letsencrypt
/
boulder
mirror of https://github.com/letsencrypt/boulder.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
6,931 Commits 89 Branches 416 Tags 101 MiB
Commit Graph

6 Commits

Author SHA1 Message Date
Aaron Gable 75a89f7a4a
Simplify and fix CRL observer IDP check (#8069) 
The conditional introduced in
https://github.com/letsencrypt/boulder/pull/8067 contained a bug left
over from an earlier draft of the PR. Remove the zero-length check to
ensure the code matches the documented intent.
 2025-03-17 14:34:14 -07:00
Aaron Gable d045b387ef
Observer: detect CRL IDP mismatch (#8067) 
Give boulder-observer the ability to detect if the CRL it fetches is the
CRL it expects, by comparing that CRLs issuingDistributionPoint
extension to the prober's configured URL. Only do this if instructed to
(by configuring the CRL prober as "partitioned") because non-partitioned
CRLs do not necessarily contain an IDP.

Fixes https://github.com/letsencrypt/boulder/issues/7527
 2025-03-14 14:52:29 -07:00
Aaron Gable cb28a001e9
Unfork crl x509 (#7078) 
Delete our forked version of the x509 library, and update all call-sites
to use the version that we upstreamed and got released in go1.21. This
requires making a few changes to calling code:
- replace crl_x509.RevokedCertificate with x509.RevocationListEntry
- replace RevocationList.RevokedCertificates with
RevocationList.RevokedCertificateEntries
- make RevocationListEntry.ReasonCode a non-pointer integer

Our lints cannot yet be updated to use the new types and fields, because
those improvements have not yet been adopted by the zcrypto/x509 package
used by the linting framework.

Fixes https://github.com/letsencrypt/boulder/issues/6741
 2023-09-15 20:25:13 -07:00
Phil Porada d3845f25c6
Strict YAML parsing (#6652) 
Adds a custom YAML unmarshaller in the `//strictyaml` package based on
`go-yaml/yaml v3` with unique key detection enabled and ensures that
target struct is able to contain all target fields.

Fixes https://github.com/letsencrypt/boulder/issues/3344.
 2023-02-22 14:56:26 -05:00
Phil Porada 365c9af463
Replace deprecated iotuil.ReadAll with io.ReadAll (#6678) 
Per [1]: 
> Deprecated: As of Go 1.16, this function (ioutil.ReadAll) simply calls
io.ReadAll.

1. https://pkg.go.dev/io/ioutil#ReadAll
 2023-02-21 11:07:55 -08:00
Preston Locke 8477ba38e3
boulder-observer: Add a CRL prober type (#6349) 
This PR is a follow-up to #6277 and #6290 to add a new prober type to
boulder-observer for monitoring CRLs, making use of the new prober-specific
metrics capability to define the following new metrics:

- `obs_crl_this_update` the Unix timestamp of the CRL's thisUpdate value
- `obs_crl_next_update` the Unix timestamp of the CRL's nextUpdate value
- `obs_crl_revoked_cert_count` the number of certificates listed in the CRL

**Configuration:** Each defined CRL monitor takes a single configuration option,
a URL that specifies the location of the CRL to monitor.

**Metrics:** The three CRL-specific metrics described above are only published
at /metrics if at least one valid monitor is defined in the config.yml. The
metrics have a single label `url` that is set to the URL configured for the
monitor
 2022-09-15 11:44:56 -07:00