letsencrypt
/
boulder
mirror of https://github.com/letsencrypt/boulder.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
boulder/ca
History
Aaron Gable 7f49867ae9
Truncate ocsp thisUpdate to the minute, not the hour (#7191) 
Truncating to the hour does not provide any meaningful protection
against signature preimage attacks, and can cause the thisUpdate and
producedAt fields to differ by up to 59 minutes from each other.
Instead, truncate to the minute, to match how x/crypto/ocsp sets the
producedAt field.

Fixes https://github.com/letsencrypt/boulder/issues/7190
 		2023-12-08 11:48:14 -08:00
..
proto Finish migration from int64 timestamps to timestamppb (#7142) 2023-11-27 13:37:31 -08:00
testdata Deprecate 10 feature flags (#6502) 2022-11-14 09:24:50 -08:00
ca.go Finish migration from int64 timestamps to timestamppb (#7142) 2023-11-27 13:37:31 -08:00
ca_test.go Remove config live reloader package (#7112) 2023-10-26 16:06:31 -04:00
crl.go Finish migration from int64 timestamps to timestamppb (#7142) 2023-11-27 13:37:31 -08:00
crl_test.go Finish migration from int64 timestamps to timestamppb (#7142) 2023-11-27 13:37:31 -08:00
ecdsa_allow_list.go Remove config live reloader package (#7112) 2023-10-26 16:06:31 -04:00
ecdsa_allow_list_test.go Remove config live reloader package (#7112) 2023-10-26 16:06:31 -04:00
ocsp.go Truncate ocsp thisUpdate to the minute, not the hour (#7191) 2023-12-08 11:48:14 -08:00
ocsp_test.go ca: remove orphan queue code (#7025) 2023-08-02 16:04:28 -07:00