From 104c39335bc04f2fa991dc4ff6c5ceea42bae8c8 Mon Sep 17 00:00:00 2001
From: Phil Porada <pgporada@users.noreply.github.com>
Date: Wed, 15 Nov 2023 11:03:20 -0500
Subject: [PATCH] VA: Check that maxRemoteValidationFailures is non-negative
 (#7150)

Prevents a panic when the VA config field `maxRemoteValidationFailures`
is set to a negative number by adding validation tags

Fixes https://github.com/letsencrypt/boulder/issues/7149
---
 cmd/boulder-va/main.go | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/cmd/boulder-va/main.go b/cmd/boulder-va/main.go
index 1c998bc9787..4fd45ea2c8e 100644
--- a/cmd/boulder-va/main.go
+++ b/cmd/boulder-va/main.go
@@ -32,7 +32,7 @@ type Config struct {
 		DNSAllowLoopbackAddresses bool
 
 		RemoteVAs                   []cmd.GRPCClientConfig `validate:"omitempty,dive"`
-		MaxRemoteValidationFailures int
+		MaxRemoteValidationFailures int                    `validate:"omitempty,min=0,required_with=RemoteVAs"`
 
 		Features map[string]bool