va: Put most recent, not original, IP in error messages (add'l case) (#8028)

jprenken · web-flow · commit 49ebc99e8efa · 2025-03-04T11:35:16.000-08:00
Fix a remaining edge case after #7468: one call to `newIPError` did not account for when we retry *successfully,* but then are served a redirect which errors. In those cases, our `client.Do` call results in our redirect handler `processRedirect` appending yet another validation record to `records`, which was missed. Fixes #7347
diff --git a/va/http.go b/va/http.go
@@ -592,7 +592,7 @@ func (va *ValidationAuthorityImpl) processHTTPValidation(
 		// If the retry still failed there isn't anything more to do, return the
 		// error immediately.
 		if err != nil {
-			return nil, records, newIPError(retryRecord.AddressUsed, err)
+			return nil, records, newIPError(records[len(records)-1].AddressUsed, err)
 		}
 	} else if err != nil {
 		// if the error was not a fallbackErr then return immediately.

Original file line number	Diff line number	Diff line change
`@@ -592,7 +592,7 @@ func (va *ValidationAuthorityImpl) processHTTPValidation(`
`592`	`592`	`// If the retry still failed there isn't anything more to do, return the`
`593`	`593`	`// error immediately.`
`594`	`594`	`if err != nil {`
`595`		`- return nil, records, newIPError(retryRecord.AddressUsed, err)`
	`595`	`+ return nil, records, newIPError(records[len(records)-1].AddressUsed, err)`
`596`	`596`	`}`
`597`	`597`	`} else if err != nil {`
`598`	`598`	`// if the error was not a fallbackErr then return immediately.`