b4748045f5
Add boulder-config-next.json.
2016-03-21 17:24:57 -07:00
c0bf368c18
Add a script to build a SoftHSM config.
2016-03-21 17:24:45 -07:00
de28e3cf32
Merge pull request #1634 from letsencrypt/integration-override
...
Add overrides for FQDNSet in test
2016-03-21 14:44:17 -07:00
28590c10ba
Add overrides for FQDNSet in test
2016-03-21 14:00:40 -07:00
bb19f278e2
Merge pull request #1631 from letsencrypt/mockca
...
Pull out WFE's MockCA into a shared mock.
2016-03-20 19:03:40 -07:00
231129bb78
Pull out WFE's MockCA into a shared mock.
...
Also:
- Use MockCA in the RA test instead of a real CA.
- Since the mock CA doesn't write to an SA, remove a part of the RA test that
checked that the certificate was written. That code is already tested in the CA,
where the test belongs.
- Format the constants in RA test to be more copy-and-pasteable.
- Remove Printf in mocks/log.go and test/db.go to make failed test output more readable.
2016-03-20 17:23:15 -07:00
7fe78676b6
Improve how we test godep restore.
2016-03-20 17:23:15 -07:00
6c26ab660b
Merge pull request #1615 from letsencrypt/log-errors
...
Improve logging of failures in the VA
2016-03-18 13:26:38 -07:00
0e85854acc
Improve logging of failures in the VA
...
There's a consistent format to the messages to aid in searching. They
start with [va-err-log], and if an error value is present, end with
Err=%#v.
2016-03-18 13:05:32 -07:00
973b7d3b42
Merge pull request #1628 from letsencrypt/bump-godep
...
Bump Godep version.
2016-03-18 12:52:46 -07:00
6e7204ec85
Bump Godep version.
...
Fixes tests.
2016-03-18 11:53:58 -07:00
a4f4326190
Merge pull request #1622 from letsencrypt/log-ct-prob
...
Include the log URI when logging CT problems.
2016-03-17 18:03:13 -07:00
1d669f4dfe
Merge branch 'master' into log-ct-prob
2016-03-17 15:42:55 -07:00
e25ce3cf85
Merge pull request #1625 from letsencrypt/test-mariadb-failure-3
...
Cat mariadb logs after failure
2016-03-17 13:27:31 -07:00
b5cc545b48
Cat mariadb logs after failure
...
We get intermittent failures on Travis where mariadb times out writes. Travis
support recommended we start catting the logs after a failure to see if there's
anything useful.
2016-03-16 13:24:57 -07:00
2e2a7b6736
Merge pull request #1624 from letsencrypt/test-godep-fix
...
Add Godep version to Godeps/Godeps.json
2016-03-16 12:56:54 -07:00
e37a14a5e5
Add Godep version to Godeps/Godeps.json
2016-03-16 12:36:11 -07:00
95bf324ce8
Include the log URI when logging CT problems.
2016-03-16 12:24:21 -07:00
6a99852e5c
Merge pull request #1619 from letsencrypt/jose-switcheroo
...
Switch to upstream square/go-jose + pull latest
2016-03-15 15:36:56 -07:00
4d8c7a323f
Set std_json build flag in order to preserve case insensitive JSON key parsing
2016-03-15 14:25:03 -07:00
00b617b59a
Switch to upstream square/go-jose + pull latest
2016-03-15 13:54:22 -07:00
0ebb511c96
Merge pull request #1606 from letsencrypt/json-policy2
...
Implement reloadable JSON blacklist.
2016-03-15 09:29:20 -07:00
cf9c14eff7
Merge branch 'master' into json-policy2
2016-03-15 09:15:43 -07:00
47f6d2bf13
Merge pull request #1610 from letsencrypt/mailer-test
...
Improve mocks.Mailer to check To: line
2016-03-14 17:44:54 -07:00
0015b68be5
Simplify test.
2016-03-14 17:19:48 -07:00
6bb37c56be
Explicitly return nil.
2016-03-14 17:16:28 -07:00
21700ffec5
Improve mocks.Mailer to check To: line
2016-03-14 17:08:44 -07:00
58e27c0964
Merge pull request #1603 from letsencrypt/mod8
...
Check that modulus length is divisible by 8 in GoodKey.
2016-03-14 16:32:39 -07:00
9b9b09d35d
Fix issues from review feedback.
2016-03-14 16:15:54 -07:00
821414e967
Check that modulus length is divisible by 8.
...
Serial numbers in the CT logs that have non-divisible-by-8 modulus length:
https://crt.sh/?serial=017af157d77b1413a239902834178e72bb20
https://crt.sh/?serial=0173c209ff6792316c3e0cab55968f351cc5
https://crt.sh/?serial=01431cb7f9470ee45b6f4b319102553d3a38
https://crt.sh/?serial=01bcd7c197d51a603c930ec09b55e1d69eed
https://crt.sh/?serial=013f51353565895a67fe253c8f4983d5c82f
https://crt.sh/?serial=01a35299515cb75409169d9e0a6627ccc597
https://crt.sh/?serial=011e0adddca49ee0b786813ec2b49154bdf7
https://crt.sh/?serial=01eebb9e9a9108979b3a47217e29b391eb99
https://crt.sh/?serial=01c64e5cda78a9d0f578d6e1cc61c785af7c
https://crt.sh/?serial=0145dda768e38137c8596560b15d52d56e8a
https://crt.sh/?serial=01524fd91b9177ef3adcaf5e9eb832f25b4d
https://crt.sh/?serial=01275f34e47ce1a2df9f0f2b124b72a622f1
https://crt.sh/?serial=018544846d192a1652a549cf4ccb584d397c
https://crt.sh/?serial=01ab9f4b503e8ab947906336053c287a9c10
https://crt.sh/?serial=0166de8ca507dcaa724c74e94d259b4e8ca6
https://crt.sh/?serial=018f3a50178f77d0b41fac0e11867a405151
https://crt.sh/?serial=01d0b50c60f0282c350f2f1928c8229263f6
https://crt.sh/?serial=01ec8978d09bcb2141bea31a3a87d1f121ff
https://crt.sh/?serial=01c7f2ef18a58b9dd3347aab41df0bf9c683
https://crt.sh/?serial=0178783968354b800e99c14eb40c62105e8a
https://crt.sh/?serial=01bb0c96d7ccd5109ed702430cb95500ebe9
https://crt.sh/?serial=016c8263a384d5a4dc07dd97341f5541d008
https://crt.sh/?serial=01f94a33fa393a412213f21c0237b35f4164
https://crt.sh/?serial=01961af313383a735ff249244c974d19cdce
https://crt.sh/?serial=0151d15074797912559203d37f547ab05982
https://crt.sh/?serial=01381e15c57bb71b70449790ea10c6eef499
https://crt.sh/?serial=01dd1b47443c2d9f3a2132a8c77f3c9afe6f
https://crt.sh/?serial=018b36bca7a19f688d8e10d40963701f1921
https://crt.sh/?serial=01fa24288bc7c536d1b4b0cbf75f9d532288
https://crt.sh/?serial=0144c0826a57df425bda751b974823a6c7ec
https://crt.sh/?serial=01e1ddf3fad5db4da5d6a0466076fb5b149d
https://crt.sh/?serial=01bc18004b4fd44d671d1b0b68736eacfe39
https://crt.sh/?serial=01883492513641e5971dfea02f360fdfc3ee
https://crt.sh/?serial=01a3ce708f71ab16dbe3eac66451d9657ae7
https://crt.sh/?serial=018a078bb7ee336d645d2dbb4a15643cd63c
https://crt.sh/?serial=01be4bde2b3811493e902580bbb9ed41a289
https://crt.sh/?serial=015acd1d2052b6febd3517e06fbc3c044be2
https://crt.sh/?serial=01b9c9b5bbde0e0fafafaebea7f940238385
https://crt.sh/?serial=0108c061334fe22f20035f041727fd9f6cca
https://crt.sh/?serial=017d0806db5a1948bd5958984d794da8e760
https://crt.sh/?serial=01e0c375d8ae91a633e161c5e711889edc12
https://crt.sh/?serial=014513db6c2b0e5fc9b01bd3e16c5a301f20
https://crt.sh/?serial=01fe3c857949c085bb9f835d41ebfbc79502
https://crt.sh/?serial=015bb41be9a46f0df2e2335fc1efd35ac0f0
https://crt.sh/?serial=0116674dfc27cfdbb2eadd26cf4ea157d943
https://crt.sh/?serial=013660f7d53adc2f037da825e7b35a29f6b8
https://crt.sh/?serial=01fbb17a9df2644e7941ac07d5e0df44a1a6
https://crt.sh/?serial=01dd34ea3b6d7feac0721edeca78c9bd88d0
https://crt.sh/?serial=012c5988711884e9d55dadb1638d7ad1df52
https://crt.sh/?serial=01c444b69d012963779163e91ee0b91c1a01
https://crt.sh/?serial=01516e6e00180b95fbf547fbb46e4e47b0b6
https://crt.sh/?serial=01e5d33aa90a735d2c29bedc78d7817b312a
https://crt.sh/?serial=0125f110e63dc999257e598ba39335c7dff8
https://crt.sh/?serial=01f8c9f7a2172c12adf04427c45b80288ad4
https://crt.sh/?serial=01f6701c5b7136a31629b5e6c1765c60320b
https://crt.sh/?serial=0191dc216d7b60635234cae78a1435bb5b3c
https://crt.sh/?serial=01ebcb1969e94c6d3bf0dd44cc6a4b5f5ab2
https://crt.sh/?serial=0109c156ec04afb57324ed6c6b1f2a5ce1f8
https://crt.sh/?serial=01f60c6f42fa140fe42853e023450f756416
https://crt.sh/?serial=01f35430bd4f9694e37d840a5556815b79f2
https://crt.sh/?serial=016427f1cafff52874f25b15a6e4fdba10de
https://crt.sh/?serial=01ff6175eb17edf908025dbf493865ba95d4
https://crt.sh/?serial=01ebc2be4a25a16403fb4beab7a40249c522
https://crt.sh/?serial=01362ecda73b646c1a8049a8033f1bd0ba78
https://crt.sh/?serial=015e71d8961c18b0f6b78415f60a30b29d27
https://crt.sh/?serial=015d0bb44d282d072ff242ba803a33275c93
https://crt.sh/?serial=019a7f3ee9e4e31b9007562323189c8a380c
https://crt.sh/?serial=0274a695c57a3e2a50b9f57b4f2deb628038
https://crt.sh/?serial=025cd371a47b72b296770cbc7828444fc1da
https://crt.sh/?serial=0260909d0b06ff102e423212e14355998336
https://crt.sh/?serial=02db0eb690a65d32b627905899a6849f62ee
https://crt.sh/?serial=02a562288c440698a57b212cc711d4094cf5
https://crt.sh/?serial=02475901b9647ce788ac13367714ad2a61bd
https://crt.sh/?serial=022ec8409c3ffd22fff04d2d621b8d1eb36c
https://crt.sh/?serial=02e8ae9030d45c56f32e1b676c004c01ed09
https://crt.sh/?serial=02b8fd0e373feefe408b77869ec7b4c39365
https://crt.sh/?serial=02fb6e63231ccfb98aa26fe486de59ab5620
https://crt.sh/?serial=028751f4757cd98c94a56c9ddf7c87e7fbf3
https://crt.sh/?serial=02255c1a9b63982992c3b9af91f144774989
2016-03-14 15:41:11 -07:00
450e6672a2
Merge pull request #1600 from letsencrypt/privatize-dns
...
Make a couple of fields private on DNS impl
2016-03-14 15:34:53 -07:00
fd489b8fd4
Merge branch 'master' into privatize-dns
2016-03-14 15:06:34 -07:00
8e1b52392a
Merge pull request #1604 from letsencrypt/fix-fqdnset-exists
...
Fix RPC wrapper for FQDNSetExists
2016-03-14 15:06:23 -07:00
ad4ae3acbc
Merge branch 'master' into fix-fqdnset-exists
2016-03-14 14:45:36 -07:00
886b3f09a3
Merge pull request #1582 from letsencrypt/numlogs-fix
...
Fix numLogs check in OCSP-Updater
2016-03-14 14:09:17 -07:00
f241b96838
Merge branch 'master' into numlogs-fix
2016-03-14 13:50:11 -07:00
b52ad8ecde
Merge pull request #1609 from letsencrypt/wording-1
...
Reword CAA failure message
2016-03-14 13:04:10 -07:00
cf95b6d412
Return early on error from reloader.
2016-03-14 12:57:39 -07:00
a7fa33c6dd
Merge branch 'master' into numlogs-fix
2016-03-14 11:17:37 -07:00
b1c1f84929
Reword CAA failure message
2016-03-14 09:05:19 -07:00
3e83ffda0d
Add reloader.
2016-03-13 22:37:13 -07:00
bc28bfe906
Implement reloadable JSON blacklist.
...
This eliminates the need the a database to store the hostname policy,
simplifying deployment. We keep the database for now, as part of our
deployability guidelines: we'll deploy, then switch config to the new style.
This also disables the obsolete whitelist checking code, but doesn't yet change
the function signature for policy.New(), to avoid bloating the pull request.
I'll fully remove the whitelist checking code in a future change when I also
remove the policy database code.
2016-03-13 20:00:51 -07:00
bfb6656985
Fix a golint error.
2016-03-13 19:26:23 -07:00
aeaf6ba64e
Fix RPC wrapper for FQDNSetExists
...
Error was: "json: Unmarshal(non-pointer rpc.fqdnSetExistsResponse"
2016-03-13 18:41:54 -07:00
4b318de37e
Make a couple of fields private on DNS impl
...
These fields were not used externally and could not be modified concurrently, so
they should not be exposed.
2016-03-11 22:44:16 -08:00
0a0454f837
Merge pull request #1597 from ibukanov/fix-1594
...
avoid exposing mysqld and rabbitmq beyond the host
2016-03-11 14:01:24 -08:00
ce9d2b9280
Fix numLogs check in OCSP-Updater
2016-03-11 13:42:03 -08:00
6a4637aad7
Merge branch 'master' into fix-1594
2016-03-11 22:39:58 +01:00
127a25e114
Merge pull request #1588 from letsencrypt/batched-authz
...
Add GetValidAuthorizations to batch authz checks
Fixes #1567
2016-03-11 13:37:12 -08:00
09e18cea87
avoid exposing mysqld and rabbitmq beyond the host
...
This ensures that services in mariadb and rabbitmq containers bind only to 127.0.0.1, not all interfaces. With host networking that would expose the test services outside the host.
Fixes #1594
2016-03-11 22:32:21 +01:00
Jacob Hoffman-Andrews