5ea17d980a
Merge master
2015-07-29 16:37:39 -04:00
6777b276a7
Merge branch 'master' into store-ips
2015-07-29 12:24:20 -07:00
08c86e560e
Fix test failures in core
2015-07-29 14:40:41 -04:00
f506da377a
Clean up Challenge.MergeResponse
2015-07-29 12:59:52 -04:00
4f95f66f98
Remove AcmeJWS and move everything over to LE fork of go-jose
2015-07-29 12:44:39 -04:00
9e87cef807
Further test fixes
2015-07-29 12:20:00 -04:00
de5c50739a
Mostly fixed tests
2015-07-29 12:19:12 -04:00
e60df240d8
Update DVSNI and DNS challenges
2015-07-29 12:19:12 -04:00
4cac9da9fd
Refactor simpleHttp challenge
2015-07-29 12:18:09 -04:00
26b140b0cc
Removing unused literals and exposing more error info
2015-07-29 11:17:26 -04:00
965be920a6
Enforce 'resource' field
2015-07-29 10:19:14 -04:00
289dfeabe6
Fixing go formatting issues (ran go fmt on the files below)
2015-07-28 17:07:36 -07:00
65c923d547
we now ignore duplicate additions and require three different command line args
2015-07-28 14:03:56 -07:00
abd06564ec
Merge branch 'master' into mailer
2015-07-27 12:46:19 -07:00
145790d9c3
Review fixes
2015-07-27 12:46:09 -07:00
2b275405c1
remove authorizations member for certificate request.
2015-07-27 20:26:56 +02:00
aef83a3d02
Change core.Certificate.DER to []byte.
...
Fixes https://github.com/letsencrypt/boulder/issues/519 .
The previous type, JSONBuffer, was triggering a subtle bug when scanning
multiple rows from MySQL. Since this struct is not serialized as JOSE it
doesn't need to have the JSONBuffer type.
The test for this fix is blocked on
https://github.com/letsencrypt/boulder/issues/132 , so I filed a separate issue
to follow up with a test:
https://github.com/letsencrypt/boulder/issues/536
2015-07-26 01:34:02 -07:00
8a577df190
Merge master
2015-07-24 17:41:14 -07:00
bd9286dd5b
Merge branch 'master' into mailer
2015-07-24 16:36:50 -07:00
9423467142
Switch to our own fork of go-jose.
...
This is the result of `godep save -r ./...` and
`git rm -r -f Godeps/_workspace/src/github.com/square`
Our fork is currently at the head of go-jose when Richard made the local nonce
changes, with the nonce changes added on top. In other words, the newly created
files are exactly equal to the deleted files.
In a separate commit I will bring our own go-jose fork up to the remote head,
then update our deps.
Also note: Square's go-jose repo contains a `cipher` package. Since we don't
make any changes to that package, we leave it imported as-is.
2015-07-24 14:39:00 -07:00
620a012c62
Rewrite go-jose dependencies to our fork.
2015-07-24 14:16:01 -07:00
7f5da3b8bc
Merge pull request #521 from letsencrypt/remove_v
...
remove incorrect uses of %v, use specific verbs
2015-07-24 13:00:29 -07:00
a960fa0393
Store redirects, reconstruct transport on redirect, add redirect + lookup tests
2015-07-24 12:05:27 -07:00
8975601d5e
correct bodyStr->body
2015-07-23 17:41:15 -07:00
6c2f3ea8cc
Merge branch 'master' into mailer
2015-07-23 15:33:43 -07:00
b5f519d22d
Rework how the expiration mailer looks for certificates
2015-07-23 15:33:28 -07:00
941df62ad4
Switch to AuditObject for CSR logging.
...
This allows us to log the remote address and registration object along with the
CSR.
Also, restore part of a comment on CertificateRequest that was deleted.
2015-07-22 16:32:11 -07:00
6952aebeb3
Record initial application CSR.
...
Fixes https://github.com/letsencrypt/boulder/issues/493 .
Also, modify MockSyslogWriter so that it implements the SyslogWriter interface
(no pointer receivers).
2015-07-22 15:34:59 -07:00
d0049adb4c
Log IPs in a better place, by storing them in the challenge objects!
2015-07-21 19:45:40 -07:00
867ce685f8
First cut of command-line tool for importing certs from other external sources like the SSL Observatory, Certificate Transparency, and scans.io
2015-07-15 18:38:35 -07:00
b8bc60ddfb
Remove core.DNSSECProblem definition
2015-07-08 20:52:40 +01:00
5e11d333d4
Add implementation of ChallengesFor ProofOfPosession.f
2015-06-22 18:01:18 -07:00
70bb5e8364
Add a PA test.
2015-06-22 16:33:09 -07:00
c301b87e3d
Merge branch 'master' into existing-cert
2015-06-22 14:54:28 -07:00
d6e64835cc
Store data on existing certs.
2015-06-18 15:35:23 -07:00
d7968f2163
Merge remote-tracking branch 'upstream/master' into errors
2015-06-18 14:49:33 -07:00
609b534e98
Merge pull request #366 from letsencrypt/match-ip-email
...
Check IPAddresses and EmailAddresses in Certificate.MatchesCSR
2015-06-18 14:36:16 -07:00
38b8701ae9
Merge remote-tracking branch 'upstream/master' into errors
2015-06-18 14:10:43 -07:00
93ff18b365
Finished addinig validation errors
2015-06-18 14:10:24 -07:00
f19cad3a04
Additional cleanup of error handling
2015-06-18 10:08:59 -07:00
f89b32b420
Check IPAddresses and EmailAddresses in Certificate.MatchesCSR
2015-06-17 18:53:02 -07:00
403af37a39
Hide Authorization.Expires field when uninitialized
2015-06-17 18:34:30 -07:00
6fac234036
Updated error messages and internal error handling
2015-06-17 10:56:46 -07:00
41f5788c77
Correct most `go lint` warnings. (274 -> 5)
2015-06-16 22:18:28 -05:00
b094c81371
Merge remote-tracking branch 'upstream/master' into errors
2015-06-16 10:59:16 -07:00
cc97492a54
Issue #11 : Basic DNS Challenge support
2015-06-16 09:03:03 -05:00
3ca3d9b283
Finished adding basic errors
2015-06-15 19:30:11 -07:00
80d5e50e42
Enable revocation by account key.
...
In addition to cert private key. This required modifying the GetCertificate*
functions to return core.Certificate instead of certificate bytes.
2015-06-15 12:33:50 -07:00
f4ee29d1d3
Change all references from SimpleHTTPS -> SimpleHTTP
2015-06-12 11:22:04 -07:00
ef3adda09b
Switch TLS to pointer
2015-06-11 22:08:38 -07:00
c301125e93
Add TLS field to core.Challenge per spec
2015-06-11 17:12:50 -07:00
603e625758
Remove debug statement
2015-06-08 18:09:02 -07:00
bc2c28a5ce
Check Challenge.Path isn't malformed in Challenge.IsSane
2015-06-08 18:02:01 -07:00
a3521bcb61
Merge pull request #277 from rolandshoemaker/check-cert
...
Check generated certificate matches CSR
2015-06-03 22:10:35 -07:00
78e621c95f
further review fixes
2015-06-03 00:27:08 +01:00
04479eca5c
Merge pull request #291 from letsencrypt/fix-revocation
...
Revert change to revocation from #275
2015-06-02 17:52:35 -04:00
7a60d431d6
Revert "Supporess the 'expires' field in public Authorizations"
...
This reverts commit d47b7c12ac
2015-06-02 12:02:05 -07:00
026cb424fc
Revert "Replace RevokeCertficate with something more in line with the spec"
...
This reverts commit b1bad40fe6
2015-06-02 10:45:54 -07:00
51890a9626
Move cert-csr check to boulder/core and review fixes
2015-06-02 17:56:28 +01:00
bfd9e4ac20
Fixing JCJ nits
2015-06-01 02:11:10 -04:00
b1bad40fe6
Replace RevokeCertficate with something more in line with the spec
2015-06-01 02:11:10 -04:00
d47b7c12ac
Supporess the 'expires' field in public Authorizations
2015-06-01 02:08:47 -04:00
e8edbf5f21
Making capitalization consistent with Go standards
2015-06-01 02:08:47 -04:00
9917ca17f6
Clean up TODOs
2015-06-01 02:05:17 -04:00
7a09c78788
Issue #254
2015-05-30 13:21:36 -04:00
a684177a09
Issue #236
2015-05-30 11:08:18 -04:00
d1321f2d78
More RPC fixes for Issue #202
...
- NewPendingAuthorization now uses a core.Authorization object, so
that foreign key constraints are followed
- core.Authorization now serializes RegistrationID to JSON, so it has to get
blanked out in WFE before transmission to client.
- Remove ParsedCertificate from core.Certificate, as type x509.Certificate cannot
be marshaled.
- Added AssertDeepEquals and AssertMarhsaledEquals to test-tools.go
- Caught several overloaded and misleadingly named errors in WFE
2015-05-28 11:05:55 -07:00
e4e52e7315
More work on Issue #202 for RPC functions
...
- Fix a bunch of typos in rpc-wrappers.go
- Unblank `id` in core.Registration JSON:
- It's not spec, but it's not hurting anything, and we reveal it to clients anyway.
- We need knowledge of the ID in RPC, so if we don't want to include this in the object, we need to make a transfer object to wrap it.
- Make the RPC logs much clearer as to who's talking to who
- Typo in WFE where we called a registration an authz
2015-05-27 23:37:12 -07:00
af0f8446eb
Issue #202 , Periodic OCSP Signer Tool
...
- Move dbMap construction and type converter into individual files in the sa package.
- Add DB configuration for the OCSP tool to the boulder config:
- left to the user if they want to use different boulder-config.json files
for different purposes.
- Added updater to Makefile
- Fix trailing ',' in the Boulder config, add more panic logging
- Ignore .pem files produced by the integration test
- Change RPC to use per-instance named reply-to queues.
- Finish OCSP Updater logic
- Rework RPC for OCSP to use a transfer object (due to serialization problems of x509.Certificate)
2015-05-27 22:01:29 -07:00
f15da06af7
Issue #238 - MySql column width too narrow
...
- Added SQL debug logging (SA option: "SQLDebug")
- Added timestamps to the log prints to stdout
- Ignore *.pem in test/js
- Modified start.sh to support environment overrides for BOULDER_CONFIG, like the AMQP mode
- Changed boulder-test-config to open the server on the loopback device, so as to not cause firewall prompts on each integration test run for those of us being restrictive
- Renamed "key" column to "jwk" in DB, to avoid keyword conflict
- Set MaxLength on "jwk" column to 512
2015-05-27 12:12:41 -07:00
870f02917c
check subscriber agreement in new/updated registrations
2015-05-18 20:56:51 -07:00
42302541bd
Run `go fmt` for PR #186
2015-05-18 18:44:38 -07:00
c3b312118e
Add audit logging
...
- Auditing for general errors in executables
- Auditing for improper messages received by WFE
- Automatic audit wlogging of software errors
- Audit logging for mis-routed messages
- Audit logging for certificate requests
- Auditing for improper messages received by WFE
- Add audit events table
- Expect more details in TestRegistration in web-front-end_test.go
- Remove "extra" debug details from web-front-end.go per Issue #174
- Improve test coverage of web-front-end.go
- WFE audit updates for revocation support rebase
- Add audit messages to RPC for Improper Messages and Error Conditions
- Also note misrouted messages
2015-05-18 18:23:08 -07:00
e1ba291019
Store registration ID with certificate
2015-05-16 13:47:51 -07:00
faa1d5ac45
review cleanups
2015-05-16 13:25:36 -07:00
e233fdaa61
switch authz and pending_authz to store registration ID instead of key (and update all the random stuff they touched)
2015-05-14 14:14:36 -07:00
6be5c4910e
Merge pull request #185 from rolandshoemaker/deny-store
...
Store and check previously denied CSRs
2015-05-14 09:03:06 -07:00
3eed9e3f7c
Move to Square's go-jose library.
2015-05-13 17:36:38 -07:00
5d5eea7071
switch to only store dns names
2015-05-13 12:08:50 -07:00
314fb5e9f6
add WFE mashaling test
2015-05-12 21:04:48 -07:00
d95c552ab4
add denied csr table and AddDeniedCSR + AlreadyDeniedCSR methods for checking, added AddDeniedCSR to ra.NewCertificate
2015-05-11 23:02:39 -07:00
1bf93f42ec
add anonymous tags to LockCol fields on core objects
2015-05-11 21:57:45 -07:00
8acae627eb
Fix sanity checking for challenges.
...
Also add more debug logging.
2015-05-08 15:32:11 -07:00
8b1139be70
Merge pull request #149 from rolandshoemaker/gorp
...
Switch SQL backend to gorp
2015-05-08 09:47:46 -07:00
651689711f
move table comments from SA to relevant core object fields
2015-05-06 21:56:05 -07:00
1cc1df2726
use core objects as models (except for pending/final authz)
2015-05-06 21:45:37 -07:00
3f6bf6d35d
add status check
2015-05-06 17:24:26 -07:00
d555e0d0c5
proper nonce test
2015-05-06 01:08:49 -07:00
aea9fbf0f7
challenge sanity check
2015-05-06 00:16:53 -07:00
1cee83c262
add db tags to structs we are embeding, update models, add custom type converter, simplify DumpTables (+ fix it), move GetCert... methods to gorp
2015-05-02 21:28:39 -07:00
7145207104
Add initial certificate status in SA.
...
Also improve test tools.
2015-04-23 19:52:34 -07:00
7d8ef9a019
Fix tests and tidy up for review.
2015-04-18 23:44:42 -04:00
431ad092eb
Query certs by sequential part of serial number.
...
Also refactor WFE for better initialization and change StorageAuthority to
support this type of query.
2015-04-18 00:48:19 -04:00
33db859a5d
Fix non-compliance issue stemming from PR #31 .
...
Caught by @kuba, thanks!
2015-03-24 09:18:03 -07:00
4e0aa900c9
Rebase 'lint-errcheck-fixes' of git://github.com/mvdan/boulder to letsencrypt/master
...
Conflicts:
cmd/boulder-start/main.go
core/interfaces.go
core/objects.go
core/util.go
ra/registration-authority.go
ra/registration-authority_test.go
rpc/rpc-wrappers.go
va/validation-authority.go
wfe/web-front-end.go
2015-03-20 18:01:03 -07:00
e604b8edb9
Update per spec
...
- Spec says the Challenge objects contain a field "Validated" not "Completed."
- The Challenge object says "Validated" should be omitempty, but wasn't a pointer.
- Swapped to using pointers so it will not be "completed":"0001-01-01T00:00:00Z"
- Sort of related to [Issue #71 in Acme-Spec](https://github.com/letsencrypt/acme-spec/issues/71 )
- Remove commented-out line from Dockerfile (whoops)
2015-03-20 15:37:53 -07:00
96bd7e215a
Further plumbing of registrations
2015-03-15 15:33:05 -04:00
d938deb3fd
Separate resources for challenges [initial]
2015-03-14 19:07:16 -04:00
8f4ea0efd8
Adapting to point to mainlined JOSE
2015-03-13 13:11:04 -07:00
91b12a2e1a
Simplify if err != nil structure when applicable
2015-03-12 12:46:18 +01:00
6c0c22b8f9
Separate imports from the standard library
2015-03-12 12:29:21 +01:00
d66e581736
Replace Https by HTTPS as per golint
2015-03-12 12:21:40 +01:00
c6673ade2e
Pulling out core module
2015-03-10 13:54:13 -07:00
Richard Barnes
Roland Shoemaker
Jeremy Gillula
Romain Fliedel
Jacob Hoffman-Andrews
Jeff Hodges
Brad Warren
James 'J.C.' Jones
J.C. Jones
bifurcation
Daniel Martí