Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

CI tests are susceptible to bad nonces #351

Closed
squizzling opened this issue Jun 22, 2021 · 0 comments · Fixed by #352
Closed

CI tests are susceptible to bad nonces #351

squizzling opened this issue Jun 22, 2021 · 0 comments · Fixed by #352

Comments

@squizzling
Copy link
Contributor

The acme library will do a single retry on a bad nonce, if the retry fails, everything falls down. By default, we trigger 1/20, which means 1/400 requests will hard fail.

CI tries to issue certs for two hosts, each cert is 5 requests + 2 polling loops, at least 7 requests, or minimum 14 requests per run. There's also tests for both Travis and Appveyor, which is 28 requests.

If my math is right (lol), that gives us a ~6-7% chance of at least one of the requests failing.

Since the bad nonce path isn't explicitly being checked for, it should be disabled when running CI tests.
This was referenced Jun 22, 2021
Merged
Open
Merged
aarongable pushed a commit that referenced this issue Jun 22, 2021
@squizzling
Disables random nonce rejection in CI (#352)
c49ff83 
Set the nonce rejection rate to 0% in the CI environments.
This prevents the integration tests from failing due to
random bad nonces, which is not the behavior they're
testing for.

Fixes #351
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Disables random nonce rejection in CI squizzling/pebble
1 participant
@squizzling