f2b86769d2
Merge branch 'master' into no-500-dns
2015-11-11 18:20:48 -08:00
fe69a965e5
set an Accept header on VA HTTP requests
...
This fixes some mysterious breakages that Let's Encrypt users that also
used mod_security on their domains had.
There's some back and forth about whether the mod_security rule is wise,
but that's captured in a mod_security ticket linked from this PR's
ticket.
This patch is a one-line fix with no probable downside. We're not likely
to want to do many more things to satisfy misunderstandings around HTTP
but this seems fine to help our people out.
Fixes #1019 .
2015-11-11 13:43:02 -08:00
e24314a0fb
Move problemDetailsFromDNSError into new package.
2015-11-11 12:56:30 -08:00
3ccc79e49d
Don't serve 500's on DNS timeout.
...
Fixes https://github.com/letsencrypt/boulder/issues/1047
2015-11-10 19:10:01 -08:00
13cab5c257
add Google Safe Browsing API calls
...
This allows us to call the Google Safe Browsing calls through the VA.
If the RA config's boolean UseIsSafeDomain is true, the RA will make the RPC
call to the VA during its NewAuthorization.
If the VA config's GoogleSafeBrowsingConfig struct is not nil, the VA
will check the Google Safe Browsing API in
VA.IsSafeDomain. If the GoogleSafeBrowsingConfig struct is nil, it will
always return true.
In order to actually make requests, the VA's GoogleSafeBrowsingConfig
will need to have a directory on disk it can store the local GSB hashes
it will check first and a working Google API key for the GSB API.
Fixes #1058
2015-11-06 16:37:34 -08:00
65777155be
Remove CNAME/DNAME logic
...
Fixes https://github.com/letsencrypt/boulder/issues/1048
2015-11-02 15:34:00 -08:00
682fab962c
80/443 are the default http/https ports when writing URLs and following redirects, regardless of va.http[s]Port
2015-10-13 06:46:22 -07:00
e881f1a697
Do not add redundant port number to URL and Host header
2015-10-08 00:55:49 -07:00
b01e99ea04
Merge branch 'master' into golint
2015-10-07 10:42:36 -04:00
498deeb518
Fix golint in ./mocks
2015-10-04 20:37:06 -04:00
9414b1a37e
Address @jmhodges comments and make tests pass
2015-10-03 14:47:17 -04:00
9e56883dda
Change to KeyAuthorization in ra and va
2015-10-03 14:01:24 -04:00
8ccf7cf04b
Move UnsafeSetChallenge to VA test
2015-10-02 13:45:18 -04:00
367973122e
Change 'TO DELETE' comments to something more useful
2015-10-01 18:48:15 -07:00
72bbc8fd1f
Move UnsafeSetToken to /test/
2015-10-01 18:27:17 -07:00
2d0dee4ce1
Daemonize the OCSP updater tool so we are constantly updating OCSP responses.
...
also moves the first OCSP responses generation from the CA to the OCSP updater. This patch lays the
ground work for moving CT submission and adding CT backfill to the OCSP updater.
2015-10-01 16:36:51 -07:00
0c78a5f8ab
Fix unit test failure
2015-09-29 09:43:42 -04:00
0f4ebae6e0
Address @bifurcation comments
2015-09-29 09:33:44 -04:00
ea50be6c50
Change 00 to 01, and drop the underscore
2015-09-29 08:57:43 -04:00
5567d4ae73
Split out cases better and add tests for each
2015-09-28 14:07:41 -07:00
ef8f57863d
Re-add old challenge types to VA
2015-09-28 16:05:44 -04:00
f579863e0e
Purge SimpleHTTP and DVSNI from VA
2015-09-28 14:34:03 -04:00
1a9fd9b455
Update to latest ACME spec
2015-09-28 10:10:06 -04:00
4a32d2c633
Check Content-Type header during SimpleHTTP validation
2015-09-27 18:07:49 -07:00
54c924b436
Merge branch 'master' into sig-reuse
2015-09-27 18:29:14 -04:00
48bbd558a6
Fix imports
2015-09-17 18:20:47 -07:00
91750d925f
Review fixes
2015-09-15 12:02:34 -07:00
325190e573
Val -> AuthzKeys in VA
2015-09-10 21:29:04 -04:00
871a77c4b8
Merge master
2015-09-10 13:00:52 -07:00
e5e947ee09
Better construction
2015-09-03 21:00:51 -07:00
af8299d607
Merge master
2015-09-03 11:36:08 -07:00
37517052c7
Add checks for addresses in the loopback block and a bool to allow them for testing
2015-09-02 15:25:21 -07:00
fe00decc92
Merge pull request #697 from letsencrypt/revoke-split
...
Split RA revoke method
2015-09-01 14:08:33 -07:00
d11d1ed774
Rename admin-revoker RA call
2015-08-30 22:33:36 -07:00
e798362748
Merge branch 'master' into metrics-cleanup
2015-08-28 16:49:46 -07:00
5afb1187bf
Merge pull request #664 from letsencrypt/sig-misuse
...
Mitigate signature misuse vulnerability
2015-08-28 16:18:56 -07:00
88c2f95179
Cleanup authority creation
2015-08-28 15:03:02 -07:00
f945bb0efb
Merge master
2015-08-28 14:41:37 -07:00
82ea4aba31
Rest of RPC layer and splitting
2015-08-28 00:00:03 -07:00
a4aa450ee6
Switch to custom revocation code type
2015-08-27 17:09:41 -07:00
d6b09c2cf9
Clean up
2015-08-27 14:50:00 -07:00
11716bfe5a
Add noop client
2015-08-27 14:22:28 -07:00
764169667e
Merge master
2015-08-27 11:21:18 -07:00
b4d717b934
Fixing unit test failures
2015-08-26 16:02:20 -04:00
abc3a7b45e
Merge master
2015-08-26 15:31:33 -04:00
283d8de59b
remove TestMode completely
...
This removes TestMode from the boulder-va command, from ca.Config
(it was only used in the VA) and gets the integration config to specify
the ports it should use explicitly.
(It also removes a DBDriver field from ca.Config that was left over from
letsencrypt/boulder#624.)
Fixes #627 .
2015-08-25 21:57:24 -07:00
c552984784
Merge master
2015-08-25 19:21:02 -04:00
8868ac9dad
Remove explicit account key from VA calls
2015-08-25 16:32:32 -04:00
f809806ddb
Use NewValidationAuthorityImpl(false) everywhere.
2015-08-25 11:46:09 -07:00
01787da891
VA test fixes
2015-08-24 12:49:35 -07:00
Jacob Hoffman-Andrews
Jeff Hodges
Tom Clegg
Richard Barnes
Roland Shoemaker