This is the result of `godep save -r ./...` and
`git rm -r -f Godeps/_workspace/src/github.com/square`
Our fork is currently at the head of go-jose when Richard made the local nonce
changes, with the nonce changes added on top. In other words, the newly created
files are exactly equal to the deleted files.
In a separate commit I will bring our own go-jose fork up to the remote head,
then update our deps.
Also note: Square's go-jose repo contains a `cipher` package. Since we don't
make any changes to that package, we leave it imported as-is.
This approach performs a best-effort generation of the first OCSP response during
certificate issuance. In the event that OCSP generation fails, it logs a warning at
the Boulder-CA console, but returns successfully since the Certificate was itself
issued.
- While testing PKCS11 support, caused an error in signing that provoked an empty OCSP response to be saved to the DB
- In fact, the response saved was 726573706F6E7365 which, in ASCII, is "response"
- Fix typo in GenerateOCSP at the same time
Previously an issuance failure would bubble up empty cert responses from
CA->RA->WFE, which would generate confusing "asn1 truncated sequence" errors.
Now we get an error indicating the RPC failed.
- NewPendingAuthorization now uses a core.Authorization object, so
that foreign key constraints are followed
- core.Authorization now serializes RegistrationID to JSON, so it has to get
blanked out in WFE before transmission to client.
- Remove ParsedCertificate from core.Certificate, as type x509.Certificate cannot
be marshaled.
- Added AssertDeepEquals and AssertMarhsaledEquals to test-tools.go
- Caught several overloaded and misleadingly named errors in WFE
- Implement MethodUpdateRegistration
- Add error logging to a lot of places it was missing
- Consolidate RevokeCertificate; we're doing it elsewhere anyway
- Fix erronous returns on RPC failures in several places
- Fix a bunch of typos in rpc-wrappers.go
- Unblank `id` in core.Registration JSON:
- It's not spec, but it's not hurting anything, and we reveal it to clients anyway.
- We need knowledge of the ID in RPC, so if we don't want to include this in the object, we need to make a transfer object to wrap it.
- Make the RPC logs much clearer as to who's talking to who
- Typo in WFE where we called a registration an authz
- Move dbMap construction and type converter into individual files in the sa package.
- Add DB configuration for the OCSP tool to the boulder config:
- left to the user if they want to use different boulder-config.json files
for different purposes.
- Added updater to Makefile
- Fix trailing ',' in the Boulder config, add more panic logging
- Ignore .pem files produced by the integration test
- Change RPC to use per-instance named reply-to queues.
- Finish OCSP Updater logic
- Rework RPC for OCSP to use a transfer object (due to serialization problems of x509.Certificate)
- Move setting the core.Registration.Key field from RA.NewRegistration to
WFE.NewRegistration to avoid a chicken-and-egg problem.
- Note: I kept the RPC wrapper object even though it now only has one field.
Seems like it's a good practice to use wrapper objects, even though we don't
everywhere.
- Auditing for general errors in executables
- Auditing for improper messages received by WFE
- Automatic audit wlogging of software errors
- Audit logging for mis-routed messages
- Audit logging for certificate requests
- Auditing for improper messages received by WFE
- Add audit events table
- Expect more details in TestRegistration in web-front-end_test.go
- Remove "extra" debug details from web-front-end.go per Issue #174
- Improve test coverage of web-front-end.go
- WFE audit updates for revocation support rebase
- Add audit messages to RPC for Improper Messages and Error Conditions
- Also note misrouted messages
Jacob Hoffman-Andrews
J.C. Jones
Roland Shoemaker
Richard Barnes
James 'J.C.' Jones