194e421931
Add reconnects in AMQP.
2015-10-27 19:54:54 -07:00
734b85ecd1
Update publicsuffix to latest.
...
Pulls in https://github.com/letsencrypt/net/pull/2 ,
which fixes https://github.com/letsencrypt/boulder/issues/1010 .
Updating vendorized deps means running tests. I ran this and it passed:
cd ~/go/packages/src/github.com/letsencrypt/net/
go test ./publicsuffix/
2015-10-20 12:37:31 -07:00
a95c300d8b
Switch to using publicsuffix package.
...
This has two advantages:
- Fixes #901
- Reduces number of allocations and copies for methods that used the previous
public suffix code.
2015-10-12 16:32:35 -07:00
903f39508e
Vendorize publicsuffix.
2015-10-04 21:04:29 -07:00
2d0dee4ce1
Daemonize the OCSP updater tool so we are constantly updating OCSP responses.
...
also moves the first OCSP responses generation from the CA to the OCSP updater. This patch lays the
ground work for moving CT submission and adding CT backfill to the OCSP updater.
2015-10-01 16:36:51 -07:00
7a3d5ebb26
Merge branch 'master' into update-cfssl
2015-10-01 15:41:27 -07:00
1975e417e0
Update CFSSL.
...
This pulls in a few cfssl upstream fixes:
cloudflare/cfssl#347 : Fix CKA_ALWAYS_AUTHENTICATE check
cloudflare/cfssl#344 : Allow client to specify full serial.
cloudflare/cfssl#340 : OCSP doesn't include CA when unnecessary.
This also updates boulder-ca to use the new full-serial API in CFSSL.
I have run tests for cfssl and they pass:
cd ~/go/packages/src/github.com/cloudflare/cfssl/
go test ./...
2015-10-01 13:45:59 -07:00
6f41cc9e39
Add issuance rate limiting based on total number of certificates issued in a window
...
Since the issuance count requires a full table scan a RA process local cache of the
count is kept and expired after 30 minutes.
2015-09-24 12:54:38 -07:00
91724296a8
Use facebooks gracefully shutting down HTTP server for WFE & OCSP-Responder
2015-09-21 20:43:38 -07:00
d05b9b833f
Update cfssl to latest master.
...
This pulls in the pkcs11key change from
https://github.com/cloudflare/cfssl/pull/330 , and updates the Boulder code to
match.
Note: This change overwrites the local changes to our vendored CFSSL made in
https://github.com/letsencrypt/boulder/pull/784 . That's intentional: The
upstream changes in https://github.com/cloudflare/cfssl/pull/330 accomplish the
same thing, more cleanly.
2015-09-20 20:44:44 -07:00
6391112f42
godep update golang.org/x/crypto/ocsp
2015-08-29 15:04:44 -04:00
98ac983df2
Vendor jmhodges/clock
2015-08-28 13:02:35 -07:00
0e0f709cfe
Update CFSSL.
...
This pulls in https://github.com/cloudflare/cfssl/pull/312 , which fixes a bug
that was causing us to generate not-yet-valid OCSP.
2015-08-19 22:05:05 -07:00
f7ebed875c
update github.com/miekg/dns
...
This is needed for the race condition that errors in our test suite on
Go 1.5rc1 that was fixed in https://github.com/miekg/dns/pull/245
2015-08-13 14:50:58 -07:00
4aef1ad2fb
godep update golang.org/x/crypto/ocsp
2015-08-12 08:52:55 -07:00
48e6f45bf5
Updating go-jose to address panics
2015-07-30 13:45:19 -04:00
76a2e15958
Godep refresh after landing changes in github.com/letsencrypt/go-jose
2015-07-29 13:56:49 -04:00
d115e5cb60
Resync with latest letsencrypt/go-jose to fix jwk encoding.
2015-07-28 16:25:30 +02:00
9423467142
Switch to our own fork of go-jose.
...
This is the result of `godep save -r ./...` and
`git rm -r -f Godeps/_workspace/src/github.com/square`
Our fork is currently at the head of go-jose when Richard made the local nonce
changes, with the nonce changes added on top. In other words, the newly created
files are exactly equal to the deleted files.
In a separate commit I will bring our own go-jose fork up to the remote head,
then update our deps.
Also note: Square's go-jose repo contains a `cipher` package. Since we don't
make any changes to that package, we leave it imported as-is.
2015-07-24 14:39:00 -07:00
8092b42dd6
Merge pull request #525 from letsencrypt/update-cfssl-nopkcs11
...
Update cfssl to latest master.
2015-07-24 11:56:51 -07:00
194658f019
Update cfssl to latest master.
...
This changes the default pkcs11 tag so pkcs11 is included by default.
This will let us remove -tags pkcs11 from our build scripts.
2015-07-24 10:54:16 -07:00
5b019f5ea8
Update miekg/dns dependency
2015-07-22 12:37:50 -07:00
dd19f0a529
Update cfssl to latest master.
...
Picks up fix for specifying User Notice policy qualifier.
Specify user notice in test configs.
2015-07-02 19:36:50 -07:00
d462d0af43
Purge CAA parsing code, update miekg/dns dep
2015-06-19 18:53:00 +01:00
05f04709e9
Update cfssl dependency to latest master
...
Also, remove dependency on cfssl CLI binary, and transitive dependency cf-tls.
These are no longer necessary now that we use the local signer. And the cf-tls
dependency had drifted out of date, causing build issues when I updated cfssl to
master.
2015-06-17 09:26:52 -07:00
0265b6f5d0
Merge upstream/master and fix conflicts
2015-06-10 12:43:11 -07:00
d80d301447
Update latest CFSSL to pick up OCSP config.
2015-06-03 16:51:23 -07:00
c433da1a6f
Properly updating this time
2015-05-30 12:09:06 -04:00
b2f1dd82b6
vendor miekg/dns dependency
2015-05-27 20:49:58 +01:00
3eed9e3f7c
Move to Square's go-jose library.
2015-05-13 17:36:38 -07:00
8a6748182e
add gorp dep
2015-05-02 16:00:35 -07:00
757d8616cc
Update latest CFSSL to pick up whitelisting.
2015-04-17 11:42:38 -04:00
e35f138fc1
Update Godeps.
2015-04-15 16:55:27 -04:00
990aaeebba
Merge remote-tracking branch 'le/master' into update-cfssl
...
Conflicts:
Godeps/Godeps.json
2015-04-15 16:33:57 -04:00
7c61a88cfa
Update cfssl dependencies.
2015-04-13 14:18:29 -04:00
ed4a147737
fix conflict
2015-04-12 21:55:01 -07:00
274e7efd3c
switch client lib
2015-04-12 01:38:39 -07:00
1938e305e2
switch to statsd
2015-04-11 20:01:45 -07:00
4bdec58e05
Include cfssl in vendored deps.
...
And introduce a start.sh that starts both boulder and cfssl.
2015-04-10 16:39:56 -07:00
99bf61c0ac
Add Godeps.
2015-03-26 14:20:34 -07:00
Jacob Hoffman-Andrews