6f60530781
Add hostnameOverride.
2015-08-21 16:09:57 -07:00
178991e811
Add a sleep to placate the race detector.
2015-08-21 16:07:14 -07:00
efa94628c7
Refactor VA test to use Go's httptest.
...
Previously the VA test had race conditions where the various test servers would
not shut down before the next test started its own server, and the necessary port
wouldn't be available.
Go's httptest makes shutdown simpler, and also chooses a random port, which
further helps avoid collisions.
This change required refactoring the VA to specify the ports for various
challenges as fields. This should allow us to fully remove the TestMode bool in
a subsequent change.
Credit to jmhodges for the first version of this patch.
2015-08-21 16:07:10 -07:00
60274cd915
Rebase fixes
2015-08-13 22:55:58 -07:00
f15402282c
Review rework
...
Refactor DNS problem details use
Actually store and log resolved addresses
Less convuluted get adresses function/usage
Store redirects, reconstruct transport on redirect, add redirect + lookup tests
Add another test
Review fixes
Initial bulk of review fixes (cleanups inc)
Comment cleanup
Add some more tests
Cleanups
Give addrFilter a type and add the config wiring
Expose filters
LookupHost cleanups
Remove Resolved Addresses and Redirect chain from replies to client without breaking RPC layer
Switch address/redirect logging method, add redirect loop checking + test
Review fixes + remove IPv6
Remove AddressFilter remnant + constant-ize the VA timeout
Review fixes pt. 1
Initialize validation record
Don't blank out validation reocrds
Add validation record sanity checking
Switch to shared struct
Check port is in valid range
Review fixes
2015-08-13 22:49:33 -07:00
84757bea8a
Change remote IP address without changing requested URL.
2015-08-13 22:45:19 -07:00
9a328b4fd1
Log IPs in a better place, by storing them in the challenge objects!
2015-08-13 22:45:19 -07:00
6a75eb199e
Resolve validation hostnames and log addresses, use first resolved address to construct validation address
2015-08-13 22:45:19 -07:00
6970caa0e8
Various cleans and documentation fixes
2015-08-11 18:00:47 -07:00
8789f925cc
Merge master
2015-08-11 16:39:31 -07:00
bef0dbf99a
Address @jcj comments on #497
2015-07-30 16:24:07 -04:00
7e3058d099
More deterministic token control
2015-07-29 15:35:52 -04:00
2ecdd056de
Re-add tests removed during rebase.
2015-07-29 15:03:12 -04:00
f506da377a
Clean up Challenge.MergeResponse
2015-07-29 12:59:52 -04:00
4f95f66f98
Remove AcmeJWS and move everything over to LE fork of go-jose
2015-07-29 12:44:39 -04:00
9e87cef807
Further test fixes
2015-07-29 12:20:00 -04:00
de5c50739a
Mostly fixed tests
2015-07-29 12:19:12 -04:00
e60df240d8
Update DVSNI and DNS challenges
2015-07-29 12:19:12 -04:00
4cac9da9fd
Refactor simpleHttp challenge
2015-07-29 12:18:09 -04:00
8ec9723166
Do not test CAA lookup behavior for "CNAME+CAA both exist."
2015-07-27 21:51:14 -04:00
a843772736
Follow CNAME and DNAME during CAA lookups, cf. RFC 6844.
2015-07-26 01:25:30 -04:00
d30ea8a4b6
Distinguish between "lookup failed" and "CNAME does not exist" in LookupCNAME.
2015-07-25 05:47:15 -04:00
a6a1e27ac7
Remove useless test function.
2015-07-21 21:40:20 -04:00
2583ce55a5
Verify logs were generated.
2015-07-21 21:37:34 -04:00
e09f9eebf1
Merge remote-tracking branch 'upstream/master' into 414-va-log-redirects
...
Conflicts:
va/validation-authority_test.go
2015-07-21 21:32:50 -04:00
99c339f850
Merge pull request #498 from tomclegg/490-mock-logs
...
Add mock for syslog.
2015-07-21 17:40:06 -07:00
2d0be62966
Use mock syslog in test suites (except core and log). Drop SwitchLog().
2015-07-21 17:06:39 -04:00
55d5488b49
Merge branch 'master' into dnssec-cleanup
2015-07-21 17:14:41 +02:00
d8a12d8073
Addressing @bifurcation comments
2015-07-21 16:42:23 +02:00
0e72f95660
Add mock for syslog.
2015-07-19 05:44:56 -04:00
7b3378fcc1
Change "redirecting" log level from Notice to Info.
2015-07-18 22:17:45 -04:00
d94860b6cb
Log redirects encountered during HTTP validation. Fixes #414
2015-07-16 22:26:11 -04:00
ef54dda46a
add debug http server to services
...
Currently, the debug http server in every service contains just the
net/http/pprof handlers. This allows us to get CPU, blocking, and memory
profiling remotely.
Along the way, remove all the places we use http.DefaultServeMux (which
includes use of http.Handle and http.HandlerFunc) and use a NewServeMux
for each place.
Fixes #457
2015-07-14 01:28:18 -07:00
d403a4224b
Remove another timeout catcher
2015-07-08 22:24:50 +01:00
e50ad76edd
Change tests to indicate testing SERVFAIL not DNSSEC
2015-07-08 22:18:38 +01:00
0cea5dffd0
Remove dangling timeout workarounds
2015-07-08 22:11:56 +01:00
720fc2450d
Remove timeout catching in preparation for #438
2015-07-08 20:57:58 +01:00
3aa6befb0b
Review fixes
2015-07-08 20:57:58 +01:00
e3780d3234
Move CNAME call to getCAA
2015-07-08 20:57:58 +01:00
34bd2a2915
Review fixes
2015-07-08 20:56:59 +01:00
cb1ddfaf78
Add parseDNSError method and use it to provide better problem detail, also add test workaround for timeouts until #401 is fixed
2015-07-08 20:52:40 +01:00
dfed747a99
Put LookupHost back, and re-add checks to validateSimpleHTTP and validateDvsni
2015-07-08 20:48:42 +01:00
2d339651d7
Remove LookupDNSSEC and LookupHosts methods, and their usage, log SERVFAIL from resolver and query type it came from, ignore SERVFAIL from LookupCAA
2015-07-08 20:47:46 +01:00
294a313974
Cleanup rebase/merge artifact
2015-07-07 22:35:39 +01:00
624581518d
Consistent domain usage, DNSResolver comment, and empty CAA test
2015-07-07 22:31:44 +01:00
5b092db5c7
Actually add mock file, and remove unused commented tests
2015-07-07 22:31:44 +01:00
f6248ef279
Flesh out DNS mock methods, and move them to their own sub-module instead of under test/ to avoid import loop, Add Loopback DNS resolver for core/dns_test.go
2015-07-07 22:31:44 +01:00
e4055e4646
WIP
2015-07-07 22:31:43 +01:00
c48f6dfecf
Address review comments.
2015-06-30 06:13:38 +00:00
cebd1eee49
Update tests for TLS simpleHttp.
2015-06-28 09:04:09 +00:00
69a0781139
Allow TLS simpleHttp in test mode.
2015-06-28 06:48:40 +00:00
b4ab015eb4
Better RTT metric names, and initial work on RPC call success/failure metrics
2015-06-26 18:41:23 +01:00
4346e55d8c
Review fixes and rtt cleanups, further cleanup is blocked by #413
2015-06-25 17:55:59 -07:00
12589834a3
Merge master
2015-06-25 15:59:59 -07:00
04770218ac
Remove DNSSEC from simpleHttp and dvsni
2015-06-23 23:33:48 -07:00
9a0d4aef0a
Fix build problem
2015-06-23 12:02:37 -07:00
718920afa3
Enable the VA to send a user-agent header field.
2015-06-23 11:15:51 -07:00
4715b4895a
Fix #386 : `go vet` on VA.
2015-06-22 05:55:57 -07:00
9edd2b8e07
Refactor StatsD metrics collection
...
- Moved HandlerTimer definition from various cmd/ binaries to cmd/shell.go
- Cleaned up HandlerTimer endpoint metrics
- Moved New... counter metrics from WFE to RA and add Updated... and Finalized... ones
- Added error code and problem type counter metrics to WFE
- Added validation type / status counter metrics to VA
- Consistently return the total RTT from LookupCAA, LookupCNAME, and LookupDNSSEC method
- Added DNS RTT timing metrics to VA for the various Loookup... methods
2015-06-21 23:28:10 -07:00
2d92fd92d6
Rework per @rolandshoemaker
2015-06-20 13:27:29 -07:00
ddb4249f18
Fixes #383 - Fix error leg in DNS validation
2015-06-20 10:51:52 -07:00
d712bcc8a8
Fixes #382 : Log more consistently
2015-06-20 10:48:14 -07:00
1b65434256
Merge master
2015-06-19 20:16:16 +01:00
cd10bd4726
Add DNSSEC check for A/AAAA records to validateSimpleHTTP and validateDvsni
2015-06-19 20:03:27 +01:00
5979abb244
Remove unused CAA type definition
2015-06-19 19:20:26 +01:00
948cca7172
Consolidate CAA functions into va/validation-authority.go and core/dns.go
2015-06-19 19:06:50 +01:00
d462d0af43
Purge CAA parsing code, update miekg/dns dep
2015-06-19 18:53:00 +01:00
99d0fd7dc8
Removed straggling debugging code
2015-06-18 16:01:15 -07:00
93ff18b365
Finished addinig validation errors
2015-06-18 14:10:24 -07:00
f19cad3a04
Additional cleanup of error handling
2015-06-18 10:08:59 -07:00
6fac234036
Updated error messages and internal error handling
2015-06-17 10:56:46 -07:00
41f5788c77
Correct most `go lint` warnings. (274 -> 5)
2015-06-16 22:18:28 -05:00
b24f6b23fe
Moved to `miekg/dns` for the VA.
...
- Created some helper methods to run DNSSEC and reduce code reuse
- Support multiple DNS servers, but not in the Config file (yet)
- Fix typo; r=@rolandshoemaker
2015-06-16 19:37:15 -05:00
fcaa6b9530
Issue #11 : Add tests
2015-06-16 09:03:03 -05:00
cc97492a54
Issue #11 : Basic DNS Challenge support
2015-06-16 09:03:03 -05:00
3ca3d9b283
Finished adding basic errors
2015-06-15 19:30:11 -07:00
f4ee29d1d3
Change all references from SimpleHTTPS -> SimpleHTTP
2015-06-12 11:22:04 -07:00
ef3adda09b
Switch TLS to pointer
2015-06-11 22:08:38 -07:00
c301125e93
Add TLS field to core.Challenge per spec
2015-06-11 17:12:50 -07:00
6c0127d1b0
Add some comments, clean up RFC 6844 query order
2015-06-10 17:27:08 -07:00
00053e4232
Remove debug statement
2015-06-10 16:18:52 -07:00
34946c99bb
Fix typo
2015-06-10 15:56:52 -07:00
7029124c75
Add checking for DNSSEC failure at the resolver
2015-06-10 15:50:17 -07:00
e3eb074dd3
Review fixes
2015-06-10 14:16:06 -07:00
0265b6f5d0
Merge upstream/master and fix conflicts
2015-06-10 12:43:11 -07:00
050887bff6
Ignore closed connection errors from httpsServer.Serve
2015-06-08 13:29:29 -07:00
3e43e05553
Don't write to dead simpleSrv/dvsniSrv connections
2015-06-08 12:54:38 -07:00
30d2c0d1c7
Don't try to write to connection after it has been closed
2015-06-08 11:40:21 -07:00
78cbc1a091
Decrease block time so connection doesn't time out
2015-06-08 11:06:16 -07:00
94bbd22f00
Add explicit timeout tests
2015-06-06 09:55:43 -07:00
d145a3dc5a
Add timeout to validateDvsni method
2015-06-05 14:09:28 +01:00
9917ca17f6
Clean up TODOs
2015-06-01 02:05:17 -04:00
5c235e0000
add explicit CAA RDATA length check
2015-05-29 21:39:25 +01:00
2366a4a1a3
Add VA blocker check
2015-05-29 11:26:06 +01:00
81c7466e97
add rpc-wrapper and interface code
2015-05-28 09:58:16 +01:00
0ef15b0b81
cleanup & tests
2015-05-28 09:25:04 +01:00
b2f1dd82b6
vendor miekg/dns dependency
2015-05-27 20:49:58 +01:00
5627f4e69f
add the various caa dns utilities
2015-05-27 19:51:51 +01:00
bc3acca096
Resolved Issue #230
...
- Move setting the core.Registration.Key field from RA.NewRegistration to
WFE.NewRegistration to avoid a chicken-and-egg problem.
- Note: I kept the RPC wrapper object even though it now only has one field.
Seems like it's a good practice to use wrapper objects, even though we don't
everywhere.
2015-05-26 14:44:15 -07:00
e1eeebce52
Only run validations against updated challenges (instead of everything)
2015-05-26 17:08:49 +01:00
cecd097f68
Improve unit testing to resolve Issue #217
...
- Support multiple HTTPserver instances in `validation-authority_test.go`
- Improve coverage of ValidateDvsni and ValidateHttps
- Cover UpdateValidations
2015-05-21 13:59:30 -07:00
1c9837ddf8
Audit all Challenges (success/failure) in VA for Issue #204
...
- Don't ignore entropy underruns in challenges.go
- Correct identity crisis in Policy Authority; hopefully it will remember.
- Add a method `AuditObject` in audit-logger and convert RA/VA to use it
- Fix json typo in registration-authority that caused empty audit logs
- Fix vet issue in WFE where RegID was being printed as a 32-bit int instead of 64-bit
- Unfix the issue in WFE where RegID isn't right, per PR #215
2015-05-21 13:58:40 -07:00
42302541bd
Run `go fmt` for PR #186
2015-05-18 18:44:38 -07:00
3eed9e3f7c
Move to Square's go-jose library.
2015-05-13 17:36:38 -07:00
8acae627eb
Fix sanity checking for challenges.
...
Also add more debug logging.
2015-05-08 15:32:11 -07:00
14fde00182
Merge pull request #162 from rolandshoemaker/enrobe
...
Reduce use of naked returns
2015-05-08 08:59:52 -07:00
ee47c84838
enrobe longer functions + various return semantics cleanups
2015-05-07 18:15:41 -07:00
07310b5fa1
hook sanity check into VA and RA
2015-05-06 15:19:21 -07:00
ca796dd2fe
remove useless test stub
2015-05-05 15:37:04 -07:00
3fddff8dcf
further tests for VA, consistent sendError for verifyPOST in WFE
2015-05-05 15:31:53 -07:00
48296727e2
real errors
2015-05-05 14:38:29 -07:00
4b74a544c5
hacky fix so we don't require sudo
2015-05-05 14:34:25 -07:00
4fc3a1146e
VA tests, WFE tests, plus WFE NewRegistration empty payload fix
2015-05-04 18:43:18 -07:00
a77152e828
Rework Authority "New" methods to obtain AuditLogger from Singleton
...
- Also ran `go fmt` against these files I was touching anyway:
sa/storage-authority.go
va/validation-authority.go
wfe/web-front-end.go
2015-05-01 21:50:07 -07:00
d4aa8c6c78
Close connection after DVSNI.
2015-04-27 15:50:18 -07:00
66cb0fcefe
Fix format strings for serials and DVSNI.
2015-04-27 14:47:06 -07:00
9124b34b31
Improve Validation Authority
...
SimpleHTTPS works in both local test mode and live mode.
Don't keep alive SimpleHTTPS connections after verifying challenge.
2015-04-27 13:18:38 -07:00
e210f2c623
Fix live validation for SimpleHTTPS.
2015-04-24 19:20:58 -07:00
1065b14c9c
Add more logging to boulder.
2015-04-24 18:39:50 -07:00
b9c7efb9f8
Constant-time compare zName.
...
Fixes https://github.com/letsencrypt/boulder/issues/52 .
Note that this is probably not a vulnerability, since the value of zName is not
a secret from the subscriber. But better to eliminate this code smell.
2015-04-13 17:47:58 -04:00
5d155e209b
forgot to remove encoding/hex
2015-04-08 22:40:05 -07:00
f7e3df3f67
fix Z computation
2015-04-08 22:30:12 -07:00
84df10fd6e
Add empty tests where missing.
...
This will bring our coverage numbers down to a more meaningful number, and will
mean that we can start aiming to increase them monotonically.
2015-04-07 11:27:33 -07:00
ccbbeccb00
gofmt
2015-03-25 14:52:50 -07:00
5eac0cda09
Add a "TestMode" config option
...
This makes the same change as PR #59 , but allows test mode to be turned
back on with a config option.
2015-03-25 12:58:57 -07:00
33ac212b70
Add logging infrastructure to all authorities and commands
2015-03-24 19:06:11 -07:00
4e0aa900c9
Rebase 'lint-errcheck-fixes' of git://github.com/mvdan/boulder to letsencrypt/master
...
Conflicts:
cmd/boulder-start/main.go
core/interfaces.go
core/objects.go
core/util.go
ra/registration-authority.go
ra/registration-authority_test.go
rpc/rpc-wrappers.go
va/validation-authority.go
wfe/web-front-end.go
2015-03-20 18:01:03 -07:00
d938deb3fd
Separate resources for challenges [initial]
2015-03-14 19:07:16 -04:00
d66e581736
Replace Https by HTTPS as per golint
2015-03-12 12:21:40 +01:00
880821801e
hash.Hash.Write() never returns an error
2015-03-12 12:18:37 +01:00
37919058e5
Pulling out va module
2015-03-10 14:26:20 -07:00
Jacob Hoffman-Andrews