letsencrypt
/
boulder
mirror of https://github.com/letsencrypt/boulder.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
boulder/linter
History
Phil Porada 347ccf8152
ca/linter: Port safety checks from ceremony tool (#7498) 
In https://github.com/letsencrypt/boulder/pull/7005 several safety
checks were added to the `ceremony` tool:

This change extracts the `RawSubject` to `RawIssuer` DER byte comparison
into the `//linter` package proper so that it can serve both `//ca` and
`//cmd/ceremony`.

Adds a helper function `verifyTBSCertificateDeterminism` to `//ca`
similar to an existing check in `//cmd/ceremony`. This code is not
shared because we want `//cmd/ceremony` to largely stand alone from
boulder proper. The helper performs a byte comparison on the
`RawTBSCertificate` DER bytes for a given linting certificate and leaf
certificate. The goal is to verify that `x509.CreateCertificate` was
deterministic and produced identical DER bytes after each signing
operation.

Fixes https://github.com/letsencrypt/boulder/issues/6965
 		2024-06-03 09:52:22 -04:00
..
lints CA: Remove deprecated crldpBase config (#7461) 2024-05-02 15:14:05 -07:00
linter.go ca/linter: Port safety checks from ceremony tool (#7498) 2024-06-03 09:52:22 -04:00
linter_test.go Refactor lint library for go1.17 support (#5513) 2021-07-09 10:29:10 -07:00