letsencrypt
/
boulder
mirror of https://github.com/letsencrypt/boulder.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
boulder/cmd
History
Roland Bracewell Shoemaker c5f99453a9 Switch CT submission RPC from CA -> RA (#2304) 
With the current gRPC design the CA talks directly to the Publisher when calling SubmitToCT which crosses security bounadries (secure internal segment -> internet facing segment) which is dangerous if (however unlikely) the Publisher is compromised and there is a gRPC exploit that allows memory corruption on the caller end of a RPC which could expose sensitive information or cause arbitrary issuance.

Instead we move the RPC call to the RA which is in a less sensitive network segment. Switching the call site from the CA -> RA is gated on adding the gRPC PublisherService object to the RA config.

Fixes #2202.
 		2016-11-08 11:39:02 -08:00
..
admin-revoker Reverts pending auth/authz table merge. (#2297) 2016-10-31 10:31:19 -07:00
boulder-ca Switch CT submission RPC from CA -> RA (#2304) 2016-11-08 11:39:02 -08:00
boulder-publisher Don't start DebugServer until server's ready. (#2271) 2016-10-21 16:57:14 -04:00
boulder-ra Switch CT submission RPC from CA -> RA (#2304) 2016-11-08 11:39:02 -08:00
boulder-sa Don't start DebugServer until server's ready. (#2271) 2016-10-21 16:57:14 -04:00
boulder-va Don't start DebugServer until server's ready. (#2271) 2016-10-21 16:57:14 -04:00
boulder-wfe Don't start DebugServer until server's ready. (#2271) 2016-10-21 16:57:14 -04:00
caa-checker Implements client whitelisting for gRPC. (#2307) 2016-11-08 13:57:34 -05:00
cert-checker Set feature flags in cert-checker (#2273) 2016-10-23 10:46:43 -07:00
contact-exporter Updates `go-jose` dep to v1.1.0 (#2314) 2016-11-08 13:56:50 -05:00
expiration-mailer Updates `go-jose` dep to v1.1.0 (#2314) 2016-11-08 13:56:50 -05:00
expired-authz-purger Reverts pending auth/authz table merge. (#2297) 2016-10-31 10:31:19 -07:00
notafter-backfill Adds `notafter-backfiller` cmd. (#2227) 2016-10-11 14:38:40 -07:00
notify-mailer Mailer reliability improvements (#2262) 2016-10-20 14:10:47 -04:00
ocsp-responder Don't start DebugServer until server's ready. (#2271) 2016-10-21 16:57:14 -04:00
ocsp-updater Don't start DebugServer until server's ready. (#2271) 2016-10-21 16:57:14 -04:00
orphan-finder Remove direct usages of go-statsd-client in favor of using metrics.Scope (#2136) 2016-09-07 19:35:13 -04:00
rabbitmq-setup Remove all stray copyright headers and appends the initial line to LICENSE.txt (#1853) 2016-05-31 12:32:04 -07:00
single-ocsp Improve single-ocsp command (#2181) 2016-09-15 15:28:54 -07:00
testdata Change `DBConfig`'s `URL` func to strip whitespace. (#2045) 2016-07-13 13:35:32 -07:00
clock_generic.go Switch to new vendor style (#1747) 2016-04-18 12:51:36 -07:00
clock_integration.go Switch to new vendor style (#1747) 2016-04-18 12:51:36 -07:00
config.go Switch CT submission RPC from CA -> RA (#2304) 2016-11-08 11:39:02 -08:00
config_test.go Change `DBConfig`'s `URL` func to strip whitespace. (#2045) 2016-07-13 13:35:32 -07:00
shell.go Add prometheus client. (#2293) 2016-10-28 16:13:41 -07:00
shell_test.go delete old challenge code 2015-12-10 15:41:40 -08:00