Jacob Hoffman-Andrews

icon indicating a website link https://jacob.hoffman-andrews.com/ icon indicating an email [email protected]

icon location EFF staffer working on @letsencrypt and other open source projects.

Results 272 issues of Jacob Hoffman-Andrews

Review metrics overall for excessive cardinality

Database performance improvements for bad-key-revoker

This allows the bad-key-revoker to do most of its work against a read-only replica. The only thing it needs a writable database for is `UPDATE blockedKeys SET extantCertificatesChecked = true...

Increment stat on failure to get CT log info

2 comment

If there's an error getting info for a CT log, we can hit this error case: https://github.com/letsencrypt/boulder/blob/4205400a98c8285cccd478cb99e044d75f48e36d/ctpolicy/ctpolicy.go#L96-L100 This can happen, for instance, if we need to write to a temporal...

Send email notifications when a new account issues for an FQDN you've previously issued for

1 comment

If account _A_ regularly issues for FQDN _N_, and then account _B_ issues for _N_, we'd like for account _A_ to get an email notification. Most of the time this...

Use structured database for audit logs

Right now we use syslog to process our audit logs, and store them on disk as unstructured log lines. It would be nice to store them in structured DB tables...

Implement account pausing

As discussed in https://community.letsencrypt.org/t/possible-new-feature-paused-acme-accounts/148364, it's desirable to turn off accounts that have been sending failed orders, and no good orders, for a long time. This ticket tracks the necessary work....

Fix deprecation warnings for subjects() in tests

5 comment

Followup to https://github.com/rustls/rustls/pull/1064#issuecomment-1168462184

Adding more Debug implementations

3 comment

According to the Rust API Guidelines: > [All public types implement Debug (C-DEBUG)](https://rust-lang.github.io/api-guidelines/debuggability.html#all-public-types-implement-debug-c-debug) > If there are exceptions, they are rare. (One notable exception here: we must make sure Debug...

verify: end entity certificate is parsed twice

3 comment

When verifying a handshake, webpki::EndEntityCert::try_from is called twice: https://github.com/rustls/rustls/blob/2673750e0f718656708129f58c93771d9dcc7172/rustls/src/verify.rs#L483 https://github.com/rustls/rustls/blob/2673750e0f718656708129f58c93771d9dcc7172/rustls/src/verify.rs#L744 This is inherent to the API: ``` fn verify_server_cert( &self, end_entity: &Certificate, intermediates: &[Certificate], server_name: &ServerName, scts: &mut dyn Iterator,...

documentation links to `internals` for enums

4 comment

At https://docs.rs/rustls/latest/rustls/server/struct.ClientHello.html#method.signature_schemes, the `SignatureScheme` type links to [rustls::internal::msgs::enums::SignatureScheme](https://docs.rs/rustls/0.20.4/rustls/internal/msgs/enums/enum.SignatureScheme.html). This is the same type as [rustls::SignatureScheme](https://docs.rs/rustls/0.20.4/rustls/enum.SignatureScheme.html), but exported under a different name. The `internals` version of this name is exported here:...