69a0781139
Allow TLS simpleHttp in test mode.
2015-06-28 06:48:40 +00:00
b4ab015eb4
Better RTT metric names, and initial work on RPC call success/failure metrics
2015-06-26 18:41:23 +01:00
4346e55d8c
Review fixes and rtt cleanups, further cleanup is blocked by #413
2015-06-25 17:55:59 -07:00
12589834a3
Merge master
2015-06-25 15:59:59 -07:00
04770218ac
Remove DNSSEC from simpleHttp and dvsni
2015-06-23 23:33:48 -07:00
9a0d4aef0a
Fix build problem
2015-06-23 12:02:37 -07:00
718920afa3
Enable the VA to send a user-agent header field.
2015-06-23 11:15:51 -07:00
4715b4895a
Fix #386 : `go vet` on VA.
2015-06-22 05:55:57 -07:00
9edd2b8e07
Refactor StatsD metrics collection
...
- Moved HandlerTimer definition from various cmd/ binaries to cmd/shell.go
- Cleaned up HandlerTimer endpoint metrics
- Moved New... counter metrics from WFE to RA and add Updated... and Finalized... ones
- Added error code and problem type counter metrics to WFE
- Added validation type / status counter metrics to VA
- Consistently return the total RTT from LookupCAA, LookupCNAME, and LookupDNSSEC method
- Added DNS RTT timing metrics to VA for the various Loookup... methods
2015-06-21 23:28:10 -07:00
2d92fd92d6
Rework per @rolandshoemaker
2015-06-20 13:27:29 -07:00
ddb4249f18
Fixes #383 - Fix error leg in DNS validation
2015-06-20 10:51:52 -07:00
d712bcc8a8
Fixes #382 : Log more consistently
2015-06-20 10:48:14 -07:00
1b65434256
Merge master
2015-06-19 20:16:16 +01:00
cd10bd4726
Add DNSSEC check for A/AAAA records to validateSimpleHTTP and validateDvsni
2015-06-19 20:03:27 +01:00
5979abb244
Remove unused CAA type definition
2015-06-19 19:20:26 +01:00
948cca7172
Consolidate CAA functions into va/validation-authority.go and core/dns.go
2015-06-19 19:06:50 +01:00
d462d0af43
Purge CAA parsing code, update miekg/dns dep
2015-06-19 18:53:00 +01:00
99d0fd7dc8
Removed straggling debugging code
2015-06-18 16:01:15 -07:00
93ff18b365
Finished addinig validation errors
2015-06-18 14:10:24 -07:00
f19cad3a04
Additional cleanup of error handling
2015-06-18 10:08:59 -07:00
6fac234036
Updated error messages and internal error handling
2015-06-17 10:56:46 -07:00
41f5788c77
Correct most `go lint` warnings. (274 -> 5)
2015-06-16 22:18:28 -05:00
b24f6b23fe
Moved to `miekg/dns` for the VA.
...
- Created some helper methods to run DNSSEC and reduce code reuse
- Support multiple DNS servers, but not in the Config file (yet)
- Fix typo; r=@rolandshoemaker
2015-06-16 19:37:15 -05:00
fcaa6b9530
Issue #11 : Add tests
2015-06-16 09:03:03 -05:00
cc97492a54
Issue #11 : Basic DNS Challenge support
2015-06-16 09:03:03 -05:00
3ca3d9b283
Finished adding basic errors
2015-06-15 19:30:11 -07:00
f4ee29d1d3
Change all references from SimpleHTTPS -> SimpleHTTP
2015-06-12 11:22:04 -07:00
ef3adda09b
Switch TLS to pointer
2015-06-11 22:08:38 -07:00
c301125e93
Add TLS field to core.Challenge per spec
2015-06-11 17:12:50 -07:00
6c0127d1b0
Add some comments, clean up RFC 6844 query order
2015-06-10 17:27:08 -07:00
00053e4232
Remove debug statement
2015-06-10 16:18:52 -07:00
34946c99bb
Fix typo
2015-06-10 15:56:52 -07:00
7029124c75
Add checking for DNSSEC failure at the resolver
2015-06-10 15:50:17 -07:00
e3eb074dd3
Review fixes
2015-06-10 14:16:06 -07:00
0265b6f5d0
Merge upstream/master and fix conflicts
2015-06-10 12:43:11 -07:00
050887bff6
Ignore closed connection errors from httpsServer.Serve
2015-06-08 13:29:29 -07:00
3e43e05553
Don't write to dead simpleSrv/dvsniSrv connections
2015-06-08 12:54:38 -07:00
30d2c0d1c7
Don't try to write to connection after it has been closed
2015-06-08 11:40:21 -07:00
78cbc1a091
Decrease block time so connection doesn't time out
2015-06-08 11:06:16 -07:00
94bbd22f00
Add explicit timeout tests
2015-06-06 09:55:43 -07:00
d145a3dc5a
Add timeout to validateDvsni method
2015-06-05 14:09:28 +01:00
9917ca17f6
Clean up TODOs
2015-06-01 02:05:17 -04:00
5c235e0000
add explicit CAA RDATA length check
2015-05-29 21:39:25 +01:00
2366a4a1a3
Add VA blocker check
2015-05-29 11:26:06 +01:00
81c7466e97
add rpc-wrapper and interface code
2015-05-28 09:58:16 +01:00
0ef15b0b81
cleanup & tests
2015-05-28 09:25:04 +01:00
b2f1dd82b6
vendor miekg/dns dependency
2015-05-27 20:49:58 +01:00
5627f4e69f
add the various caa dns utilities
2015-05-27 19:51:51 +01:00
bc3acca096
Resolved Issue #230
...
- Move setting the core.Registration.Key field from RA.NewRegistration to
WFE.NewRegistration to avoid a chicken-and-egg problem.
- Note: I kept the RPC wrapper object even though it now only has one field.
Seems like it's a good practice to use wrapper objects, even though we don't
everywhere.
2015-05-26 14:44:15 -07:00
e1eeebce52
Only run validations against updated challenges (instead of everything)
2015-05-26 17:08:49 +01:00
cecd097f68
Improve unit testing to resolve Issue #217
...
- Support multiple HTTPserver instances in `validation-authority_test.go`
- Improve coverage of ValidateDvsni and ValidateHttps
- Cover UpdateValidations
2015-05-21 13:59:30 -07:00
1c9837ddf8
Audit all Challenges (success/failure) in VA for Issue #204
...
- Don't ignore entropy underruns in challenges.go
- Correct identity crisis in Policy Authority; hopefully it will remember.
- Add a method `AuditObject` in audit-logger and convert RA/VA to use it
- Fix json typo in registration-authority that caused empty audit logs
- Fix vet issue in WFE where RegID was being printed as a 32-bit int instead of 64-bit
- Unfix the issue in WFE where RegID isn't right, per PR #215
2015-05-21 13:58:40 -07:00
42302541bd
Run `go fmt` for PR #186
2015-05-18 18:44:38 -07:00
3eed9e3f7c
Move to Square's go-jose library.
2015-05-13 17:36:38 -07:00
8acae627eb
Fix sanity checking for challenges.
...
Also add more debug logging.
2015-05-08 15:32:11 -07:00
14fde00182
Merge pull request #162 from rolandshoemaker/enrobe
...
Reduce use of naked returns
2015-05-08 08:59:52 -07:00
ee47c84838
enrobe longer functions + various return semantics cleanups
2015-05-07 18:15:41 -07:00
07310b5fa1
hook sanity check into VA and RA
2015-05-06 15:19:21 -07:00
ca796dd2fe
remove useless test stub
2015-05-05 15:37:04 -07:00
3fddff8dcf
further tests for VA, consistent sendError for verifyPOST in WFE
2015-05-05 15:31:53 -07:00
48296727e2
real errors
2015-05-05 14:38:29 -07:00
4b74a544c5
hacky fix so we don't require sudo
2015-05-05 14:34:25 -07:00
4fc3a1146e
VA tests, WFE tests, plus WFE NewRegistration empty payload fix
2015-05-04 18:43:18 -07:00
a77152e828
Rework Authority "New" methods to obtain AuditLogger from Singleton
...
- Also ran `go fmt` against these files I was touching anyway:
sa/storage-authority.go
va/validation-authority.go
wfe/web-front-end.go
2015-05-01 21:50:07 -07:00
d4aa8c6c78
Close connection after DVSNI.
2015-04-27 15:50:18 -07:00
66cb0fcefe
Fix format strings for serials and DVSNI.
2015-04-27 14:47:06 -07:00
9124b34b31
Improve Validation Authority
...
SimpleHTTPS works in both local test mode and live mode.
Don't keep alive SimpleHTTPS connections after verifying challenge.
2015-04-27 13:18:38 -07:00
e210f2c623
Fix live validation for SimpleHTTPS.
2015-04-24 19:20:58 -07:00
1065b14c9c
Add more logging to boulder.
2015-04-24 18:39:50 -07:00
b9c7efb9f8
Constant-time compare zName.
...
Fixes https://github.com/letsencrypt/boulder/issues/52 .
Note that this is probably not a vulnerability, since the value of zName is not
a secret from the subscriber. But better to eliminate this code smell.
2015-04-13 17:47:58 -04:00
5d155e209b
forgot to remove encoding/hex
2015-04-08 22:40:05 -07:00
f7e3df3f67
fix Z computation
2015-04-08 22:30:12 -07:00
84df10fd6e
Add empty tests where missing.
...
This will bring our coverage numbers down to a more meaningful number, and will
mean that we can start aiming to increase them monotonically.
2015-04-07 11:27:33 -07:00
ccbbeccb00
gofmt
2015-03-25 14:52:50 -07:00
5eac0cda09
Add a "TestMode" config option
...
This makes the same change as PR #59 , but allows test mode to be turned
back on with a config option.
2015-03-25 12:58:57 -07:00
33ac212b70
Add logging infrastructure to all authorities and commands
2015-03-24 19:06:11 -07:00
4e0aa900c9
Rebase 'lint-errcheck-fixes' of git://github.com/mvdan/boulder to letsencrypt/master
...
Conflicts:
cmd/boulder-start/main.go
core/interfaces.go
core/objects.go
core/util.go
ra/registration-authority.go
ra/registration-authority_test.go
rpc/rpc-wrappers.go
va/validation-authority.go
wfe/web-front-end.go
2015-03-20 18:01:03 -07:00
d938deb3fd
Separate resources for challenges [initial]
2015-03-14 19:07:16 -04:00
d66e581736
Replace Https by HTTPS as per golint
2015-03-12 12:21:40 +01:00
880821801e
hash.Hash.Write() never returns an error
2015-03-12 12:18:37 +01:00
37919058e5
Pulling out va module
2015-03-10 14:26:20 -07:00
Jakub Warmuz