Commit Graph

283 Commits

Author SHA1 Message Date
Roland Shoemaker 19c76ac94f Stick with previous method name, add uncommitted comment 2015-08-04 11:27:12 -07:00
Roland Shoemaker c9c05cfb46 Add comments, move reconnection logic out of binaries (except for the WFE which is a weird case) 2015-08-03 23:02:52 -07:00
Roland Shoemaker 85d037f7a7 Gracefully shutdown RPC servers 2015-08-03 16:47:47 -07:00
Jeremy Gillula 289dfeabe6 Fixing go formatting issues (ran go fmt on the files below) 2015-07-28 17:07:36 -07:00
Jeremy Gillula 321d611d20 Forgot to stage some files in last commit 2015-07-28 16:03:40 -07:00
Jeremy Gillula 65c923d547 we now ignore duplicate additions and require three different command line args 2015-07-28 14:03:56 -07:00
Roland Shoemaker 145790d9c3 Review fixes 2015-07-27 12:46:09 -07:00
Roland Shoemaker bd9286dd5b Merge branch 'master' into mailer 2015-07-24 16:36:50 -07:00
Roland Shoemaker 6c2f3ea8cc Merge branch 'master' into mailer 2015-07-23 15:33:43 -07:00
Roland Shoemaker b5f519d22d Rework how the expiration mailer looks for certificates 2015-07-23 15:33:28 -07:00
Roland Shoemaker bf0673c35f DNS config refactoring 2015-07-22 15:54:40 -07:00
Jacob Hoffman-Andrews 61394e4f2d Merge pull request #506 from letsencrypt/native-mx-lookup
Replace net.LookupMX use with core.LookupMX
2015-07-22 15:17:38 -07:00
Roland Shoemaker 31f0674f03 Replace net.LookupMX with core.LookupMX using defined resolver 2015-07-21 22:36:29 -07:00
Roland Shoemaker 9aa4357fdf Initial bulk mailer work 2015-07-20 15:34:42 -07:00
Roland Shoemaker 87827be6f1 Merge branch 'master' into cache-headers 2015-07-17 17:44:55 -07:00
Roland Shoemaker 6a2344e1bf Add config vars and wire them into cmd/boulder and cmd/boulder-wfe 2015-07-17 17:44:03 -07:00
Jacob Hoffman-Andrews 8549ecae81 Merge pull request #439 from letsencrypt/426-amqp_acl_restrictive
426 - Support minimum permissions in AMQP
2015-07-17 15:59:25 -07:00
Jeff Hodges 47d9d7376d add debug server config for the monolithic boulder
Fixes #482
2015-07-17 12:33:50 -07:00
J.C. Jones f71e36e114 Move DeclareExchange into its own method. 2015-07-16 13:30:52 -07:00
Jeremy Gillula 867ce685f8 First cut of command-line tool for importing certs from other external sources like the SSL Observatory, Certificate Transparency, and scans.io 2015-07-15 18:38:35 -07:00
Jeff Hodges ef54dda46a add debug http server to services
Currently, the debug http server in every service contains just the
net/http/pprof handlers. This allows us to get CPU, blocking, and memory
profiling remotely.

Along the way, remove all the places we use http.DefaultServeMux (which
includes use of http.Handle and http.HandlerFunc) and use a NewServeMux
for each place.

Fixes #457
2015-07-14 01:28:18 -07:00
Jeff Hodges 79d9b52ad0 rename dbName to dbConnect
The configuration is actually a connection string, not a database name,
and it was a bit confusing.
2015-07-10 16:17:27 -07:00
Roland Shoemaker 4346e55d8c Review fixes and rtt cleanups, further cleanup is blocked by #413 2015-06-25 17:55:59 -07:00
Roland Shoemaker 12589834a3 Merge master 2015-06-25 15:59:59 -07:00
Roland Shoemaker 78f52dd418 Simplify header check 2015-06-23 19:54:54 +01:00
Richard Barnes 718920afa3 Enable the VA to send a user-agent header field. 2015-06-23 11:15:51 -07:00
Jacob Hoffman-Andrews 7d94800dea Add DB to Policy Authority. 2015-06-22 15:31:06 -07:00
J.C. Jones a54f18f3d0 Refactor AMQPS config to be all-optional, and style updates. 2015-06-22 08:15:10 -07:00
J.C. Jones 503bbe4254 Rename the TLS configuration to "TLS" (from SSL... what was I thinking?) 2015-06-22 06:25:57 -07:00
J.C. Jones adfd9ed1c6 Also correct method execution order (style). 2015-06-22 06:23:04 -07:00
J.C. Jones 4a495d0874 Fixes #387 - Check whether the certificate / privkey is set before trying to load it. 2015-06-22 06:09:11 -07:00
Roland Shoemaker 9edd2b8e07 Refactor StatsD metrics collection
- Moved HandlerTimer definition from various cmd/ binaries to cmd/shell.go
- Cleaned up HandlerTimer endpoint metrics
- Moved New... counter metrics from WFE to RA and add Updated... and Finalized... ones
- Added error code and problem type counter metrics to WFE
- Added validation type / status counter metrics to VA
- Consistently return the total RTT from LookupCAA, LookupCNAME, and LookupDNSSEC method
- Added DNS RTT timing metrics to VA for the various Loookup... methods
2015-06-21 23:28:10 -07:00
J.C. Jones f95e9eaa83 Support TLS mutual authentication for AMQPS 2015-06-18 16:23:48 -07:00
Jacob Hoffman-Andrews 117d8d5878 Merge pull request #362 from letsencrypt/lint
Correct most `go lint` warnings. (274 -> 5)
2015-06-17 10:43:42 -07:00
Jacob Hoffman-Andrews 05f04709e9 Update cfssl dependency to latest master
Also, remove dependency on cfssl CLI binary, and transitive dependency cf-tls.
These are no longer necessary now that we use the local signer. And the cf-tls
dependency had drifted out of date, causing build issues when I updated cfssl to
master.
2015-06-17 09:26:52 -07:00
J.C. Jones 41f5788c77 Correct most `go lint` warnings. (274 -> 5) 2015-06-16 22:18:28 -05:00
Roland Shoemaker 0265b6f5d0 Merge upstream/master and fix conflicts 2015-06-10 12:43:11 -07:00
J.C. Jones 76f7b1c1e4 Improve build identification
New example:

2015/06/09 09:20:13 Versions: boulder=(generate_ocsp +0c101f2 Tue Jun  9 16:20:06 UTC 2015) Golang=(devel +46b4f67 Thu Apr 16 20:01:13 2015 +0000) BuildHost=(user@vm.local)
2015-06-09 09:22:29 -07:00
Roland Shoemaker 4ecd6d58b6 Merge master 2015-06-06 02:11:46 +01:00
Roland Shoemaker 0bfc50b7e5 Add check for max key size 2015-06-05 19:02:10 +01:00
J.C. Jones d4eadd9aa3 Fix output of `cmd` --version to show version and build 2015-06-04 13:44:46 -07:00
Roland Shoemaker 8ad4358d30 Collect common values in config file 2015-06-03 17:41:27 +01:00
Roland Shoemaker 8846fd2c90 Merge upstream/master 2015-05-29 09:36:46 +01:00
J.C. Jones 1008bd824d WIP on issue #202: OCSP Responder work 2015-05-28 23:11:03 -07:00
J.C. Jones 8766edaa93 Issue #239 - Add a build ID method to WFE, and print Info on startup for all 2015-05-28 11:13:09 -07:00
Roland Shoemaker ae1cf13be7 add config options for timeout + resolver address 2015-05-28 11:39:32 +01:00
J.C. Jones af0f8446eb Issue #202, Periodic OCSP Signer Tool
- Move dbMap construction and type converter into individual files in the sa package.
- Add DB configuration for the OCSP tool to the boulder config:
  - left to the user if they want to use different boulder-config.json files
    for different purposes.
- Added updater to Makefile
- Fix trailing ',' in the Boulder config, add more panic logging
- Ignore .pem files produced by the integration test
- Change RPC to use per-instance named reply-to queues.
- Finish OCSP Updater logic
- Rework RPC for OCSP to use a transfer object (due to serialization problems of x509.Certificate)
2015-05-27 22:01:29 -07:00
J.C. Jones 343920cfe3 Fix integration test while running with MySQL
- Add SQL configuration options
- Increase the width of the authz and pending_authz tables' challenges field
- Make it configurable whether CREATE TABLE commands should run
2015-05-27 13:39:18 -07:00
J.C. Jones f15da06af7 Issue #238 - MySql column width too narrow
- Added SQL debug logging (SA option: "SQLDebug")
- Added timestamps to the log prints to stdout
- Ignore *.pem in test/js
- Modified start.sh to support environment overrides for BOULDER_CONFIG, like the AMQP mode
- Changed boulder-test-config to open the server on the loopback device, so as to not cause firewall prompts on each integration test run for those of us being restrictive
- Renamed "key" column to "jwk" in DB, to avoid keyword conflict
- Set MaxLength on "jwk" column to 512
2015-05-27 12:12:41 -07:00
Jacob Hoffman-Andrews 19fd285859 Merge pull request #223 from rolandshoemaker/revoker
admin-revoker tool
2015-05-26 14:37:33 -07:00
Roland Shoemaker 0ab71bed62 initial revoker work 2015-05-23 12:46:56 +01:00
Richard Barnes c4931286a5 First pass 2015-05-22 19:11:13 -04:00
Roland Shoemaker a56d90d501 actually add config field 2015-05-20 13:14:22 -07:00
J.C. Jones 42302541bd Run `go fmt` for PR #186 2015-05-18 18:44:38 -07:00
Richard Barnes c3b312118e Add audit logging
- Auditing for general errors in executables
- Auditing for improper messages received by WFE
- Automatic audit wlogging of software errors
- Audit logging for mis-routed messages
- Audit logging for certificate requests
- Auditing for improper messages received by WFE
- Add audit events table
- Expect more details in TestRegistration in web-front-end_test.go
- Remove "extra" debug details from web-front-end.go per Issue #174
- Improve test coverage of web-front-end.go
- WFE audit updates for revocation support rebase
- Add audit messages to RPC for Improper Messages and Error Conditions
- Also note misrouted messages
2015-05-18 18:23:08 -07:00
Roland Shoemaker 1276d82146 Add /acme/issuer-cert endpoint and up links to it
In /acme/new-cert and /acme/cert/<serial>.
2015-05-10 21:35:28 -07:00
Jacob Hoffman-Andrews 8e30ff81fb Partly done implementation of revoke. 2015-04-29 18:36:26 -07:00
Roland Shoemaker 3a456d8705 add config section for smtp settings 2015-04-17 18:37:13 -07:00
jsha cb615e86c6 Merge pull request #90 from letsencrypt/85-relational_db_in_ca
Add Relational DB support to CA (Issue #85)
2015-04-15 16:31:52 -04:00
Roland Shoemaker e9ac01f0f1 various error catch cleanups 2015-04-14 18:08:35 -07:00
Roland Shoemaker 12a5756a24 address @jcjmoz comments 2015-04-13 21:20:57 -07:00
J.C. Jones e389f98ba2 Fixes for golint 2015-04-13 16:24:35 -07:00
J.C. Jones b5377616e8 Implement serial use in CA
- Upstream CFSSL update broke a test in certificate-authority_test.go
  See https://github.com/cloudflare/cfssl/issues/156
- Added "SerialPrefix" to config, letting you set a prefix to the generated
  serial numbers.
2015-04-13 16:24:35 -07:00
Roland Shoemaker ed4a147737 fix conflict 2015-04-12 21:55:01 -07:00
Roland Shoemaker 4967e9486d hook in everywhere, add Noop client in tests 2015-04-12 21:50:07 -07:00
Roland Shoemaker e7f2f4f90c hook cmd.ProfileCmd into all the polylithic clients 2015-04-12 20:26:02 -07:00
Roland Shoemaker f64665cd1b better statsd hooks 2015-04-12 18:02:00 -07:00
J.C. Jones 97b356fcd4 Add a Certificate Authority Database stub
* A few tests, but they don't all pass
* needs actual DB code
2015-04-12 08:10:28 -07:00
James 'J.C.' Jones ea4b0be56c Merge pull request #88 from jsha/better-test
Simplify running Boulder with cfssl
2015-04-12 08:10:11 -07:00
Jacob Hoffman-Andrews 4bdec58e05 Include cfssl in vendored deps.
And introduce a start.sh that starts both boulder and cfssl.
2015-04-10 16:39:56 -07:00
J.C. Jones ab538ec332 go fmt updates 2015-04-08 21:03:08 -07:00
Roland Shoemaker e8ac96d68d fixes re: @jcjones 2015-04-08 19:17:39 -07:00
Roland Shoemaker fe16dc3ce9 reconnect to amqp channels and rewire clients on amqp server restart/conn dropped 2015-04-03 17:54:11 -07:00
jsha e077548886 Merge pull request #65 from letsencrypt/vendorize
Vendorize all dependencies with godep.
2015-03-26 19:12:15 -07:00
Jacob Hoffman-Andrews a0b06f3edd Rewrite paths again. 2015-03-26 17:01:01 -07:00
Jacob Hoffman-Andrews 2940bb3c7c Merge branch 'vendorize' into vendorize2
Conflicts:
	analysis/analysis-engine.go
	analysis/analysis-engine_test.go
	ca/certificate-authority.go
	ca/certificate-authority_test.go
	cmd/activity-monitor/main.go
	cmd/boulder-sa/main.go
	cmd/boulder/main.go
	cmd/mkcrl/main.go
	cmd/mkroot/main.go
	cmd/shell.go
	ra/registration-authority_test.go
	rpc/amqp-rpc.go
	rpc/rpc-wrappers.go
2015-03-26 14:21:48 -07:00
Jacob Hoffman-Andrews 99bf61c0ac Add Godeps. 2015-03-26 14:20:34 -07:00
Jacob Hoffman-Andrews 41651ca568 Fix up some files that I missed in vendor rewrite 2015-03-25 15:40:52 -07:00
Peter Eckersley ccbbeccb00 gofmt 2015-03-25 14:52:50 -07:00
Peter Eckersley 5eac0cda09 Add a "TestMode" config option
This makes the same change as PR #59, but allows test mode to be turned
back on with a config option.
2015-03-25 12:58:57 -07:00
J.C. Jones 151274f1b3 Rework audit logging. Issue #23. 2015-03-24 17:36:26 -07:00
Richard Barnes e6a580ebbb Migration of CA to individual binary 2015-03-21 18:26:00 -05:00
Richard Barnes 241e6bd124 New app shell construct and an example usage 2015-03-21 18:05:59 -05:00