letsencrypt
/
boulder
mirror of https://github.com/letsencrypt/boulder.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
2,787 Commits 89 Branches 416 Tags 101 MiB
Commit Graph

78 Commits

Author SHA1 Message Date
Marcin Walas 77b771c81e Update publicsuffix dependency 2016-01-21 10:45:12 +01:00
Brett Hoerner 3d7413ae41 Fix invalid Godeps.json 2016-01-11 09:08:17 -06:00
Jeff Hodges 116ce96326 add retries and context deadlines to DNSResolver 
This provides a means to add retries to DNS look ups, and, with some
future work, end retries early if our request deadline is blown. That
future work is tagged with #1292.

Updates #1258
 2016-01-04 14:59:10 -08:00
Jacob Hoffman-Andrews 8eb6dbae98 Update cfssl to e32101. 
Ran tests with:

cd $GOPATH/src/github.com/cloudflare/cfssl
go test ./...

All tests passed.
 2016-01-04 14:16:52 -08:00
Jeff Hodges bce554a270 correct publicsuffix import in RA 
And remove the incorrectly vendorized code from Godeps.
 2015-12-17 12:59:15 -08:00
Jacob Hoffman-Andrews bfd2b075fb Update publicsuffix to latest master. 2015-12-11 11:14:27 -08:00
Jeff Hodges 073121f724 update letsencrypt/go-safe-browsing-api 
This should reduce our timeout problem in the VA by not locking out
IsListed requests while the GSB file IO, and looping is occuring. These
changes came in at
https://github.com/letsencrypt/go-safe-browsing-api/pull/2 (also added
to the upstream at
https://github.com/rjohnsondev/go-safe-browsing-api/pull/15).

Fixes #1253
 2015-12-10 14:44:25 -08:00
Jacob Hoffman-Andrews f008c46a77 Run godep update and godep save -r. 
Also, remove cache-control code from ocsp-responder, since caching headers are
now handled in cfssl.
 2015-11-20 16:48:43 -08:00
Jacob Hoffman-Andrews cb2f7bc057 Update cfssl to latest master. 
Pulls in:

Omit empty qualifiers in Certificate Policies. cloudflare/cfssl#431
Set caching headers in OCSP responder cloudflare/cfssl#425
Remove extraneous debugging statement. cloudflare/cfssl#423
 2015-11-20 14:06:15 -08:00
Jacob Hoffman-Andrews 47e502bf35 Update miekg/dns to latest master. 
Fixes https://github.com/letsencrypt/boulder/issues/1176
 2015-11-20 10:35:29 -08:00
Richard Barnes 604f629957 Update to latest go-jose 2015-11-18 21:37:33 -08:00
Richard Barnes 8f6a95f9a8 Update go-jose 2015-11-17 13:50:17 -08:00
Jeff Hodges 7bd22352ba fix le fork of go-jose again 2015-11-13 14:48:05 -08:00
Jeff Hodges d84f2e3c32 add Godeps for Google Safe Browsing PR 
This is for making PR #1093 smaller.

Updates #1058
 2015-11-05 17:27:55 -08:00
Jeff Hodges bb27f3baee godep update github.com/letsencrypt/go-jose 
This is like #1103 which was for #1058.

It includes the deletion of test files owing to tools/godep/312 but is
fine since we don't use them.
 2015-11-05 16:43:15 -08:00
Jacob Hoffman-Andrews 040e617807 Fix sha1's for vendorized CFSSL deps. 
Previously our Godeps listed a sha1 that pointed at a merge commit existing only
on the Let's Encrypt fork of CFSSL, making it impossible to do a godep save if
you didn't have a copy of that fork available out in
$GOPATH/src/github.com/cloudflare/cfssl (e.g. via multiple remotes).

This change updates that sha1 to the corresponding merge commit that exists in
the upstream CFSSL.
 2015-11-05 15:46:18 -08:00
Jacob Hoffman-Andrews 7f80c07e58 Update publicsuffix to latest. 
Fixes https://github.com/letsencrypt/boulder/issues/1090
Part of https://github.com/letsencrypt/boulder/issues/1058
 2015-11-04 16:46:46 -08:00
Jacob Hoffman-Andrews 194e421931 Add reconnects in AMQP. 2015-10-27 19:54:54 -07:00
Jacob Hoffman-Andrews 734b85ecd1 Update publicsuffix to latest. 
Pulls in https://github.com/letsencrypt/net/pull/2,
which fixes https://github.com/letsencrypt/boulder/issues/1010.

Updating vendorized deps means running tests. I ran this and it passed:

cd ~/go/packages/src/github.com/letsencrypt/net/
go test ./publicsuffix/
 2015-10-20 12:37:31 -07:00
Jacob Hoffman-Andrews a95c300d8b Switch to using publicsuffix package. 
This has two advantages:
- Fixes #901
- Reduces number of allocations and copies for methods that used the previous
  public suffix code.
 2015-10-12 16:32:35 -07:00
Jacob Hoffman-Andrews 903f39508e Vendorize publicsuffix. 2015-10-04 21:04:29 -07:00
Roland Shoemaker 2d0dee4ce1 Daemonize the OCSP updater tool so we are constantly updating OCSP responses. 
also moves the first OCSP responses generation from the CA to the OCSP updater. This patch lays the
ground work for moving CT submission and adding CT backfill to the OCSP updater.
 2015-10-01 16:36:51 -07:00
Jeff Hodges 7a3d5ebb26 Merge branch 'master' into update-cfssl 2015-10-01 15:41:27 -07:00
Jacob Hoffman-Andrews 1975e417e0 Update CFSSL. 
This pulls in a few cfssl upstream fixes:

cloudflare/cfssl#347: Fix CKA_ALWAYS_AUTHENTICATE check
cloudflare/cfssl#344: Allow client to specify full serial.
cloudflare/cfssl#340: OCSP doesn't include CA when unnecessary.

This also updates boulder-ca to use the new full-serial API in CFSSL.

I have run tests for cfssl and they pass:

cd ~/go/packages/src/github.com/cloudflare/cfssl/
go test ./...
 2015-10-01 13:45:59 -07:00
Jeff Hodges 51367dd231 Merge branch 'master' into cert-limit 2015-09-24 15:25:01 -07:00
Jeff Hodges f70562fcd4 cfssl/pkcs11key: handle invalid attribute well 
Corrects code written in #848.
 2015-09-24 14:55:52 -07:00
Roland Shoemaker 6f41cc9e39 Add issuance rate limiting based on total number of certificates issued in a window 
Since the issuance count requires a full table scan a RA process local cache of the
count is kept and expired after 30 minutes.
 2015-09-24 12:54:38 -07:00
Jacob Hoffman-Andrews bc5d50f8f2 Don't error out on CKR_ATTRIBUTE_TYPE_INVALID. 
Some HSMs return this error when trying to check for the CKA_ALWAYS_AUTHENTICATE
attribute.
 2015-09-24 12:18:03 -07:00
Roland Shoemaker 91724296a8 Use facebooks gracefully shutting down HTTP server for WFE & OCSP-Responder 2015-09-21 20:43:38 -07:00
Jacob Hoffman-Andrews d05b9b833f Update cfssl to latest master. 
This pulls in the pkcs11key change from
https://github.com/cloudflare/cfssl/pull/330, and updates the Boulder code to
match.

Note: This change overwrites the local changes to our vendored CFSSL made in
https://github.com/letsencrypt/boulder/pull/784. That's intentional: The
upstream changes in https://github.com/cloudflare/cfssl/pull/330 accomplish the
same thing, more cleanly.
 2015-09-20 20:44:44 -07:00
Jacob Hoffman-Andrews 43217216c7 use slot ids in the cfssl pkcs11 api 
It was using TokenLabels solely to select slots but those can have duplicates
on the same HSM. Instead, use slot IDs with them.
 2015-09-11 17:02:48 -07:00
Richard Barnes 6391112f42 godep update golang.org/x/crypto/ocsp 2015-08-29 15:04:44 -04:00
Roland Shoemaker 98ac983df2 Vendor jmhodges/clock 2015-08-28 13:02:35 -07:00
Jacob Hoffman-Andrews 0e0f709cfe Update CFSSL. 
This pulls in https://github.com/cloudflare/cfssl/pull/312, which fixes a bug
that was causing us to generate not-yet-valid OCSP.
 2015-08-19 22:05:05 -07:00
Roland Shoemaker c3db8092eb Merge pull request #618 from letsencrypt/forgot_fuzz_test 
add missed github.com/miekg/dns/fuzz_test.go
 2015-08-13 23:01:18 -07:00
Jeff Hodges 75615aa60c add missed github.com/miekg/dns/fuzz_test.go 
I missed this when updating github.com/miekg/dns in #615.
 2015-08-13 22:39:32 -07:00
Jeff Hodges f7ebed875c update github.com/miekg/dns 
This is needed for the race condition that errors in our test suite on
Go 1.5rc1 that was fixed in https://github.com/miekg/dns/pull/245
 2015-08-13 14:50:58 -07:00
Richard Barnes 4aef1ad2fb godep update golang.org/x/crypto/ocsp 2015-08-12 08:52:55 -07:00
Richard Barnes 48e6f45bf5 Updating go-jose to address panics 2015-07-30 13:45:19 -04:00
Richard Barnes 76a2e15958 Godep refresh after landing changes in github.com/letsencrypt/go-jose 2015-07-29 13:56:49 -04:00
Richard Barnes e60df240d8 Update DVSNI and DNS challenges 2015-07-29 12:19:12 -04:00
Romain Fliedel d115e5cb60 Resync with latest letsencrypt/go-jose to fix jwk encoding. 2015-07-28 16:25:30 +02:00
Jacob Hoffman-Andrews 9423467142 Switch to our own fork of go-jose. 
This is the result of `godep save -r ./...` and
`git rm -r -f Godeps/_workspace/src/github.com/square`

Our fork is currently at the head of go-jose when Richard made the local nonce
changes, with the nonce changes added on top. In other words, the newly created
files are exactly equal to the deleted files.

In a separate commit I will bring our own go-jose fork up to the remote head,
then update our deps.

Also note: Square's go-jose repo contains a `cipher` package. Since we don't
make any changes to that package, we leave it imported as-is.
 2015-07-24 14:39:00 -07:00
Jacob Hoffman-Andrews 8092b42dd6 Merge pull request #525 from letsencrypt/update-cfssl-nopkcs11 
Update cfssl to latest master.
 2015-07-24 11:56:51 -07:00
Jacob Hoffman-Andrews 194658f019 Update cfssl to latest master. 
This changes the default pkcs11 tag so pkcs11 is included by default.
This will let us remove -tags pkcs11 from our build scripts.
 2015-07-24 10:54:16 -07:00
Roland Shoemaker 5b019f5ea8 Update miekg/dns dependency 2015-07-22 12:37:50 -07:00
Roland Shoemaker bfccd10f22 Merge pull request #474 from letsencrypt/statsd-client-license 
Add go-statsd-client's LICENSE file.
 2015-07-16 12:54:14 -07:00
Jacob Hoffman-Andrews 230512981d Add cfssl and go-rc2 LICENSE files. 
Command used:
for n in */* ;
  do curl https://raw.githubusercontent.com/$n/master/LICENSE > $n/LICENSE;
  curl https://raw.githubusercontent.com/$n/master/LICENSE.md > $n/LICENSE.md;
done
 2015-07-16 08:24:19 -07:00
Jacob Hoffman-Andrews b46ce2aaaf Add go-statsd-client's LICENSE file. 
Godep doesn't automatically import these.
 2015-07-16 08:08:19 -07:00
Jacob Hoffman-Andrews e2791eb085 Merge pull request #438 from letsencrypt/401-va_mock_dns 
Don't use external DNS resolver in tests
 2015-07-08 16:59:23 -07:00