letsencrypt
/
boulder
mirror of https://github.com/letsencrypt/boulder.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
1,505 Commits 89 Branches 416 Tags 101 MiB
Commit Graph

139 Commits

Author SHA1 Message Date
Jacob Hoffman-Andrews 5afb1187bf Merge pull request #664 from letsencrypt/sig-misuse 
Mitigate signature misuse vulnerability
 2015-08-28 16:18:56 -07:00
Richard Barnes 3d540ff481 Addressing review comments 2015-08-28 11:21:13 -04:00
Roland Shoemaker 3df37cc3db Merge branch 'master' into cert-checker 2015-08-27 23:26:46 -07:00
Roland Shoemaker a4aa450ee6 Switch to custom revocation code type 2015-08-27 17:09:41 -07:00
Richard Barnes fd8f8eb446 Add account key to challenge object 2015-08-25 15:27:27 -04:00
Roland Shoemaker 37b28a20c0 Merge master 2015-08-24 12:20:26 -07:00
Roland Shoemaker 725e0e30da Merge branch 'master' into fixed-505 2015-08-21 14:12:36 -07:00
Roland Shoemaker c40cfd4164 Process all certs from the last 90 days, still need to cleanup and write out the report 2015-08-20 13:59:40 -07:00
Roland Shoemaker 015e089b7d Review fixes pt. 2 2015-08-18 13:33:25 -07:00
Roland Shoemaker d56c99ff71 Remove db struct tags 2015-08-15 16:03:58 -07:00
Roland Shoemaker 3d5185d0db Merge branch 'master' into fixed-505 2015-08-13 22:50:13 -07:00
Roland Shoemaker f15402282c Review rework 
Refactor DNS problem details use

Actually store and log resolved addresses

Less convuluted get adresses function/usage

Store redirects, reconstruct transport on redirect, add redirect + lookup tests

Add another test

Review fixes

Initial bulk of review fixes (cleanups inc)

Comment cleanup

Add some more tests

Cleanups

Give addrFilter a type and add the config wiring

Expose filters

LookupHost cleanups

Remove Resolved Addresses and Redirect chain from replies to client without breaking RPC layer

Switch address/redirect logging method, add redirect loop checking + test

Review fixes + remove IPv6

Remove AddressFilter remnant + constant-ize the VA timeout

Review fixes pt. 1

Initialize validation record

Don't blank out validation reocrds

Add validation record sanity checking

Switch to shared struct

Check port is in valid range

Review fixes
 2015-08-13 22:49:33 -07:00
Roland Shoemaker 9a328b4fd1 Log IPs in a better place, by storing them in the challenge objects! 2015-08-13 22:45:19 -07:00
Roland Shoemaker 1d863fca32 Merge master 2015-08-13 20:52:18 -07:00
Roland Shoemaker 5be6e588ee Initial work 2015-08-13 20:24:25 -07:00
Jeff Hodges 24dca1a758 remove some no longer used db struct tags 2015-08-13 14:29:53 -07:00
Roland Shoemaker bcb0ecb3ba Revert "Resolve and store IP addresses for SimpleHTTP and DVSNI validation (also store redirect chains)" 2015-08-13 13:00:37 -07:00
Roland Shoemaker 71e62bce13 Merge pull request #505 from letsencrypt/store-ips 
Resolve and store IP addresses for SimpleHTTP and DVSNI validation (also store redirect chains)
 2015-08-13 11:13:59 -07:00
Roland Shoemaker 4a26a515c9 Switch to shared struct 2015-08-10 16:20:11 -07:00
Jeremy Gillula e9b24cfafd Merge remote-tracking branch 'origin/master' into existing-cert 
Conflicts:
	cmd/boulder-ra/main.go
	cmd/boulder/main.go
	cmd/shell.go
	core/objects.go
	policy/policy-authority_test.go
	test/boulder-config.json
 2015-08-10 12:02:01 -07:00
Roland Shoemaker 212bf67670 Add validation record sanity checking 2015-08-07 16:41:40 -07:00
Roland Shoemaker 3d540cf4b4 Merge branch 'master' into store-ips 2015-08-07 15:09:43 -07:00
Roland Shoemaker c41cda04f7 Review fixes pt. 1 2015-08-07 15:09:08 -07:00
Jeff Hodges 390464ddf4 correct unique indexing of Registrations 
Fixes #579 (which blocks #132).

This changes the SA to use a unique index on the sha256 of a
Registration's JWK's public key data instead of on the full serialized
JSON of the JWK. This corrects multiple problems:

 1. MySQL/Mariadb no longer complain about key's being larger than the
 largest allowed key size in an index
 2. We no longer have to worry about large keys not being seen as unique
 3. We no longer have to worry about the JWK's JSON being serialized with its inner keys in different orders and causing incorrectly empty queries or non-unique writes.

This change also hides the details of how Registrations are stored in
the database from the other services outside of SA. This will give us
greater flexibility if we need to move them to another database, or
change their schema, etc.

Also, adds some tests for NoSuchRegistration in the SA.
 2015-08-06 14:19:19 -07:00
Jeff Hodges 0f03494d56 use pointer to AcmeURL everywhere 
This has the benefit of not requiring us to copy very fat url.URL
objects when we pass them to funcs or call their methods.
 2015-08-05 18:23:38 -07:00
Roland Shoemaker 8d046a6e0d Review fixes + remove IPv6 2015-08-05 13:47:59 -07:00
Jeremy Gillula 1ee8a9d755 Fixing some more small code style issues--changes should only be cosmetic 2015-08-04 14:06:08 -07:00
Jeremy Gillula 70347b4f9a Fixing "go fmt" errors 2015-08-04 13:57:54 -07:00
Jeremy Gillula ec409463db Adding the schemas for the external certs and the identifiers to db_schema-main.sql, and also removing the lastUpdate timestamp from the code and the import format document (since we don't really need it for anything). 2015-08-04 13:45:07 -07:00
Roland Shoemaker 8805f7e6e9 Switch address/redirect logging method, add redirect loop checking + test 2015-08-03 20:31:32 -07:00
Roland Shoemaker aeba06dcd9 Remove Resolved Addresses and Redirect chain from replies to client without breaking RPC layer 2015-08-03 11:02:23 -07:00
Roland Shoemaker e12564bb11 Initial bulk of review fixes (cleanups inc) 2015-07-30 18:09:16 -07:00
Roland Shoemaker f5acc4e260 Merge master 2015-07-30 14:07:03 -07:00
bifurcation 46573e93a2 Merge pull request #497 from letsencrypt/update-challenges 
Update challenges to match the spec
 2015-07-30 15:06:32 -04:00
Richard Barnes 652702bd7f Merge master 2015-07-30 13:47:10 -04:00
Roland Shoemaker 726d59cb52 Merge master 2015-07-29 16:35:37 -07:00
Richard Barnes 5ea17d980a Merge master 2015-07-29 16:37:39 -04:00
Roland Shoemaker 6777b276a7 Merge branch 'master' into store-ips 2015-07-29 12:24:20 -07:00
Richard Barnes 08c86e560e Fix test failures in core 2015-07-29 14:40:41 -04:00
Richard Barnes f506da377a Clean up Challenge.MergeResponse 2015-07-29 12:59:52 -04:00
Richard Barnes 4f95f66f98 Remove AcmeJWS and move everything over to LE fork of go-jose 2015-07-29 12:44:39 -04:00
Richard Barnes 9e87cef807 Further test fixes 2015-07-29 12:20:00 -04:00
Richard Barnes de5c50739a Mostly fixed tests 2015-07-29 12:19:12 -04:00
Richard Barnes e60df240d8 Update DVSNI and DNS challenges 2015-07-29 12:19:12 -04:00
Richard Barnes 4cac9da9fd Refactor simpleHttp challenge 2015-07-29 12:18:09 -04:00
Richard Barnes 26b140b0cc Removing unused literals and exposing more error info 2015-07-29 11:17:26 -04:00
Richard Barnes 965be920a6 Enforce 'resource' field 2015-07-29 10:19:14 -04:00
Jeremy Gillula 289dfeabe6 Fixing go formatting issues (ran go fmt on the files below) 2015-07-28 17:07:36 -07:00
Jeremy Gillula 65c923d547 we now ignore duplicate additions and require three different command line args 2015-07-28 14:03:56 -07:00
Roland Shoemaker abd06564ec Merge branch 'master' into mailer 2015-07-27 12:46:19 -07:00