letsencrypt
/
boulder
mirror of https://github.com/letsencrypt/boulder.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
boulder/wfe/test
History
Patrick Figel 6ba8aadfd7 Use X.509 AIA Issuer URL in rel="up" link header (#2545) 
In order to provide the correct issuer certificate for older certificates after an issuer certificate rollover or when using multiple issuer certificates (e.g. RSA and ECDSA), use the AIA CA Issuer URL embedded in the certificate for the rel="up" link served by WFE. This behaviour is gated behind the UseAIAIssuerURL feature, which defaults to false.

To prevent MitM vulnerabilities in cases where the AIA URL is HTTP-only, it is upgraded to HTTPS.

This also adds a test for the issuer URL returned by the /acme/cert endpoint. wfe/test/178.{crt,key} were regenerated to add the AIA extension required to pass the test.

/acme/cert was changed to return an absolute URL to the issuer endpoint (making it consistent with /acme/new-cert).

Fixes #1663
Based on #1780
 		2017-02-07 11:19:22 -08:00
..
178.crt Use X.509 AIA Issuer URL in rel="up" link header (#2545) 2017-02-07 11:19:22 -08:00
178.key Use X.509 AIA Issuer URL in rel="up" link header (#2545) 2017-02-07 11:19:22 -08:00
238.crt Revoke by authorization (#2319) 2016-11-10 15:27:34 -08:00
238.key Enable revocation by account key. 2015-06-15 12:33:50 -07:00
not-an-example.com.crt Fix WFE test properly. 2015-09-11 13:17:18 -04:00