu
@@ -35,6 +36,7 @@ var features = map[FeatureFlag]bool{
 	AllowTLS02Challenges:     false,
 	GenerateOCSPEarly:        false,
 	CountCertificatesExact:   false,
+	IPv6First:                false,
 }
 
 var fMu = new(sync.RWMutex)
 
@@ -146,10 +146,14 @@ func pbToChallenge(in *corepb.Challenge) (challenge core.Challenge, err error) {
 
 func validationRecordToPB(record core.ValidationRecord) (*corepb.ValidationRecord, error) {
 	addrs := make([][]byte, len(record.AddressesResolved))
+	addrsTried := make([][]byte, len(record.AddressesTried))
 	var err error
 	for i, v := range record.AddressesResolved {
 		addrs[i] = []byte(v)
 	}
+	for i, v := range record.AddressesTried {
+		addrsTried[i] = []byte(v)
+	}
 	addrUsed, err := record.AddressUsed.MarshalText()
 	if err != nil {
 		return nil, err
@@ -161,6 +165,7 @@ func validationRecordToPB(record core.ValidationRecord) (*corepb.ValidationRecor
 		AddressUsed:       addrUsed,
 		Authorities:       record.Authorities,
 		Url:               &record.URL,
+		AddressesTried:    addrsTried,
 	}, nil
 }
 
@@ -175,6 +180,10 @@ func pbToValidationRecord(in *corepb.ValidationRecord) (record core.ValidationRe
 	for i, v := range in.AddressesResolved {
 		addrs[i] = net.IP(v)
 	}
+	addrsTried := make([]net.IP, len(in.AddressesTried))
+	for i, v := range in.AddressesTried {
+		addrsTried[i] = net.IP(v)
+	}
 	var addrUsed net.IP
 	err = addrUsed.UnmarshalText(in.AddressUsed)
 	if err != nil {
@@ -187,6 +196,7 @@ func pbToValidationRecord(in *corepb.ValidationRecord) (record core.ValidationRe
 		AddressUsed:       addrUsed,
 		Authorities:       in.Authorities,
 		URL:               *in.Url,
+		AddressesTried:    addrsTried,
 	}, nil
 }
 
 
@@ -123,6 +123,7 @@ func TestChallenge(t *testing.T) {
 			AddressUsed:       ip,
 			URL:               "url",
 			Authorities:       []string{"auth"},
+			AddressesTried:    []net.IP{ip},
 		},
 	}
 	chall.Error = &probs.ProblemDetails{Type: probs.TLSProblem, Detail: "asd", HTTPStatus: 200}
@@ -151,6 +152,7 @@ func TestValidationRecord(t *testing.T) {
 		AddressUsed:       ip,
 		URL:               "url",
 		Authorities:       []string{"auth"},
+		AddressesTried:    []net.IP{ip},
 	}
 
 	pb, err := validationRecordToPB(vr)
@@ -171,6 +173,7 @@ func TestValidationResult(t *testing.T) {
 		AddressUsed:       ip,
 		URL:               "urlA",
 		Authorities:       []string{"authA"},
+		AddressesTried:    []net.IP{ip},
 	}
 	vrB := core.ValidationRecord{
 		Hostname:          "hostB",
@@ -179,6 +182,7 @@ func TestValidationResult(t *testing.T) {
 		AddressUsed:       ip,
 		URL:               "urlB",
 		Authorities:       []string{"authB"},
+		AddressesTried:    []net.IP{ip},
 	}
 	result := []core.ValidationRecord{vrA, vrB}
 	prob := &probs.ProblemDetails{Type: probs.TLSProblem, Detail: "asd", HTTPStatus: 200}
 
@@ -28,7 +28,8 @@
       "ServerURL": "http://boulder:6000"
     },
     "features": {
-      "GoogleSafeBrowsingV4": true
+      "GoogleSafeBrowsingV4": true,
+      "IPv6First": true
     }
   },
Original file line number	Diff line number	Diff line change
`@@ -73,6 +73,13 @@ func (mock *MockDNSResolver) LookupHost(_ context.Context, hostname string) ([]n`
`73`	`73`	`Err: errors.New("some net error"),`
`74`	`74`	`}, -1}`
`75`	`75`	`}`
	`76`	`+ // dual-homed host with an IPv6 and an IPv4 address`
	`77`	`+ if hostname == "ipv4.and.ipv6.localhost" {`
	`78`	`+ return []net.IP{`
	`79`	`+ net.ParseIP("::1"),`
	`80`	`+ net.ParseIP("127.0.0.1"),`
	`81`	`+ }, nil`
	`82`	`+ }`
`76`	`83`	`ip := net.ParseIP("127.0.0.1")`
`77`	`84`	`return []net.IP{ip}, nil`
`78`	`85`	`}`
Original file line number	Diff line number	Diff line change
`@@ -22,6 +22,10 @@ message ValidationRecord {`
`22`	`22`
`23`	`23`	`repeated string authorities = 5;`
`24`	`24`	`optional string url = 6;`
	`25`	`+ // A list of addresses tried before the address used (see`
	`26`	`+ // core/objects.go and the comment on the ValidationRecord structure`
	`27`	`+ // definition for more information.`
	`28`	`+ repeated bytes addressesTried = 7; // net.IP.MarshalText()`
`25`	`29`	`}`
`26`	`30`
`27`	`31`	`message ProblemDetails {`
Original file line number	Diff line number	Diff line change
`@@ -21,6 +21,7 @@ const (`
`21`	`21`	`AllowTLS02Challenges`
`22`	`22`	`GenerateOCSPEarly`
`23`	`23`	`CountCertificatesExact`
	`24`	`+ IPv6First`
`24`	`25`	`)`
`25`	`26`
`26`	`27`	`// List of features and their default value, protected by fMu`
`@@ -35,6 +36,7 @@ var features = map[FeatureFlag]bool{`
`35`	`36`	`AllowTLS02Challenges: false,`
`36`	`37`	`GenerateOCSPEarly: false,`
`37`	`38`	`CountCertificatesExact: false,`
	`39`	`+ IPv6First: false,`
`38`	`40`	`}`
`39`	`41`
`40`	`42`	`var fMu = new(sync.RWMutex)`
Original file line number	Diff line number	Diff line change
`@@ -28,7 +28,8 @@`
`28`	`28`	`"ServerURL": "http://boulder:6000"`
`29`	`29`	`},`
`30`	`30`	`"features": {`
`31`		`- "GoogleSafeBrowsingV4": true`
	`31`	`+ "GoogleSafeBrowsingV4": true,`
	`32`	`+ "IPv6First": true`
`32`	`33`	`}`
`33`	`34`	`},`
`34`	`35`