43217216c7
use slot ids in the cfssl pkcs11 api
...
It was using TokenLabels solely to select slots but those can have duplicates
on the same HSM. Instead, use slot IDs with them.
2015-09-11 17:02:48 -07:00
998ffc79cb
Do GoodKey checking in WFE.
2015-09-09 20:30:55 -04:00
37517052c7
Add checks for addresses in the loopback block and a bool to allow them for testing
2015-09-02 15:25:21 -07:00
d70ebf6c09
Merge master
2015-09-01 14:39:26 -07:00
3cce4117fa
Log errors from cmd.FailOnError
2015-08-31 18:47:16 -07:00
e54d3d322e
Merge branch 'master' into blacklist
2015-08-31 15:39:24 -07:00
3df37cc3db
Merge branch 'master' into cert-checker
2015-08-27 23:26:46 -07:00
0689a962ee
Merge master
2015-08-26 12:11:43 -07:00
283d8de59b
remove TestMode completely
...
This removes TestMode from the boulder-va command, from ca.Config
(it was only used in the VA) and gets the integration config to specify
the ports it should use explicitly.
(It also removes a DBDriver field from ca.Config that was left over from
letsencrypt/boulder#624.)
Fixes #627 .
2015-08-25 21:57:24 -07:00
be751bd948
Merge master
2015-08-25 16:52:24 -07:00
7b6f2894f7
add goose as the migration tool
...
This has required some substantive changes to the tests. Where
previously the foreign key constraints did not exist in the tests, now
that we use the actual production schema, they do. This has mostly led
to having to create real Registrations in the sa, ca, and ra tests. Long
term, it would be nice to fake this out better instead of needing a real
sa in the ca and ra tests.
The "goose" being referred to is <https://bitbucket.org/liamstask/goose >.
Database migrations are stored in a _db directory inside the relevant
owner service (namely, ca/_db, and sa/_db, today).
An example of migrating up with goose:
goose -path ./sa/_db -env test up
An example of creating a new migration with goose:
goose -path ./sa/_db -env test create NameOfNewMigration sql
Notice the "sql" at the end. It would be easier for us to manage sql
migrations. I would like us to stick to only them. In case we do use Go
migrations in the future, the underscore at the beginning of "_db" will
at least prevent build errors when using "..." with goose-created Go
files. Goose-created Go migrations do not compile with the go tool but
only with goose.
Fixes #111
Unblocks #623
2015-08-25 12:02:31 -07:00
37b28a20c0
Merge master
2015-08-24 12:20:26 -07:00
7ad8847ba2
Standardize CLI UX
2015-08-23 23:17:14 -07:00
c40cfd4164
Process all certs from the last 90 days, still need to cleanup and write out the report
2015-08-20 13:59:40 -07:00
213d857026
Initial cert checker work
2015-08-19 19:34:02 -07:00
4fb747ead1
Merge master
2015-08-15 16:50:57 -07:00
b9913a2b41
Review fixes
2015-08-14 17:14:02 -07:00
5e97aa23c6
use MariaDB in the unit tests
...
And delete the uses of sqlite3
2015-08-14 17:13:15 -07:00
60478f13b0
Merge master
2015-08-14 16:46:09 -07:00
17fa14264e
Switch to separate PA struct
2015-08-14 11:12:59 -07:00
56aa55208e
Add stomped/forgotten PolicyDB config struct
...
Standardize DB config names
Actually standardize
Yeah really this time
2015-08-14 11:04:17 -07:00
62ae2efe95
Fix merge stompage
2015-08-10 15:29:13 -07:00
b01ee02d35
Merge master
2015-08-10 15:13:47 -07:00
e9b24cfafd
Merge remote-tracking branch 'origin/master' into existing-cert
...
Conflicts:
cmd/boulder-ra/main.go
cmd/boulder/main.go
cmd/shell.go
core/objects.go
policy/policy-authority_test.go
test/boulder-config.json
2015-08-10 12:02:01 -07:00
6315068ead
Merge master
2015-08-10 11:58:02 -07:00
43a40d55c9
Allow whitelist to be enforcable + remove blacklist file
2015-08-10 11:56:49 -07:00
553b72ed3b
gofmt loves to change my whitespace
2015-08-07 14:15:48 -07:00
d9b1f3d453
Added enforcement of AMQPS. If the insecure flag is true, then we also require the URL to be AMQPS and the TLS config info to be set, otherwise we fail out. If insecure is true, then we don't check for anything else.
2015-08-07 14:04:12 -07:00
1a2825138d
Actually wire everything into the PADB
2015-08-06 16:57:38 -07:00
bf4ac4f2a2
Merge pull request #575 from letsencrypt/grace
...
Gracefully shutdown RPC servers on SIGINT/SIGTERM (and move reconnection logic out of binaries)
2015-08-05 15:46:10 -04:00
5ac7652ef4
Major rewrite
2015-08-04 16:23:49 -07:00
1af27c8e9e
add newline to cmd failure string
2015-08-04 15:48:48 -07:00
900a170fcd
Review fixes and for loop cleanup
2015-08-04 11:38:16 -07:00
19c76ac94f
Stick with previous method name, add uncommitted comment
2015-08-04 11:27:12 -07:00
c9c05cfb46
Add comments, move reconnection logic out of binaries (except for the WFE which is a weird case)
2015-08-03 23:02:52 -07:00
85d037f7a7
Gracefully shutdown RPC servers
2015-08-03 16:47:47 -07:00
289dfeabe6
Fixing go formatting issues (ran go fmt on the files below)
2015-07-28 17:07:36 -07:00
321d611d20
Forgot to stage some files in last commit
2015-07-28 16:03:40 -07:00
65c923d547
we now ignore duplicate additions and require three different command line args
2015-07-28 14:03:56 -07:00
145790d9c3
Review fixes
2015-07-27 12:46:09 -07:00
bd9286dd5b
Merge branch 'master' into mailer
2015-07-24 16:36:50 -07:00
6c2f3ea8cc
Merge branch 'master' into mailer
2015-07-23 15:33:43 -07:00
b5f519d22d
Rework how the expiration mailer looks for certificates
2015-07-23 15:33:28 -07:00
bf0673c35f
DNS config refactoring
2015-07-22 15:54:40 -07:00
61394e4f2d
Merge pull request #506 from letsencrypt/native-mx-lookup
...
Replace net.LookupMX use with core.LookupMX
2015-07-22 15:17:38 -07:00
31f0674f03
Replace net.LookupMX with core.LookupMX using defined resolver
2015-07-21 22:36:29 -07:00
9aa4357fdf
Initial bulk mailer work
2015-07-20 15:34:42 -07:00
87827be6f1
Merge branch 'master' into cache-headers
2015-07-17 17:44:55 -07:00
6a2344e1bf
Add config vars and wire them into cmd/boulder and cmd/boulder-wfe
2015-07-17 17:44:03 -07:00
8549ecae81
Merge pull request #439 from letsencrypt/426-amqp_acl_restrictive
...
426 - Support minimum permissions in AMQP
2015-07-17 15:59:25 -07:00
Jacob Hoffman-Andrews
Roland Shoemaker
Jeff Hodges
Jeremy Gillula
bifurcation