aef83a3d02
Change core.Certificate.DER to []byte.
...
Fixes https://github.com/letsencrypt/boulder/issues/519 .
The previous type, JSONBuffer, was triggering a subtle bug when scanning
multiple rows from MySQL. Since this struct is not serialized as JOSE it
doesn't need to have the JSONBuffer type.
The test for this fix is blocked on
https://github.com/letsencrypt/boulder/issues/132 , so I filed a separate issue
to follow up with a test:
https://github.com/letsencrypt/boulder/issues/536
2015-07-26 01:34:02 -07:00
a843772736
Follow CNAME and DNAME during CAA lookups, cf. RFC 6844.
2015-07-26 01:25:30 -04:00
d30ea8a4b6
Distinguish between "lookup failed" and "CNAME does not exist" in LookupCNAME.
2015-07-25 05:47:15 -04:00
8a577df190
Merge master
2015-07-24 17:41:14 -07:00
bd9286dd5b
Merge branch 'master' into mailer
2015-07-24 16:36:50 -07:00
9423467142
Switch to our own fork of go-jose.
...
This is the result of `godep save -r ./...` and
`git rm -r -f Godeps/_workspace/src/github.com/square`
Our fork is currently at the head of go-jose when Richard made the local nonce
changes, with the nonce changes added on top. In other words, the newly created
files are exactly equal to the deleted files.
In a separate commit I will bring our own go-jose fork up to the remote head,
then update our deps.
Also note: Square's go-jose repo contains a `cipher` package. Since we don't
make any changes to that package, we leave it imported as-is.
2015-07-24 14:39:00 -07:00
620a012c62
Rewrite go-jose dependencies to our fork.
2015-07-24 14:16:01 -07:00
7f5da3b8bc
Merge pull request #521 from letsencrypt/remove_v
...
remove incorrect uses of %v, use specific verbs
2015-07-24 13:00:29 -07:00
a960fa0393
Store redirects, reconstruct transport on redirect, add redirect + lookup tests
2015-07-24 12:05:27 -07:00
8975601d5e
correct bodyStr->body
2015-07-23 17:41:15 -07:00
6c2f3ea8cc
Merge branch 'master' into mailer
2015-07-23 15:33:43 -07:00
b5f519d22d
Rework how the expiration mailer looks for certificates
2015-07-23 15:33:28 -07:00
5face2bf08
Merge master
2015-07-23 00:13:24 -07:00
941df62ad4
Switch to AuditObject for CSR logging.
...
This allows us to log the remote address and registration object along with the
CSR.
Also, restore part of a comment on CertificateRequest that was deleted.
2015-07-22 16:32:11 -07:00
6952aebeb3
Record initial application CSR.
...
Fixes https://github.com/letsencrypt/boulder/issues/493 .
Also, modify MockSyslogWriter so that it implements the SyslogWriter interface
(no pointer receivers).
2015-07-22 15:34:59 -07:00
31f0674f03
Replace net.LookupMX with core.LookupMX using defined resolver
2015-07-21 22:36:29 -07:00
d0049adb4c
Log IPs in a better place, by storing them in the challenge objects!
2015-07-21 19:45:40 -07:00
d8a12d8073
Addressing @bifurcation comments
2015-07-21 16:42:23 +02:00
867ce685f8
First cut of command-line tool for importing certs from other external sources like the SSL Observatory, Certificate Transparency, and scans.io
2015-07-15 18:38:35 -07:00
0cea5dffd0
Remove dangling timeout workarounds
2015-07-08 22:11:56 +01:00
a767daed4d
Rebase on #438 and cleanup
2015-07-08 22:07:21 +01:00
3aa6befb0b
Review fixes
2015-07-08 20:57:58 +01:00
34bd2a2915
Review fixes
2015-07-08 20:56:59 +01:00
b8bc60ddfb
Remove core.DNSSECProblem definition
2015-07-08 20:52:40 +01:00
cb1ddfaf78
Add parseDNSError method and use it to provide better problem detail, also add test workaround for timeouts until #401 is fixed
2015-07-08 20:52:40 +01:00
dfed747a99
Put LookupHost back, and re-add checks to validateSimpleHTTP and validateDvsni
2015-07-08 20:48:42 +01:00
a4eaf65741
Clarify comments
2015-07-08 20:48:42 +01:00
2d339651d7
Remove LookupDNSSEC and LookupHosts methods, and their usage, log SERVFAIL from resolver and query type it came from, ignore SERVFAIL from LookupCAA
2015-07-08 20:47:46 +01:00
624581518d
Consistent domain usage, DNSResolver comment, and empty CAA test
2015-07-07 22:31:44 +01:00
1fb48d1fd4
Extend DNS tests and fix miekg/dns bug
2015-07-07 22:31:44 +01:00
94a77b421d
Remove debug statement
2015-07-07 22:31:44 +01:00
f6248ef279
Flesh out DNS mock methods, and move them to their own sub-module instead of under test/ to avoid import loop, Add Loopback DNS resolver for core/dns_test.go
2015-07-07 22:31:44 +01:00
ebaad0f727
Add nonce error propagation to nonce.go
2015-06-23 12:14:23 -07:00
5e11d333d4
Add implementation of ChallengesFor ProofOfPosession.f
2015-06-22 18:01:18 -07:00
70bb5e8364
Add a PA test.
2015-06-22 16:33:09 -07:00
c301b87e3d
Merge branch 'master' into existing-cert
2015-06-22 14:54:28 -07:00
d712bcc8a8
Fixes #382 : Log more consistently
2015-06-20 10:48:14 -07:00
c092d41348
Merge remote-tracking branch 'upstream/master' into errors
2015-06-19 13:25:38 -07:00
cd1acd0462
Merge remote-tracking branch 'upstream/master' into errors
2015-06-19 12:51:19 -07:00
9312fb7eae
Allowed for more detailed error messages:
2015-06-19 12:51:09 -07:00
1b65434256
Merge master
2015-06-19 20:16:16 +01:00
ccb46eb967
Fix comment typo
2015-06-19 20:10:22 +01:00
cd10bd4726
Add DNSSEC check for A/AAAA records to validateSimpleHTTP and validateDvsni
2015-06-19 20:03:27 +01:00
2ed840e4c3
Add better CNAME/CAA comments
2015-06-19 19:18:18 +01:00
948cca7172
Consolidate CAA functions into va/validation-authority.go and core/dns.go
2015-06-19 19:06:50 +01:00
d6ed289e05
Remove duplicate error check
2015-06-18 16:36:39 -07:00
7e4b52e69a
Merge pull request #369 from bradmw/errors
...
Validation Errors
2015-06-18 16:33:30 -07:00
4e7818ac7f
Merge pull request #370 from letsencrypt/dns_lookuptxt_error_nilptr
...
Fix null pointer panic when LookupTXT fails at the DNS Resolver
2015-06-18 16:03:39 -07:00
d6e64835cc
Store data on existing certs.
2015-06-18 15:35:23 -07:00
1b484608f4
Fix null pointer panic when LookupTXT fails at the DNS Resolver
...
Seen in https://travis-ci.org/letsencrypt/boulder/builds/67439063
(Update: Don't send a nil duration)
2015-06-18 15:25:10 -07:00
d7968f2163
Merge remote-tracking branch 'upstream/master' into errors
2015-06-18 14:49:33 -07:00
609b534e98
Merge pull request #366 from letsencrypt/match-ip-email
...
Check IPAddresses and EmailAddresses in Certificate.MatchesCSR
2015-06-18 14:36:16 -07:00
38b8701ae9
Merge remote-tracking branch 'upstream/master' into errors
2015-06-18 14:10:43 -07:00
93ff18b365
Finished addinig validation errors
2015-06-18 14:10:24 -07:00
f19cad3a04
Additional cleanup of error handling
2015-06-18 10:08:59 -07:00
f89b32b420
Check IPAddresses and EmailAddresses in Certificate.MatchesCSR
2015-06-17 18:53:02 -07:00
403af37a39
Hide Authorization.Expires field when uninitialized
2015-06-17 18:34:30 -07:00
6fac234036
Updated error messages and internal error handling
2015-06-17 10:56:46 -07:00
41f5788c77
Correct most `go lint` warnings. (274 -> 5)
2015-06-16 22:18:28 -05:00
b24f6b23fe
Moved to `miekg/dns` for the VA.
...
- Created some helper methods to run DNSSEC and reduce code reuse
- Support multiple DNS servers, but not in the Config file (yet)
- Fix typo; r=@rolandshoemaker
2015-06-16 19:37:15 -05:00
b094c81371
Merge remote-tracking branch 'upstream/master' into errors
2015-06-16 10:59:16 -07:00
cc97492a54
Issue #11 : Basic DNS Challenge support
2015-06-16 09:03:03 -05:00
3ca3d9b283
Finished adding basic errors
2015-06-15 19:30:11 -07:00
01c41c1bd0
Merge pull request #354 from letsencrypt/344-internal_server_errors
...
Resolves Issue #344 : Only send InternalServerError when needed
2015-06-15 15:57:04 -07:00
80d5e50e42
Enable revocation by account key.
...
In addition to cert private key. This required modifying the GetCertificate*
functions to return core.Certificate instead of certificate bytes.
2015-06-15 12:33:50 -07:00
1474b7f21f
Resolves Issue #344 : Only send InternalServerError when needed
...
Basically, just send InternalServerError when it indicates an internal state
was broken.
2015-06-13 00:21:44 -05:00
f4ee29d1d3
Change all references from SimpleHTTPS -> SimpleHTTP
2015-06-12 11:22:04 -07:00
ef3adda09b
Switch TLS to pointer
2015-06-11 22:08:38 -07:00
c301125e93
Add TLS field to core.Challenge per spec
2015-06-11 17:12:50 -07:00
2ad15a4a85
Issue #309 : Produce OCSP Responses immediately upon issuance, if at all possible.
...
This approach performs a best-effort generation of the first OCSP response during
certificate issuance. In the event that OCSP generation fails, it logs a warning at
the Boulder-CA console, but returns successfully since the Certificate was itself
issued.
2015-06-11 11:31:04 -05:00
b38ebe18fc
Merge remote-tracking branch 'upstream/master' into better-caa
2015-06-10 15:57:05 -07:00
676ebf721f
Merge pull request #325 from letsencrypt/anti-replay
...
Add an anti-replay nonce facility
2015-06-10 16:55:20 -04:00
0265b6f5d0
Merge upstream/master and fix conflicts
2015-06-10 12:43:11 -07:00
801810d2bd
Removing extraneous printfs
2015-06-10 15:28:25 -04:00
22bff4e537
Transition from random nonces to encrypted counters (for real)
2015-06-09 17:43:04 -04:00
76f7b1c1e4
Improve build identification
...
New example:
2015/06/09 09:20:13 Versions: boulder=(generate_ocsp +0c101f2 Tue Jun 9 16:20:06 UTC 2015) Golang=(devel +46b4f67 Thu Apr 16 20:01:13 2015 +0000) BuildHost=(user@vm.local )
2015-06-09 09:22:29 -07:00
603e625758
Remove debug statement
2015-06-08 18:09:02 -07:00
bc2c28a5ce
Check Challenge.Path isn't malformed in Challenge.IsSane
2015-06-08 18:02:01 -07:00
370b6f9bf9
Return error from core.GoodKey
2015-06-06 17:12:16 -07:00
75a40e3597
Fix typo
2015-06-06 06:15:19 -07:00
bb5c042cef
Fix tests and various other cleanup
2015-06-06 02:06:35 +01:00
d6591ada58
Speed up test
2015-06-05 19:03:45 +01:00
0bfc50b7e5
Add check for max key size
2015-06-05 19:02:10 +01:00
6a4aa8de3c
Merge pull request #304 from letsencrypt/296-ca_tx_move
...
Issue #296 : Fix erroneous transaction handling in CA
2015-06-03 22:10:43 -07:00
a3521bcb61
Merge pull request #277 from rolandshoemaker/check-cert
...
Check generated certificate matches CSR
2015-06-03 22:10:35 -07:00
27f5aebbcd
Updates per review
2015-06-03 21:57:01 -07:00
abdc174be8
Issue #296 : Fix erroneous transaction handling in CA
...
- Moved the transaction handling up to the `certificate-authority.go` file
- Simplified `certificate-authority-data.go`
- Created a mocks file in `test/` and reworked RA and CA to use it
- More audit logging to CA
2015-06-03 19:23:24 -07:00
78e621c95f
further review fixes
2015-06-03 00:27:08 +01:00
04479eca5c
Merge pull request #291 from letsencrypt/fix-revocation
...
Revert change to revocation from #275
2015-06-02 17:52:35 -04:00
7a60d431d6
Revert "Supporess the 'expires' field in public Authorizations"
...
This reverts commit d47b7c12ac
2015-06-02 12:02:05 -07:00
026cb424fc
Revert "Replace RevokeCertficate with something more in line with the spec"
...
This reverts commit b1bad40fe6
2015-06-02 10:45:54 -07:00
51890a9626
Move cert-csr check to boulder/core and review fixes
2015-06-02 17:56:28 +01:00
e5bf16711c
Add generated cert checks
2015-06-01 14:00:49 +01:00
bfd9e4ac20
Fixing JCJ nits
2015-06-01 02:11:10 -04:00
b1bad40fe6
Replace RevokeCertficate with something more in line with the spec
2015-06-01 02:11:10 -04:00
d47b7c12ac
Supporess the 'expires' field in public Authorizations
2015-06-01 02:08:47 -04:00
e8edbf5f21
Making capitalization consistent with Go standards
2015-06-01 02:08:47 -04:00
acc6963a90
Some simplifications to good_key.go
2015-06-01 02:05:17 -04:00
9917ca17f6
Clean up TODOs
2015-06-01 02:05:17 -04:00
c0bacc3fb6
Add more detailed error code reporting
2015-05-31 15:58:08 -04:00
c3c52eda17
Merge branch 'master' into check-validity2
2015-05-31 13:32:44 -04:00
3e593d73c9
Merge pull request #262 from letsencrypt/ra-tests
...
Miscellaneous Fixes
2015-05-30 22:08:49 -07:00
9b747d08be
More tests
2015-05-30 15:29:58 -04:00
7a09c78788
Issue #254
2015-05-30 13:21:36 -04:00
441ce328c7
Merge pull request #255 from letsencrypt/202-ocsp-responder
...
Issue #202 : Initial OCSP Responder
2015-05-30 13:10:50 -04:00
a684177a09
Issue #236
2015-05-30 11:08:18 -04:00
9653974130
Remove spurious objects.go.orig.
2015-05-29 13:25:49 -07:00
92967f03b6
go fmt
2015-05-29 13:11:57 -07:00
6a6a8aa72d
Merge branch 'master' into goodkey
...
Conflicts:
ca/certificate-authority.go
ra/registration-authority.go
ra/registration-authority_test.go
2015-05-29 12:26:24 -07:00
8846fd2c90
Merge upstream/master
2015-05-29 09:36:46 +01:00
4518f0bf17
Migrate CADB to using GORP.
2015-05-28 23:11:03 -07:00
68fc8a8f4f
More rebase
2015-05-28 20:35:29 -07:00
0d7555b7af
Rebase on master
2015-05-28 20:34:47 -07:00
b59682cb91
Add validity interval checking
2015-05-28 20:30:46 -07:00
8766edaa93
Issue #239 - Add a build ID method to WFE, and print Info on startup for all
2015-05-28 11:13:09 -07:00
d1321f2d78
More RPC fixes for Issue #202
...
- NewPendingAuthorization now uses a core.Authorization object, so
that foreign key constraints are followed
- core.Authorization now serializes RegistrationID to JSON, so it has to get
blanked out in WFE before transmission to client.
- Remove ParsedCertificate from core.Certificate, as type x509.Certificate cannot
be marshaled.
- Added AssertDeepEquals and AssertMarhsaledEquals to test-tools.go
- Caught several overloaded and misleadingly named errors in WFE
2015-05-28 11:05:55 -07:00
81c7466e97
add rpc-wrapper and interface code
2015-05-28 09:58:16 +01:00
e4e52e7315
More work on Issue #202 for RPC functions
...
- Fix a bunch of typos in rpc-wrappers.go
- Unblank `id` in core.Registration JSON:
- It's not spec, but it's not hurting anything, and we reveal it to clients anyway.
- We need knowledge of the ID in RPC, so if we don't want to include this in the object, we need to make a transfer object to wrap it.
- Make the RPC logs much clearer as to who's talking to who
- Typo in WFE where we called a registration an authz
2015-05-27 23:37:12 -07:00
af0f8446eb
Issue #202 , Periodic OCSP Signer Tool
...
- Move dbMap construction and type converter into individual files in the sa package.
- Add DB configuration for the OCSP tool to the boulder config:
- left to the user if they want to use different boulder-config.json files
for different purposes.
- Added updater to Makefile
- Fix trailing ',' in the Boulder config, add more panic logging
- Ignore .pem files produced by the integration test
- Change RPC to use per-instance named reply-to queues.
- Finish OCSP Updater logic
- Rework RPC for OCSP to use a transfer object (due to serialization problems of x509.Certificate)
2015-05-27 22:01:29 -07:00
343920cfe3
Fix integration test while running with MySQL
...
- Add SQL configuration options
- Increase the width of the authz and pending_authz tables' challenges field
- Make it configurable whether CREATE TABLE commands should run
2015-05-27 13:39:18 -07:00
f15da06af7
Issue #238 - MySql column width too narrow
...
- Added SQL debug logging (SA option: "SQLDebug")
- Added timestamps to the log prints to stdout
- Ignore *.pem in test/js
- Modified start.sh to support environment overrides for BOULDER_CONFIG, like the AMQP mode
- Changed boulder-test-config to open the server on the loopback device, so as to not cause firewall prompts on each integration test run for those of us being restrictive
- Renamed "key" column to "jwk" in DB, to avoid keyword conflict
- Set MaxLength on "jwk" column to 512
2015-05-27 12:12:41 -07:00
6c6199023d
Merge pull request #231 from letsencrypt/230-unknown-key-type
...
Resolved Issue #230
2015-05-26 15:05:34 -07:00
bc3acca096
Resolved Issue #230
...
- Move setting the core.Registration.Key field from RA.NewRegistration to
WFE.NewRegistration to avoid a chicken-and-egg problem.
- Note: I kept the RPC wrapper object even though it now only has one field.
Seems like it's a good practice to use wrapper objects, even though we don't
everywhere.
2015-05-26 14:44:15 -07:00
19fd285859
Merge pull request #223 from rolandshoemaker/revoker
...
admin-revoker tool
2015-05-26 14:37:33 -07:00
e1eeebce52
Only run validations against updated challenges (instead of everything)
2015-05-26 17:08:49 +01:00
d184862427
gofmt and move deniedCSR table creation back to SA
2015-05-25 01:17:28 +01:00
0ab71bed62
initial revoker work
2015-05-23 12:46:56 +01:00
f63c8ec5ca
Merge pull request #218 from letsencrypt/204_audit_challenges
...
Audit all Challenges (success/failure) in VA for Issue #204
2015-05-21 14:23:54 -07:00
1c9837ddf8
Audit all Challenges (success/failure) in VA for Issue #204
...
- Don't ignore entropy underruns in challenges.go
- Correct identity crisis in Policy Authority; hopefully it will remember.
- Add a method `AuditObject` in audit-logger and convert RA/VA to use it
- Fix json typo in registration-authority that caused empty audit logs
- Fix vet issue in WFE where RegID was being printed as a 32-bit int instead of 64-bit
- Unfix the issue in WFE where RegID isn't right, per PR #215
2015-05-21 13:58:40 -07:00
870f02917c
check subscriber agreement in new/updated registrations
2015-05-18 20:56:51 -07:00
42302541bd
Run `go fmt` for PR #186
2015-05-18 18:44:38 -07:00
c3b312118e
Add audit logging
...
- Auditing for general errors in executables
- Auditing for improper messages received by WFE
- Automatic audit wlogging of software errors
- Audit logging for mis-routed messages
- Audit logging for certificate requests
- Auditing for improper messages received by WFE
- Add audit events table
- Expect more details in TestRegistration in web-front-end_test.go
- Remove "extra" debug details from web-front-end.go per Issue #174
- Improve test coverage of web-front-end.go
- WFE audit updates for revocation support rebase
- Add audit messages to RPC for Improper Messages and Error Conditions
- Also note misrouted messages
2015-05-18 18:23:08 -07:00
e1ba291019
Store registration ID with certificate
2015-05-16 13:47:51 -07:00
faa1d5ac45
review cleanups
2015-05-16 13:25:36 -07:00
e233fdaa61
switch authz and pending_authz to store registration ID instead of key (and update all the random stuff they touched)
2015-05-14 14:14:36 -07:00
6be5c4910e
Merge pull request #185 from rolandshoemaker/deny-store
...
Store and check previously denied CSRs
2015-05-14 09:03:06 -07:00
b9745cf894
check key is assosiated with existing registration in verifyPOST
2015-05-13 19:16:20 -07:00
aa8c20f84a
Fixes in response to review feedback.
2015-05-13 17:36:39 -07:00
3eed9e3f7c
Move to Square's go-jose library.
2015-05-13 17:36:38 -07:00
5d5eea7071
switch to only store dns names
2015-05-13 12:08:50 -07:00
314fb5e9f6
add WFE mashaling test
2015-05-12 21:04:48 -07:00
07182500eb
add missing rpc methods
2015-05-12 00:08:48 -07:00
d95c552ab4
add denied csr table and AddDeniedCSR + AlreadyDeniedCSR methods for checking, added AddDeniedCSR to ra.NewCertificate
2015-05-11 23:02:39 -07:00
1bf93f42ec
add anonymous tags to LockCol fields on core objects
2015-05-11 21:57:45 -07:00
915956c779
Once, initialize small primes as big.Int
2015-05-09 11:54:34 -07:00
cb00816e48
Merge branch 'goodkey' of github.com:letsencrypt/boulder into goodkey
...
Conflicts:
ca/certificate-authority.go
core/good_key.go
core/good_key_test.go
2015-05-09 11:48:32 -07:00
ea457f7167
Split out RSA/ECDSA functions.
2015-05-09 11:34:13 -07:00
34a6e1511d
Add good_key.go.
2015-05-09 11:24:47 -07:00
8acae627eb
Fix sanity checking for challenges.
...
Also add more debug logging.
2015-05-08 15:32:11 -07:00
8b1139be70
Merge pull request #149 from rolandshoemaker/gorp
...
Switch SQL backend to gorp
2015-05-08 09:47:46 -07:00
b47d402533
Merge pull request #154 from rolandshoemaker/sanity
...
Challenge sanity check
2015-05-08 08:48:04 -07:00
79b8958f70
fix conflict
2015-05-07 02:07:32 -07:00
651689711f
move table comments from SA to relevant core object fields
2015-05-06 21:56:05 -07:00
1cc1df2726
use core objects as models (except for pending/final authz)
2015-05-06 21:45:37 -07:00
3f6bf6d35d
add status check
2015-05-06 17:24:26 -07:00
0882e34ec6
Add testing for small prime divisibility.
2015-05-06 16:51:13 -07:00
02421fefd9
Add tests.
2015-05-06 16:10:00 -07:00
771d6d9b6d
add serial conv. functions and basic tests
2015-05-06 16:07:19 -07:00
07310b5fa1
hook sanity check into VA and RA
2015-05-06 15:19:21 -07:00
f778ba12de
Implement key checking in RA and CA.
2015-05-06 10:25:30 -07:00
d555e0d0c5
proper nonce test
2015-05-06 01:08:49 -07:00
e3f9e142f8
sanity test
2015-05-06 00:51:37 -07:00
aea9fbf0f7
challenge sanity check
2015-05-06 00:16:53 -07:00
175fc26450
Add good_key.go.
2015-05-05 19:03:06 -07:00
1cee83c262
add db tags to structs we are embeding, update models, add custom type converter, simplify DumpTables (+ fix it), move GetCert... methods to gorp
2015-05-02 21:28:39 -07:00
ac78f333f8
Merge branch 'master' into ocsp-table
...
Conflicts:
ca/certificate-authority.go
ca/certificate-authority_test.go
cmd/boulder-ca/main.go
cmd/boulder/main.go
sa/storage-authority.go
sa/storage-authority_test.go
2015-05-02 11:10:05 -07:00
9c272cebe8
Resolve comments from PR #141
2015-05-01 22:06:38 -07:00
1543a71c3e
Remove stray code...
2015-05-01 22:04:00 -07:00
d609aebc3f
Some NewToken tests
2015-05-01 22:03:59 -07:00
f00848e115
Hypothetical RNG failure handling
2015-05-01 22:03:59 -07:00
7352757086
Add test
2015-05-01 16:01:50 -07:00
79b548ad37
Add interface for RevokeCertificate.
2015-04-30 12:44:17 -07:00
73603c95cf
Add reason code and fix index.
2015-04-30 11:31:36 -07:00
8e30ff81fb
Partly done implementation of revoke.
2015-04-29 18:36:26 -07:00
1d2c6a5d7c
Split out GetCertificate / GetCertificateByShortSerial.
...
Also stub out some initial revocation code.
2015-04-29 11:48:08 -07:00
7145207104
Add initial certificate status in SA.
...
Also improve test tools.
2015-04-23 19:52:34 -07:00
7d8ef9a019
Fix tests and tidy up for review.
2015-04-18 23:44:42 -04:00
431ad092eb
Query certs by sequential part of serial number.
...
Also refactor WFE for better initialization and change StorageAuthority to
support this type of query.
2015-04-18 00:48:19 -04:00
e389f98ba2
Fixes for golint
2015-04-13 16:24:35 -07:00
e972647b5e
Serial number get-and-increment method
...
Add stubs for integration with Issue #83 .
2015-04-12 08:10:28 -07:00
97b356fcd4
Add a Certificate Authority Database stub
...
* A few tests, but they don't all pass
* needs actual DB code
2015-04-12 08:10:28 -07:00
84df10fd6e
Add empty tests where missing.
...
This will bring our coverage numbers down to a more meaningful number, and will
mean that we can start aiming to increase them monotonically.
2015-04-07 11:27:33 -07:00
33db859a5d
Fix non-compliance issue stemming from PR #31 .
...
Caught by @kuba, thanks!
2015-03-24 09:18:03 -07:00
4e0aa900c9
Rebase 'lint-errcheck-fixes' of git://github.com/mvdan/boulder to letsencrypt/master
...
Conflicts:
cmd/boulder-start/main.go
core/interfaces.go
core/objects.go
core/util.go
ra/registration-authority.go
ra/registration-authority_test.go
rpc/rpc-wrappers.go
va/validation-authority.go
wfe/web-front-end.go
2015-03-20 18:01:03 -07:00
e604b8edb9
Update per spec
...
- Spec says the Challenge objects contain a field "Validated" not "Completed."
- The Challenge object says "Validated" should be omitempty, but wasn't a pointer.
- Swapped to using pointers so it will not be "completed":"0001-01-01T00:00:00Z"
- Sort of related to [Issue #71 in Acme-Spec](https://github.com/letsencrypt/acme-spec/issues/71 )
- Remove commented-out line from Dockerfile (whoops)
2015-03-20 15:37:53 -07:00
752e91d8eb
Initial policy authority
2015-03-16 12:55:05 -04:00
568bad588a
Identifier checking (syntax,blacklist,PSL)
2015-03-16 12:17:31 -04:00
96bd7e215a
Further plumbing of registrations
2015-03-15 15:33:05 -04:00
d938deb3fd
Separate resources for challenges [initial]
2015-03-14 19:07:16 -04:00
e3dd04e9b8
Merge pull request #34 from bifurcation/coverage
...
Improved test coverage in boulder/core
2015-03-14 13:19:52 -04:00
4db3f77607
Fixing 'go vet' issue
2015-03-14 13:09:06 -04:00
2c9ed3c792
Fixing errors discovered with increased testing.
2015-03-14 11:20:59 -04:00
227eb2fd36
Improved test coverage for 'core' module
2015-03-14 11:20:32 -04:00
8f4ea0efd8
Adapting to point to mainlined JOSE
2015-03-13 13:11:04 -07:00
91b12a2e1a
Simplify if err != nil structure when applicable
2015-03-12 12:46:18 +01:00
6c0c22b8f9
Separate imports from the standard library
2015-03-12 12:29:21 +01:00
d66e581736
Replace Https by HTTPS as per golint
2015-03-12 12:21:40 +01:00
880821801e
hash.Hash.Write() never returns an error
2015-03-12 12:18:37 +01:00
083fb1b7e7
Ignore rand.Read() errors uniformly
2015-03-12 12:18:30 +01:00
c931b559a8
Fix "if block ends with a return statement"
2015-03-12 12:13:50 +01:00
9d9ad5f1ab
Fix a 'vet' issue, and more travis cleaning
...
It'd be nice if I could simulate a travis build locally first...
2015-03-11 08:37:33 -06:00
37919058e5
Pulling out va module
2015-03-10 14:26:20 -07:00
b545ad6956
Pulling out ra module
2015-03-10 14:22:37 -07:00
c6673ade2e
Pulling out core module
2015-03-10 13:54:13 -07:00
Jacob Hoffman-Andrews
Tom Clegg
Roland Shoemaker
Jeff Hodges
Richard Barnes
Jeremy Gillula
J.C. Jones
Brad Warren
James 'J.C.' Jones
bifurcation
Peter Eckersley
Daniel Martí
J.C. Jones