letsencrypt
/
boulder
mirror of https://github.com/letsencrypt/boulder.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
1,133 Commits 89 Branches 416 Tags 101 MiB
Commit Graph

1133 Commits

Author SHA1 Message Date
Richard Barnes de5c50739a Mostly fixed tests 2015-07-29 12:19:12 -04:00
Richard Barnes e60df240d8 Update DVSNI and DNS challenges 2015-07-29 12:19:12 -04:00
Richard Barnes eca5f1c123 Add new simpleHttp to integration test 2015-07-29 12:18:09 -04:00
Richard Barnes 4cac9da9fd Refactor simpleHttp challenge 2015-07-29 12:18:09 -04:00
Roland Shoemaker 27708be2c3 Merge pull request #532 from tomclegg/cname-nxdomain 
Fix authz always failing when CAA record is not present + fix CAA lookup algorithm per RFC
 2015-07-28 20:58:17 -07:00
Tom Clegg 4f177d34af Return actual rtt for nxdomain/nxrrset responses, not 0. 2015-07-28 23:28:19 -04:00
Jacob Hoffman-Andrews c2942367ca Merge pull request #524 from r0ro/fix-jwk-exponent-encoding 
Fix jwk exponent encoding
 2015-07-28 16:28:20 -07:00
Romain Fliedel 36cba96fb2 update tests after jwk encoding fix. 2015-07-28 16:25:30 +02:00
Romain Fliedel d115e5cb60 Resync with latest letsencrypt/go-jose to fix jwk encoding. 2015-07-28 16:25:30 +02:00
Tom Clegg 1993dc44c6 Allow DNS cache to follow CNAME/DNAME for us when looking up CAA. 
Only if the cache returns nothing for the CNAME query do we need to
look up CNAME/DNAME explicitly, in order to check CAAs on the parent
of the CNAME target rather than the parent of the original name.
 2015-07-27 22:10:44 -04:00
Tom Clegg 8ec9723166 Do not test CAA lookup behavior for "CNAME+CAA both exist." 2015-07-27 21:51:14 -04:00
Jacob Hoffman-Andrews c7549c2bcc Merge pull request #543 from letsencrypt/ocsp-first-update-fix 
Fix OCSP updating.
 2015-07-27 17:13:08 -07:00
Jacob Hoffman-Andrews 4e1051bfdc Fix OCSP updating. 
Fixes https://github.com/letsencrypt/boulder/issues/539.

Passes a pointer to tx.Update() in the SA, resolving the gorp error we were
previously receiving in UpdateOCSP.

Fixes CA code to properly receive the error from UpdateOCSP, so future errors
will be logged correctly.
 2015-07-27 16:40:04 -07:00
Roland Shoemaker 7198f9e166 Merge pull request #537 from letsencrypt/ocsp-fix-updater 
Change core.Certificate.DER to []byte.
 2015-07-26 15:03:11 -07:00
Jacob Hoffman-Andrews aef83a3d02 Change core.Certificate.DER to []byte. 
Fixes https://github.com/letsencrypt/boulder/issues/519.

The previous type, JSONBuffer, was triggering a subtle bug when scanning
multiple rows from MySQL.  Since this struct is not serialized as JOSE it
doesn't need to have the JSONBuffer type.

The test for this fix is blocked on
https://github.com/letsencrypt/boulder/issues/132, so I filed a separate issue
to follow up with a test:
https://github.com/letsencrypt/boulder/issues/536
 2015-07-26 01:34:02 -07:00
Tom Clegg a843772736 Follow CNAME and DNAME during CAA lookups, cf. RFC 6844. 2015-07-26 01:25:30 -04:00
Jacob Hoffman-Andrews 79b2204319 Merge pull request #533 from tomclegg/dedup-test-scripts 
De-duplicate start.py and test/amqp-integration-test.py
 2015-07-25 21:06:03 -07:00
Roland Shoemaker 713f7ea352 Merge pull request #528 from letsencrypt/remove_posts 
remove dead POST code in wfe.Certificate
 2015-07-25 16:23:25 -07:00
Tom Clegg 51a9fe51f1 Remove 100K-second max runtime, just run until ^C or server crash. 2015-07-25 18:20:09 -04:00
Tom Clegg 2914ba6af5 Fix "main process kept alive forever by ToSServerThread." 2015-07-25 18:17:02 -04:00
Jeff Hodges b0402d1880 add POST back to wfe Authz test 2015-07-25 14:16:57 -07:00
Tom Clegg e6ca449d34 Bring up a stub ToS server in test scripts. 2015-07-25 16:21:40 -04:00
Tom Clegg e871b30cbf Shut down everything if any server exits before ^C/timer. Fixup log messages. 2015-07-25 15:59:38 -04:00
Tom Clegg 43c738cc93 Set GORACE env var only in "go build", not everywhere. 2015-07-25 14:51:22 -04:00
Tom Clegg d30ea8a4b6 Distinguish between "lookup failed" and "CNAME does not exist" in LookupCNAME. 2015-07-25 05:47:15 -04:00
Tom Clegg de5cce8c03 De-duplicate start.py and test/amqp-integration-test.py 2015-07-25 04:04:20 -04:00
Roland Shoemaker eb3ef4c98c Merge pull request #509 from r0ro/missing-reg-link 
Add missing link headers for registration resource update.
 2015-07-24 18:26:24 -07:00
Jacob Hoffman-Andrews 048dfa9242 Merge pull request #526 from letsencrypt/go-jose-fork 
Switch to our own fork of go-jose
 2015-07-24 17:17:48 -07:00
Jacob Hoffman-Andrews 1564f1c1a3 Merge pull request #529 from letsencrypt/remove_pkcs11_tag 
remove pkcs11 tag for build and test scripts
 2015-07-24 16:53:39 -07:00
Jeff Hodges 0ea7b36b6a remove dead POST code in wfe.Certificate 
The Certificate endpoint (a.k.a. /acme/cert) had code that took POSTs
but always returned errors when they were hit.
 2015-07-24 16:46:49 -07:00
Jeff Hodges f61dad3856 correct README discussion of godep 2015-07-24 16:39:33 -07:00
Jeff Hodges cfcd6dfc88 remove pkcs11 tag for build and test scripts 
With #525 in place, we no longer need to worry about setting the pkcs11
tag everywhere.
 2015-07-24 16:33:05 -07:00
Jacob Hoffman-Andrews 9423467142 Switch to our own fork of go-jose. 
This is the result of `godep save -r ./...` and
`git rm -r -f Godeps/_workspace/src/github.com/square`

Our fork is currently at the head of go-jose when Richard made the local nonce
changes, with the nonce changes added on top. In other words, the newly created
files are exactly equal to the deleted files.

In a separate commit I will bring our own go-jose fork up to the remote head,
then update our deps.

Also note: Square's go-jose repo contains a `cipher` package. Since we don't
make any changes to that package, we leave it imported as-is.
 2015-07-24 14:39:00 -07:00
Jacob Hoffman-Andrews 620a012c62 Rewrite go-jose dependencies to our fork. 2015-07-24 14:16:01 -07:00
Roland Shoemaker 7f5da3b8bc Merge pull request #521 from letsencrypt/remove_v 
remove incorrect uses of %v, use specific verbs
 2015-07-24 13:00:29 -07:00
Jacob Hoffman-Andrews ec8d37eb21 Merge pull request #516 from letsencrypt/dns-config-refactor 
DNS config refactoring
 2015-07-24 12:57:28 -07:00
Jacob Hoffman-Andrews 8092b42dd6 Merge pull request #525 from letsencrypt/update-cfssl-nopkcs11 
Update cfssl to latest master.
 2015-07-24 11:56:51 -07:00
Jacob Hoffman-Andrews 194658f019 Update cfssl to latest master. 
This changes the default pkcs11 tag so pkcs11 is included by default.
This will let us remove -tags pkcs11 from our build scripts.
 2015-07-24 10:54:16 -07:00
Jeff Hodges 8975601d5e correct bodyStr->body 2015-07-23 17:41:15 -07:00
Jacob Hoffman-Andrews e1c1407aa8 Merge pull request #512 from letsencrypt/update-dns 
Update miekg/dns dependency
 2015-07-23 17:33:40 -07:00
Roland Shoemaker 3f129219dc Merge pull request #523 from letsencrypt/rm-mkcert 
Remove mkcert and mkcrl
 2015-07-23 17:22:05 -07:00
Jacob Hoffman-Andrews e3a62e12de Merge pull request #522 from letsencrypt/test_sh_comment 
fix first failure comment in test.sh
 2015-07-23 17:11:57 -07:00
Jacob Hoffman-Andrews 3a7635eb82 Merge pull request #513 from letsencrypt/fix-test-gofmt 
Fix gofmt test
 2015-07-23 17:10:18 -07:00
Jacob Hoffman-Andrews a7a92c67ca Merge pull request #510 from letsencrypt/log-csr 
Record initial application CSR.
 2015-07-23 17:09:39 -07:00
Jacob Hoffman-Andrews b082b552e4 Switch to \`go test ./...\` in test.sh 2015-07-23 16:59:41 -07:00
Jacob Hoffman-Andrews fb1d55245f Remove mkcrl and mkroot. 
These fail tests. Removing them allows us to run tests with
go test -tags pkcs11 ./...
 2015-07-23 16:56:51 -07:00
Jeff Hodges 77418e28d3 fix first failure comment in test.sh 
A better fix might be to fail earlier on when, say, go vet fails.
 2015-07-23 15:26:44 -07:00
Jacob Hoffman-Andrews d8ffa41d67 Remove backup logging in case of error. 
AuditObject already does this for us.
 2015-07-23 13:24:57 -07:00
Roland Shoemaker 9d02c1afad Merge pull request #518 from jcjones/rpm_build 
Support RPM builds for those who want them.
 2015-07-23 13:00:54 -07:00
J.C. Jones 79415f3fd1 Support RPM builds for those who want them. 2015-07-23 11:41:52 -07:00