01c41c1bd0
Merge pull request #354 from letsencrypt/344-internal_server_errors
...
Resolves Issue #344 : Only send InternalServerError when needed
2015-06-15 15:57:04 -07:00
80d5e50e42
Enable revocation by account key.
...
In addition to cert private key. This required modifying the GetCertificate*
functions to return core.Certificate instead of certificate bytes.
2015-06-15 12:33:50 -07:00
1474b7f21f
Resolves Issue #344 : Only send InternalServerError when needed
...
Basically, just send InternalServerError when it indicates an internal state
was broken.
2015-06-13 00:21:44 -05:00
615366636a
Send CORS headers
2015-06-11 22:26:16 -04:00
d398bd962a
Send an Allow header whenever we send 405
2015-06-11 22:12:01 -04:00
2ad15a4a85
Issue #309 : Produce OCSP Responses immediately upon issuance, if at all possible.
...
This approach performs a best-effort generation of the first OCSP response during
certificate issuance. In the event that OCSP generation fails, it logs a warning at
the Boulder-CA console, but returns successfully since the Certificate was itself
issued.
2015-06-11 11:31:04 -05:00
8289a6d2fa
Make tests pass
2015-06-09 17:43:16 -04:00
573e35ed56
Disallow multiple registrations with same key (and fix all related tests)
2015-06-04 20:21:59 +01:00
a3521bcb61
Merge pull request #277 from rolandshoemaker/check-cert
...
Check generated certificate matches CSR
2015-06-03 22:10:35 -07:00
78e621c95f
further review fixes
2015-06-03 00:27:08 +01:00
04479eca5c
Merge pull request #291 from letsencrypt/fix-revocation
...
Revert change to revocation from #275
2015-06-02 17:52:35 -04:00
7a60d431d6
Revert "Supporess the 'expires' field in public Authorizations"
...
This reverts commit d47b7c12ac
2015-06-02 12:02:05 -07:00
026cb424fc
Revert "Replace RevokeCertficate with something more in line with the spec"
...
This reverts commit b1bad40fe6
2015-06-02 10:45:54 -07:00
51890a9626
Move cert-csr check to boulder/core and review fixes
2015-06-02 17:56:28 +01:00
c830921b5a
WFE test comment cleanup
2015-06-01 16:39:21 +01:00
0048453fc8
remove JWS request generation cruft
2015-06-01 16:15:38 +01:00
33df806d25
wfe test fixes + DNSNames and CommonName cleanup
2015-06-01 15:01:24 +01:00
e5bf16711c
Add generated cert checks
2015-06-01 14:00:49 +01:00
b1bad40fe6
Replace RevokeCertficate with something more in line with the spec
2015-06-01 02:11:10 -04:00
d47b7c12ac
Supporess the 'expires' field in public Authorizations
2015-06-01 02:08:47 -04:00
7f8f12c91b
Fixing broken WFE tests due to agreement checking
2015-06-01 02:08:47 -04:00
a188c2c775
Fixing some additional cases from #265
2015-05-31 16:16:25 -04:00
466154cc61
Merge master
2015-05-31 16:13:06 -04:00
457f71a512
Merge master
2015-05-31 16:03:43 -04:00
c0bacc3fb6
Add more detailed error code reporting
2015-05-31 15:58:08 -04:00
c8d001b3fb
better MockCA IssueCertificate argument name
2015-05-31 20:47:18 +01:00
94a3a1effb
fix mock bug
2015-05-31 20:33:44 +01:00
170012808c
Remove invalid openssl signature comment
2015-05-31 20:21:03 +01:00
c67b4393a1
HandlePath work around
2015-05-31 11:37:14 +01:00
4afa15201b
Merge remote-tracking branch 'upstream/master' into wfe-tests
2015-05-31 11:33:05 +01:00
62d25cffe0
review cleanup
2015-05-31 11:32:55 +01:00
e563e831d2
store random cert as hex
2015-05-30 21:38:39 +01:00
ba8b84ef09
Another couple of test fixes
2015-05-30 14:41:18 -04:00
b2f78525dc
gofmt
2015-05-30 19:00:42 +01:00
c6b51176a2
add *even* more header checks
2015-05-30 18:59:01 +01:00
0493c8e4ff
add actual header checks
2015-05-30 18:44:48 +01:00
78bbc3e2e5
Add header checks
2015-05-30 18:37:43 +01:00
20e36a9dff
full IssueCertificate test
2015-05-30 18:36:03 +01:00
1fd691564d
Fix broken test, only run integration tests if unit tests pass.
2015-05-28 08:35:13 -07:00
bc3acca096
Resolved Issue #230
...
- Move setting the core.Registration.Key field from RA.NewRegistration to
WFE.NewRegistration to avoid a chicken-and-egg problem.
- Note: I kept the RPC wrapper object even though it now only has one field.
Seems like it's a good practice to use wrapper objects, even though we don't
everywhere.
2015-05-26 14:44:15 -07:00
74ecad349b
Merge upstream/master
2015-05-20 13:03:43 -07:00
0f4f17e82b
make sure user has agreed before any subsequent actions
2015-05-20 12:58:14 -07:00
8dd4c650bd
Disallow GETs for Registration.
...
Per the spec, authenticated requests must be signed by an account key, and
GET requests can't be signed under the current protocol. If the account holder
wishes to fetch their current registration, they can do so by posting a signed,
empty update to their registration resource.
Also fix a bug in generating registration URLs.
2015-05-19 12:44:04 -07:00
870f02917c
check subscriber agreement in new/updated registrations
2015-05-18 20:56:51 -07:00
97ff1c8423
merge upstream/master
2015-05-18 19:07:04 -07:00
1c7d0d5411
gofmt touched files
2015-05-18 19:03:25 -07:00
cf7f6f5db3
add RA regID checks
2015-05-18 18:53:48 -07:00
42302541bd
Run `go fmt` for PR #186
2015-05-18 18:44:38 -07:00
c3b312118e
Add audit logging
...
- Auditing for general errors in executables
- Auditing for improper messages received by WFE
- Automatic audit wlogging of software errors
- Audit logging for mis-routed messages
- Audit logging for certificate requests
- Auditing for improper messages received by WFE
- Add audit events table
- Expect more details in TestRegistration in web-front-end_test.go
- Remove "extra" debug details from web-front-end.go per Issue #174
- Improve test coverage of web-front-end.go
- WFE audit updates for revocation support rebase
- Add audit messages to RPC for Improper Messages and Error Conditions
- Also note misrouted messages
2015-05-18 18:23:08 -07:00
e1ba291019
Store registration ID with certificate
2015-05-16 13:47:51 -07:00
Roland Shoemaker
Jacob Hoffman-Andrews
J.C. Jones
Richard Barnes
James 'J.C.' Jones
bifurcation