boulder

Commit Graph

Author	SHA1	Message	Date
Jeff Hodges	2746260194	update cfssl mostly for the Subject.SerialName Resolves a blocker for #1477	2016-02-10 17:14:41 -08:00
Ricardo Padilha	ad7e2cc5fe	Merge branch 'master' into master	2016-02-10 12:46:53 -02:00
Hugo Landau	d21f6e3d21	Update vendorized cfssl (OCSP extension support) Since CFSSL now supports OCSP extensions, it should be updated in preparation for OCSP SCT stapling. Also updates CFSSL dependency golang.org/x/crypto, including golang.org/x/crypto/ocsp. Mocks updated to reflect interface change in cfssl.	2016-02-07 12:14:59 +00:00
Ricardo Padilha	68bcee105c	publicsuffix: update table to latest list from publicsuffix.org on 2016-01-30 This update comes from this lineage: - https://github.com/publicsuffix/list: 24caf4f72bf42a87559685e7211796c94855a90c - https://go-review.googlesource.com/#/c/19140/: 6c581b96a7d38dd755f986fcf4f29665597694c0 - https://github.com/letsencrypt/net: 7eb31e4ef6d2609d3ef5597cbc65cb68c8027f62 Changelog: - Godeps.json: replaced commit id with 7eb31e4 - _workspace/src/...suffix/table.go: copied from letsencrypt/net@7eb31e4	2016-02-04 08:08:24 -08:00
Marcin Walas	77b771c81e	Update publicsuffix dependency	2016-01-21 10:45:12 +01:00
Brett Hoerner	3d7413ae41	Fix invalid Godeps.json	2016-01-11 09:08:17 -06:00
Jeff Hodges	116ce96326	add retries and context deadlines to DNSResolver This provides a means to add retries to DNS look ups, and, with some future work, end retries early if our request deadline is blown. That future work is tagged with #1292. Updates #1258	2016-01-04 14:59:10 -08:00
Jacob Hoffman-Andrews	8eb6dbae98	Update cfssl to e32101. Ran tests with: cd $GOPATH/src/github.com/cloudflare/cfssl go test ./... All tests passed.	2016-01-04 14:16:52 -08:00
Jeff Hodges	bce554a270	correct publicsuffix import in RA And remove the incorrectly vendorized code from Godeps.	2015-12-17 12:59:15 -08:00
Jacob Hoffman-Andrews	bfd2b075fb	Update publicsuffix to latest master.	2015-12-11 11:14:27 -08:00
Jeff Hodges	073121f724	update letsencrypt/go-safe-browsing-api This should reduce our timeout problem in the VA by not locking out IsListed requests while the GSB file IO, and looping is occuring. These changes came in at https://github.com/letsencrypt/go-safe-browsing-api/pull/2 (also added to the upstream at https://github.com/rjohnsondev/go-safe-browsing-api/pull/15). Fixes #1253	2015-12-10 14:44:25 -08:00
Jacob Hoffman-Andrews	f008c46a77	Run godep update and godep save -r. Also, remove cache-control code from ocsp-responder, since caching headers are now handled in cfssl.	2015-11-20 16:48:43 -08:00
Jacob Hoffman-Andrews	cb2f7bc057	Update cfssl to latest master. Pulls in: Omit empty qualifiers in Certificate Policies. cloudflare/cfssl#431 Set caching headers in OCSP responder cloudflare/cfssl#425 Remove extraneous debugging statement. cloudflare/cfssl#423	2015-11-20 14:06:15 -08:00
Jacob Hoffman-Andrews	47e502bf35	Update miekg/dns to latest master. Fixes https://github.com/letsencrypt/boulder/issues/1176	2015-11-20 10:35:29 -08:00
Richard Barnes	604f629957	Update to latest go-jose	2015-11-18 21:37:33 -08:00
Richard Barnes	8f6a95f9a8	Update go-jose	2015-11-17 13:50:17 -08:00
Jeff Hodges	7bd22352ba	fix le fork of go-jose again	2015-11-13 14:48:05 -08:00
Jeff Hodges	d84f2e3c32	add Godeps for Google Safe Browsing PR This is for making PR #1093 smaller. Updates #1058	2015-11-05 17:27:55 -08:00
Jeff Hodges	bb27f3baee	godep update github.com/letsencrypt/go-jose This is like #1103 which was for #1058. It includes the deletion of test files owing to tools/godep/312 but is fine since we don't use them.	2015-11-05 16:43:15 -08:00
Jacob Hoffman-Andrews	040e617807	Fix sha1's for vendorized CFSSL deps. Previously our Godeps listed a sha1 that pointed at a merge commit existing only on the Let's Encrypt fork of CFSSL, making it impossible to do a godep save if you didn't have a copy of that fork available out in $GOPATH/src/github.com/cloudflare/cfssl (e.g. via multiple remotes). This change updates that sha1 to the corresponding merge commit that exists in the upstream CFSSL.	2015-11-05 15:46:18 -08:00
Jacob Hoffman-Andrews	7f80c07e58	Update publicsuffix to latest. Fixes https://github.com/letsencrypt/boulder/issues/1090 Part of https://github.com/letsencrypt/boulder/issues/1058	2015-11-04 16:46:46 -08:00
Jacob Hoffman-Andrews	194e421931	Add reconnects in AMQP.	2015-10-27 19:54:54 -07:00
Jacob Hoffman-Andrews	734b85ecd1	Update publicsuffix to latest. Pulls in https://github.com/letsencrypt/net/pull/2, which fixes https://github.com/letsencrypt/boulder/issues/1010. Updating vendorized deps means running tests. I ran this and it passed: cd ~/go/packages/src/github.com/letsencrypt/net/ go test ./publicsuffix/	2015-10-20 12:37:31 -07:00
Jacob Hoffman-Andrews	a95c300d8b	Switch to using publicsuffix package. This has two advantages: - Fixes #901 - Reduces number of allocations and copies for methods that used the previous public suffix code.	2015-10-12 16:32:35 -07:00
Jacob Hoffman-Andrews	903f39508e	Vendorize publicsuffix.	2015-10-04 21:04:29 -07:00
Roland Shoemaker	2d0dee4ce1	Daemonize the OCSP updater tool so we are constantly updating OCSP responses. also moves the first OCSP responses generation from the CA to the OCSP updater. This patch lays the ground work for moving CT submission and adding CT backfill to the OCSP updater.	2015-10-01 16:36:51 -07:00
Jeff Hodges	7a3d5ebb26	Merge branch 'master' into update-cfssl	2015-10-01 15:41:27 -07:00
Jacob Hoffman-Andrews	1975e417e0	Update CFSSL. This pulls in a few cfssl upstream fixes: cloudflare/cfssl#347: Fix CKA_ALWAYS_AUTHENTICATE check cloudflare/cfssl#344: Allow client to specify full serial. cloudflare/cfssl#340: OCSP doesn't include CA when unnecessary. This also updates boulder-ca to use the new full-serial API in CFSSL. I have run tests for cfssl and they pass: cd ~/go/packages/src/github.com/cloudflare/cfssl/ go test ./...	2015-10-01 13:45:59 -07:00
Roland Shoemaker	6f41cc9e39	Add issuance rate limiting based on total number of certificates issued in a window Since the issuance count requires a full table scan a RA process local cache of the count is kept and expired after 30 minutes.	2015-09-24 12:54:38 -07:00
Roland Shoemaker	91724296a8	Use facebooks gracefully shutting down HTTP server for WFE & OCSP-Responder	2015-09-21 20:43:38 -07:00
Jacob Hoffman-Andrews	d05b9b833f	Update cfssl to latest master. This pulls in the pkcs11key change from https://github.com/cloudflare/cfssl/pull/330, and updates the Boulder code to match. Note: This change overwrites the local changes to our vendored CFSSL made in https://github.com/letsencrypt/boulder/pull/784. That's intentional: The upstream changes in https://github.com/cloudflare/cfssl/pull/330 accomplish the same thing, more cleanly.	2015-09-20 20:44:44 -07:00
Richard Barnes	6391112f42	godep update golang.org/x/crypto/ocsp	2015-08-29 15:04:44 -04:00
Roland Shoemaker	98ac983df2	Vendor jmhodges/clock	2015-08-28 13:02:35 -07:00
Jacob Hoffman-Andrews	0e0f709cfe	Update CFSSL. This pulls in https://github.com/cloudflare/cfssl/pull/312, which fixes a bug that was causing us to generate not-yet-valid OCSP.	2015-08-19 22:05:05 -07:00
Jeff Hodges	f7ebed875c	update github.com/miekg/dns This is needed for the race condition that errors in our test suite on Go 1.5rc1 that was fixed in https://github.com/miekg/dns/pull/245	2015-08-13 14:50:58 -07:00
Richard Barnes	4aef1ad2fb	godep update golang.org/x/crypto/ocsp	2015-08-12 08:52:55 -07:00
Richard Barnes	48e6f45bf5	Updating go-jose to address panics	2015-07-30 13:45:19 -04:00
Richard Barnes	76a2e15958	Godep refresh after landing changes in github.com/letsencrypt/go-jose	2015-07-29 13:56:49 -04:00
Romain Fliedel	d115e5cb60	Resync with latest letsencrypt/go-jose to fix jwk encoding.	2015-07-28 16:25:30 +02:00
Jacob Hoffman-Andrews	9423467142	Switch to our own fork of go-jose. This is the result of `godep save -r ./...` and `git rm -r -f Godeps/_workspace/src/github.com/square` Our fork is currently at the head of go-jose when Richard made the local nonce changes, with the nonce changes added on top. In other words, the newly created files are exactly equal to the deleted files. In a separate commit I will bring our own go-jose fork up to the remote head, then update our deps. Also note: Square's go-jose repo contains a `cipher` package. Since we don't make any changes to that package, we leave it imported as-is.	2015-07-24 14:39:00 -07:00
Jacob Hoffman-Andrews	8092b42dd6	Merge pull request #525 from letsencrypt/update-cfssl-nopkcs11 Update cfssl to latest master.	2015-07-24 11:56:51 -07:00
Jacob Hoffman-Andrews	194658f019	Update cfssl to latest master. This changes the default pkcs11 tag so pkcs11 is included by default. This will let us remove -tags pkcs11 from our build scripts.	2015-07-24 10:54:16 -07:00
Roland Shoemaker	5b019f5ea8	Update miekg/dns dependency	2015-07-22 12:37:50 -07:00
Jacob Hoffman-Andrews	dd19f0a529	Update cfssl to latest master. Picks up fix for specifying User Notice policy qualifier. Specify user notice in test configs.	2015-07-02 19:36:50 -07:00
Roland Shoemaker	d462d0af43	Purge CAA parsing code, update miekg/dns dep	2015-06-19 18:53:00 +01:00
Jacob Hoffman-Andrews	05f04709e9	Update cfssl dependency to latest master Also, remove dependency on cfssl CLI binary, and transitive dependency cf-tls. These are no longer necessary now that we use the local signer. And the cf-tls dependency had drifted out of date, causing build issues when I updated cfssl to master.	2015-06-17 09:26:52 -07:00
Roland Shoemaker	0265b6f5d0	Merge upstream/master and fix conflicts	2015-06-10 12:43:11 -07:00
Jacob Hoffman-Andrews	d80d301447	Update latest CFSSL to pick up OCSP config.	2015-06-03 16:51:23 -07:00
Richard Barnes	c433da1a6f	Properly updating this time	2015-05-30 12:09:06 -04:00
Roland Shoemaker	b2f1dd82b6	vendor miekg/dns dependency	2015-05-27 20:49:58 +01:00

1 2

61 Commits