letsencrypt
/
boulder
mirror of https://github.com/letsencrypt/boulder.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
2,959 Commits 89 Branches 416 Tags 101 MiB
Commit Graph

566 Commits

Author SHA1 Message Date
Kane York df6bb5126a Set the mysql logger in shell.go/StatsAndLogging() 
Fixes #1507
 2016-02-22 16:15:08 -08:00
Jacob Hoffman-Andrews 9dcd6e3e3e Add config flag to enable must staple. 
This ensures we don't try to pass the must staple extension to CFSSL until we've
also enabled it in AllowedExtensions in our CFSSL profile.
 2016-02-19 14:52:23 -08:00
Jessica Frazelle 7955e268c7
go lint fixes 
Signed-off-by: Jessica Frazelle <acidburn@docker.com>
 2016-02-17 11:36:06 -08:00
Jessica Frazelle 3df2e942be
go fmt fixes 
Signed-off-by: Jessica Frazelle <acidburn@docker.com>
 2016-02-16 12:19:15 -08:00
Jeff Hodges 1498381e76 issue without a CommonName if not given one 
It's behind a new temporary config flag.

Also, check if the CN is over 64 bytes.

This also makes sure the certificate's Subject is not empty if the CN is
empty by always setting the SerialNumber in Subject.

While I was here, I also corrected the logged hex encoding of
SerialNumber so that its prefixed by zeroes correctly. See the use of
core.SerialToString in IssueCertificate.

I also added a test for the no CommonName and no SANs case.

Fixes #40
 2016-02-12 11:49:16 -08:00
Jacob Hoffman-Andrews 0fda27e15a Remove checking of ocspResponses table. 
We now use the certificateStatus table.
 2016-02-09 10:36:41 -08:00
Jeff Hodges 57b6dd5bb5 make HTTPMonitor a http.Handler 2016-02-01 22:01:21 -08:00
Jeff Hodges c156f99106 ocsp-responder: 200 on GET / 
Some stat services, we believe, are saying the ocsp-responder is down
because / returns 400 Bad Request currently.

Shuffle some code into a new `mux` function to make it easier to test.
 2016-02-01 20:03:45 -08:00
Roland Shoemaker c3a6a837a4 Merge branch 'master' into more-revoker 2016-02-01 15:38:05 -08:00
Jeff Hodges 8e8161f94b dedup emails sent to same reg in given batch 
This deduplicates the certificate expiration emails sent to a given
registration in a given batch defined by the Mailer.CertLimit option.

Fixes #1358.
 2016-01-27 20:39:52 -08:00
Roland Shoemaker 7ea91448e4 Merge branch 'master' into more-revoker 2016-01-27 13:51:36 -08:00
Jeff Hodges 6233be1ff0 Merge branch 'master' into smtp-secret 2016-01-27 11:00:55 -08:00
Roland Shoemaker 184b0b06bb Merge branch 'smtp-secret' of github.com:letsencrypt/boulder into smtp-secret 2016-01-26 15:48:33 -08:00
Roland Shoemaker b92d1b7ca9 Move test_secret file 2016-01-26 15:48:16 -08:00
Roland Shoemaker 29127d5779 Add tool to find orphaned certificates in boulder-ca logs 2016-01-26 15:43:23 -08:00
Jeff Hodges 49917cd3a2 Merge branch 'master' into smtp-secret 2016-01-26 15:37:51 -08:00
Jacob Hoffman-Andrews ad5ac41d67 Add email templates to RPM. 
Also add a test that templates compile and run with current code.
 2016-01-25 16:40:58 -08:00
Roland Shoemaker d1428e164e Add basic test 2016-01-25 11:47:30 -08:00
Roland Shoemaker f02864fb7e Read SMTP password from file 2016-01-24 15:35:04 -08:00
Hugo Landau f49028107e Allow CFSSL profiles to be selected by key type 
Allows multiple CFSSL profiles to be defined. A profile is selected by
key type. ECDSA keys get one profile, RSA keys get another.

Either the "profile" config option or the "rsaProfile" and
"ecdsaProfile" config options must be specified. Both cannot be
specified. Specifying "profile" uses the same profile for RSA and ECDSA.

Fixes #1384
 2016-01-22 11:00:41 +00:00
Roland Shoemaker 199e0f6e8d Review fixes 2016-01-15 13:51:14 -08:00
Roland Shoemaker 11661bab9e Merge branch 'master' into more-revoker 2016-01-15 13:41:55 -08:00
Jacob Hoffman-Andrews 6d33280249 Add default value for KeyPolicy. 
This maintains our deployability guidelines, so the latest Boulder can be run
with the previous version of the config.
 2016-01-12 12:14:36 -08:00
Roland Shoemaker a77c8e3d5b Switch to single RevokeAuthorizationsByDomain SA method 2016-01-12 11:49:51 -08:00
Jacob Hoffman-Andrews 556afa3547 Reuse a single connection to SMTP server. 
Also, add a Subject config field and use TLS-wrapped SMTP if appropriate.
 2016-01-11 15:51:54 -08:00
Roland Shoemaker cbdf0444b6 review fixes 2016-01-08 16:21:12 -08:00
Jeff Hodges 502aea76db Merge branch 'master' into mail-from 2016-01-07 15:13:42 -08:00
Jacob Hoffman-Andrews 945b727478 Parse from address to make sure it's valid. 2016-01-07 14:49:13 -08:00
Hugo Landau f218e314f8 Add good key testing for ECDSA. 2016-01-07 22:48:38 +00:00
Roland Bracewell Shoemaker 21f20b1430 Merge branch 'master' into delete_ca_revokecertificate 2016-01-07 12:34:39 -08:00
Jacob Hoffman-Andrews b61c2a7e3a Add a From field to mailer config. 
Fixes #1351.
 2016-01-07 12:24:51 -08:00
Roland Shoemaker c0a1d4494e Merge branch 'more-revoker' of github.com:letsencrypt/boulder into more-revoker 2016-01-06 17:36:52 -08:00
Roland Shoemaker 8173debeaa Review fixes 2016-01-06 17:36:34 -08:00
Roland Shoemaker 7e6a9ef562 Merge branch 'master' into mailer-fixes 2016-01-06 15:10:12 -08:00
Jeff Hodges f6473efcc2 delete ca.RevokeCertificate 
Also, delete the unused core.CertificateAuthorityDatabase while we're
here.

Fixes #1319
 2016-01-04 23:59:21 -08:00
Jeff Hodges 9913eb61ba Merge branch 'master' into more-revoker 2016-01-04 17:02:51 -08:00
Jeff Hodges adbbbec962 Merge branch 'master' into retry_dns 2016-01-04 16:38:27 -08:00
Alex Gaynor cbeffe96a6 Fixed a bunch of typos 2016-01-04 18:39:34 -05:00
Jeff Hodges 116ce96326 add retries and context deadlines to DNSResolver 
This provides a means to add retries to DNS look ups, and, with some
future work, end retries early if our request deadline is blown. That
future work is tagged with #1292.

Updates #1258
 2016-01-04 14:59:10 -08:00
Roland Shoemaker cb846d2e41 Actually add command to admin-revoker 2016-01-04 11:48:54 -08:00
Roland Shoemaker 6eb9c87dcb Add RPC to get all authorizations for a domain 2016-01-04 10:56:27 -08:00
Roland Shoemaker 4c47b2aa75 Add RevokeAuthorization RPC method 2015-12-31 16:13:06 +00:00
Roland Shoemaker aacafb7ff5 Add unit test 2015-12-29 20:50:26 +00:00
Roland Shoemaker eb52f02d06 Make expiration mailer RFC 822 compliant (and satisfy SpamAssassin) 2015-12-29 11:54:05 +00:00
Jeff Hodges e36895c9c5 bring RTT metrics inside DNSResolver 
This moves the RTT metrics calculation inside of the DNSResolver. This
cleans up code in the RA and VA and makes some adding retries to the
DNSResolver less ugly to do.

Note: this will put `Rate` and `RTT` after the name of DNS query
type (`A`, `MX`, etc.). I think that's fine and desirable. We aren't
using this data in alerts or many dashboards, yet, so a flag day is
okay.

Fixes #1124
 2015-12-16 17:41:42 -08:00
Roland Bracewell Shoemaker 982f8fe102 Merge branch 'master' into move_dns 2015-12-14 16:00:47 -08:00
Roland Shoemaker 3197177acf Merge branch 'master' into caa-integration 2015-12-14 12:07:45 -08:00
Jeff Hodges b31165444f move dns code to dns pkg and rename to bdns 
Moves the DNS code from core to dns and renames the dns package to bdns
to be clearer.

Fixes #1260 and will be good to have while we add retries and such.
 2015-12-14 11:21:43 -08:00
Jeff Hodges 8300b06ad6 Merge branch 'master' into delete_old_challenges 2015-12-10 23:04:00 -08:00
Jacob Hoffman-Andrews 720afe5573 Merge branch 'master' into activity-monitor-bind 2015-12-10 18:21:29 -08:00