letsencrypt
/
boulder
mirror of https://github.com/letsencrypt/boulder.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
1,950 Commits 89 Branches 416 Tags 101 MiB
Commit Graph

195 Commits

Author SHA1 Message Date
Tom Clegg 87dd8a4c44 Merge branch 'master' into 469-fix-cors-headers 2015-10-02 01:37:59 -07:00
Jacob Hoffman-Andrews 6963811ab5 Merge remote-tracking branch 'le/master' into paranoid-key 
Conflicts:
	core/util.go
 2015-10-01 14:13:05 -07:00
Jacob Hoffman-Andrews a9db85adf2 Merge branch 'master' into paranoid-key 2015-10-01 14:12:38 -07:00
Jeff Hodges c24ced260e Merge branch 'master' into cert-limit 2015-10-01 11:11:55 -07:00
Tom Clegg 41fcec2db5 Remove unneeded Access-Control-Allow-Headers header. 2015-09-30 18:23:02 -07:00
Roland Shoemaker 65f10a5f9f Review fixes 2015-09-30 15:34:24 -07:00
Tom Clegg 05a142c6b7 Fix accidentally sending preflight headers with "actual" responses. 2015-09-30 13:34:36 -07:00
Tom Clegg 9898aec7e7 Test status==405 and body=="" on disallowed HEAD. 2015-09-30 11:10:18 -07:00
Tom Clegg c56f035cff Merge branch 'master' into 469-fix-cors-headers 
Conflicts:
	wfe/web-front-end.go
	wfe/web-front-end_test.go
 2015-09-30 07:13:12 -07:00
Jacob Hoffman-Andrews 685c6e4206 Use stored key to verify JWS POSTs 
instead of submitted key. This minimizes the chances of unexpected JWK fields in
the submitted key altering its interpretation without altering the lookup in the
registrations table.

In the process, fix handling of NoSuchRegistration responses.

Fixes https://github.com/letsencrypt/boulder/issues/865.
 2015-09-29 23:37:16 -07:00
Tom Clegg a49e54cfc3 Merge branch 'master' into 469-fix-cors-headers 
Conflicts:
	wfe/web-front-end.go
 2015-09-28 20:02:44 -07:00
Jacob Hoffman-Andrews 1fbf2d4990 Fix HEAD to work only for GET resources. 2015-09-27 23:49:59 -07:00
Jacob Hoffman-Andrews ecd08c0798 Allow HEAD for all GET resources. 2015-09-27 12:36:18 -07:00
Roland Shoemaker 96afd94e88 Review fixes 
* Rewrite JSONDuration as ConfigDuration that can handle both JSON and YAML unmarshaling
* Factor out RPC certificate count request struct
* Return 429 to WFE on rate limit exceeded
* Fix wonky RateLimitPolicy comment
 2015-09-25 14:39:53 -07:00
Roland Shoemaker 6f41cc9e39 Add issuance rate limiting based on total number of certificates issued in a window 
Since the issuance count requires a full table scan a RA process local cache of the
count is kept and expired after 30 minutes.
 2015-09-24 12:54:38 -07:00
Jacob Hoffman-Andrews 954004fafb Merge branch 'longserial' of github.com:letsencrypt/boulder into longserial 2015-09-22 16:18:07 -07:00
Jacob Hoffman-Andrews 3c5ffdea49 Restore full test for certificate location. 2015-09-22 16:17:22 -07:00
Jeff Hodges a645430a23 Merge branch 'master' into longserial 2015-09-22 15:01:47 -07:00
Jacob Hoffman-Andrews 02314f4041 Implement the new 144-bit mostly-random serial. 
To keep the change small, I have not yet completely removed the
GetCertificateByShortSerial method from interfaces and the RPC. I will do taht
in a follow up change.
 2015-09-21 13:10:16 -07:00
Tom Clegg 42958d1aab Merge branch 'master' into 469-fix-cors-headers 2015-09-17 19:19:55 -07:00
Roland Shoemaker 536de0249d Merge master 2015-09-16 18:08:26 -07:00
Jacob Hoffman-Andrews f7910753b5 Move MockSA from WFE to mocks. 2015-09-16 12:57:06 -07:00
Roland Shoemaker cc65beef3f Merge master 2015-09-15 14:52:40 -07:00
Jeff Hodges 7648e452b9 Merge branch 'master' into earliest-expiry 2015-09-15 13:26:44 -07:00
Tom Clegg 38b7bbee97 Merge branch 'master' into 469-fix-cors-headers 2015-09-15 15:49:37 -04:00
Roland Bracewell Shoemaker acf2999d5f Merge branch 'master' into clean_up_new_reg_test 2015-09-15 12:22:19 -07:00
Roland Shoemaker f35643bcaf Merge master 2015-09-15 12:05:58 -07:00
Tom Clegg 9eca9f0805 golint 2015-09-12 17:09:07 -04:00
Tom Clegg 62f7e6e530 Add config entry for allowed origins. 2015-09-12 01:39:55 -04:00
Tom Clegg b6a4b66899 Fix CORS headers, support OPTIONS requests. 2015-09-12 01:39:51 -04:00
Jacob Hoffman-Andrews e3c226a84e Remove earliestExpiry from IssueCertificate call. 2015-09-11 15:09:11 -04:00
Roland Bracewell Shoemaker d55e0e0d8d Merge branch 'master' into fix-wfe-test-better 2015-09-11 11:58:28 -07:00
Jeff Hodges 52055d3190 Merge branch 'master' into clean_up_new_reg_test 2015-09-11 11:31:46 -07:00
Jacob Hoffman-Andrews 6233c0891c Fix typo. 2015-09-11 14:08:26 -04:00
Jacob Hoffman-Andrews 57e349ef00 Merge github.com:letsencrypt/boulder into fix-wfe-error 2015-09-11 13:54:25 -04:00
Jacob Hoffman-Andrews a48142e3c7 Remove testing arg. 2015-09-11 13:54:18 -04:00
Jacob Hoffman-Andrews 875a71e53e Fix WFE test properly. 
The WFE test relies on a pre-generated cert. Since there are some sanity checks
on the dates in certs, we were getting errors during the test.

One quick fix is to have those sanity checks rely on RA's clock object, which
can be replaced with a fake for testing. In order to do that, I had to move the
sanity check (MatchesCSR) into the registration authority package, where it
makes more sense anyhow.

I also removed a handful of equality testing functions in objects.go that were
only used by MatchesCSR and whose purpose is better served by reflect.DeepEqual.
This was to avoid having to also move those equality testing functions into the
registration authority.
 2015-09-11 13:17:18 -04:00
Jeff Hodges 845e1261a4 Merge branch 'master' into clean_up_new_reg_test 2015-09-10 14:48:59 -07:00
Jeff Hodges bea4ca29b4 Merge branch 'master' into metrics-cleanup 2015-09-10 14:33:50 -07:00
Jeff Hodges e938969f3d de-dupe TestNewRegistration 
I didn't follow what was going on in it. Another test is being added in
a later PR.
 2015-09-10 14:07:55 -07:00
Jacob Hoffman-Andrews 4724bb7e80 Merge branch 'master' into index-fix 2015-09-10 16:51:38 -04:00
Roland Shoemaker 346a8c1a01 Merge master 2015-09-10 13:47:19 -07:00
Jeff Hodges 092e0b19ef Merge branch 'master' into challenge-display-uri 2015-09-10 13:12:46 -07:00
Roland Shoemaker 871a77c4b8 Merge master 2015-09-10 13:00:52 -07:00
Jacob Hoffman-Andrews 253d700d06 Merge branch 'master' into challenge-display-uri 
Conflicts:
	cmd/boulder-ra/main.go
	ra/registration-authority.go
	ra/registration-authority_test.go
 2015-09-10 15:44:21 -04:00
Jeff Hodges def66fc85d Merge branch 'master' into index-fix 2015-09-10 12:37:03 -07:00
Jeff Hodges 442e6e28e5 set /directory's content-type correctly to json 
Fixes #769
 2015-09-10 12:30:01 -07:00
Jacob Hoffman-Andrews 998ffc79cb Do GoodKey checking in WFE. 2015-09-09 20:30:55 -04:00
Jacob Hoffman-Andrews 09c2a05a01 Fix index method. 
The HTML reply pointed to the new-reg URL, when it should point to the
directory.

Also fix https://github.com/letsencrypt/boulder/issues/717 by checking first
whether the request path is exactly "/" and giving 404 otherwise.
 2015-09-09 16:50:54 -04:00
Jacob Hoffman-Andrews ffcd1c866d Make challenge URI a display-time property. 
Challenge URIs should be determined by the WFE at fetch time, rather than stored
alongside the challenge in the DB. This simplifies a lot of the logic, and
allows to to remove a code path in NewAuthorization where we create an
authorization, then immediately save it with modifications to the challenges.

This change also gives challenges their own endpoint, which contains the
challenge id rather than the challenge's offset within its parent authorization.
This is also a first step towards replacing UpdateAuthorization with
UpdateChallenge: https://github.com/letsencrypt/boulder/issues/760.
 2015-09-09 16:23:45 -04:00