68536ac22a
Merge branch 'master' into lower_domains
2015-10-09 13:04:00 -07:00
be36c3d71d
Merge branch 'master' into test-reg-rate-limit-3
2015-10-09 12:48:13 -07:00
88614a444f
Merge branch 'master' into lower_domains
2015-10-09 12:10:22 -07:00
0df44e5d90
clean up CSRs with capitalized letters
...
This change lowercases domains before they are stored in the database
and makes policy.WillingToIssue reject any domains with uppercase
letters.
Fixes #927 .
2015-10-08 17:04:07 -07:00
c0f5fd1bb6
Fix AddSCTReceipt RPC transit
2015-10-08 17:00:35 -07:00
487d08ec2e
Add rate limiting by registration IP.
2015-10-08 15:47:08 -07:00
acdb1fa91b
Merge branch 'master' into issued-names-limit-2
...
Conflicts:
mocks/mocks.go
rpc/rpc-wrappers.go
sa/storage-authority.go
2015-10-07 17:20:36 -07:00
b01e99ea04
Merge branch 'master' into golint
2015-10-07 10:42:36 -04:00
b6469b4bba
Merge branch 'master' into golint
2015-10-06 23:04:23 -04:00
e0cdd13bbb
Merge branch 'master' into issued-names-limit-2
2015-10-06 16:10:29 -07:00
f210ee0a9f
Merge branch 'master' into sig-reuse
2015-10-06 18:01:50 -04:00
06879cb44f
remove some allocations from B64enc codepath
...
B64enc makes some nasty allocations through its use of strings.Replace
in unpad. This changes that strings.Replace into a simple for-loop.
B64enc gets used in many places, including the rpc library on every
request and response. While we should probably not use it in the rpc
library (#909 ), there are enough other places it's used (now or in the near
future) that make this valuable.
Was a performance problem found during early load-testing (#20 ) of the
CA. More to come.
2015-10-06 00:31:51 -07:00
f064c6d5c7
Merge branch 'master' to 'sig-reuse'
2015-10-05 23:16:16 -04:00
90050e91f5
Merge branch 'master' into golint
2015-10-05 19:23:24 -04:00
4405bc5dbc
Address @jsha comments
2015-10-05 19:23:31 -04:00
5217af94b0
allow whitelisting by a specific reg id
...
Currently, the whitelisted registration ID is one that is impossible for the
database to return. Once the partner's registration is in place, we can
deploy a change to it.
Fixes #810
2015-10-05 14:11:38 -07:00
e7f47d4f09
Merge branch 'master' into golint
2015-10-05 00:14:29 -04:00
5d4fccabeb
Merge master
2015-10-04 21:08:51 -07:00
4a98145992
Review fixes
2015-10-04 21:05:44 -07:00
1d91d81158
Implement rate limiting by domain name.
2015-10-04 21:04:26 -07:00
961e392521
Merge branch 'master' into sig-reuse
2015-10-04 23:25:54 -04:00
f3a40ac76c
Address @jcjones comments
2015-10-04 23:24:06 -04:00
0f3f766d26
Fix golint in ./core
2015-10-04 20:07:13 -04:00
6906e395a4
Pass RateLimitedError properly through RPC layer.
2015-10-03 22:59:28 -07:00
9414b1a37e
Address @jmhodges comments and make tests pass
2015-10-03 14:47:17 -04:00
3f7247a80d
Change to KeyAuthorization in sa
2015-10-03 13:18:33 -04:00
a7a0f8d235
Change to KeyAuthorization in core
2015-10-03 12:58:05 -04:00
eb42a08258
Make RA check sanity and make tests pass
2015-10-03 10:41:23 -04:00
b4d45321a8
Have the client provide the authorized key object
2015-10-02 13:45:32 -04:00
4c20bfe310
Merge master to sig-reuse
2015-10-01 18:58:35 -07:00
367973122e
Change 'TO DELETE' comments to something more useful
2015-10-01 18:48:15 -07:00
72bbc8fd1f
Move UnsafeSetToken to /test/
2015-10-01 18:27:17 -07:00
a07e3b4e13
Merge branch 'master' into paranoid-key
2015-10-01 16:17:32 -07:00
d433062f16
Merge branch 'master' into issued-names-count
2015-10-01 14:19:14 -07:00
6963811ab5
Merge remote-tracking branch 'le/master' into paranoid-key
...
Conflicts:
core/util.go
2015-10-01 14:13:05 -07:00
685c6e4206
Use stored key to verify JWS POSTs
...
instead of submitted key. This minimizes the chances of unexpected JWK fields in
the submitted key altering its interpretation without altering the lookup in the
registrations table.
In the process, fix handling of NoSuchRegistration responses.
Fixes https://github.com/letsencrypt/boulder/issues/865 .
2015-09-29 23:37:16 -07:00
0f4ebae6e0
Address @bifurcation comments
2015-09-29 09:33:44 -04:00
ea50be6c50
Change 00 to 01, and drop the underscore
2015-09-29 08:57:43 -04:00
f476432449
Store a DB of issued names.
...
Add counting for issued names within a given time period.
First part of https://github.com/letsencrypt/boulder/issues/864 .
2015-09-28 19:37:50 -07:00
f579863e0e
Purge SimpleHTTP and DVSNI from VA
2015-09-28 14:34:03 -04:00
c1c3d1e871
Changes to core, sa, policy
2015-09-28 10:51:55 -04:00
1a9fd9b455
Update to latest ACME spec
2015-09-28 10:10:06 -04:00
54c924b436
Merge branch 'master' into sig-reuse
2015-09-27 18:29:14 -04:00
96afd94e88
Review fixes
...
* Rewrite JSONDuration as ConfigDuration that can handle both JSON and YAML unmarshaling
* Factor out RPC certificate count request struct
* Return 429 to WFE on rate limit exceeded
* Fix wonky RateLimitPolicy comment
2015-09-25 14:39:53 -07:00
6e3f0e18c6
Merge branch 'master' into cert-limit
2015-09-25 14:08:09 -07:00
6f41cc9e39
Add issuance rate limiting based on total number of certificates issued in a window
...
Since the issuance count requires a full table scan a RA process local cache of the
count is kept and expired after 30 minutes.
2015-09-24 12:54:38 -07:00
af7f4eb32f
Remove GetCertificateByShortSerial.
2015-09-22 16:59:38 -07:00
73216a461d
Also check length >= 32.
2015-09-22 14:27:38 -07:00
668ccc2d97
Merge github.com:letsencrypt/boulder into longserial
2015-09-22 14:04:19 -07:00
c858b4d430
Consolidate serial number validity checking.
...
Also, set the requirement to be hexadecimal and <36 characters, rather than
exactly 36 characters.
2015-09-22 14:03:29 -07:00
Jeff Hodges
Jacob Hoffman-Andrews
Roland Shoemaker
Richard Barnes
bifurcation