boulder

boulder copied to clipboard

jsha

An [incident from earlier this year](https://bugzilla.mozilla.org/show_bug.cgi?id=1705419) drives home the fact that no certificate linting library is perfect, and that simply counting on one library to enforce all requirements still provides...

aarongable

- Automates the existing release process - Automates the emergency release process - Automates the break-glass (github is hard down) release process: - Produce file containing the contents of a...

beautifulentropy

```go func checkJWSAuthType(jws *jose.JSONWebSignature) (jwsAuthType, *probs.ProblemDetails) { // checkJWSAuthType is called after parseJWS() which defends against the // incorrect number of signatures. header := jws.Signatures[0].Header ``` This is an anti-pattern:...

aarongable

- Make it a struct in SA - Use reflect to create a method that returns the fields in slice - Use the above method to validate that core.CertificateStatus is...

beautifulentropy

This allows the bad-key-revoker to do most of its work against a read-only replica. The only thing it needs a writable database for is `UPDATE blockedKeys SET extantCertificatesChecked = true...

jsha

Increment stat on failure to get CT log info

2

If there's an error getting info for a CT log, we can hit this error case: https://github.com/letsencrypt/boulder/blob/4205400a98c8285cccd478cb99e044d75f48e36d/ctpolicy/ctpolicy.go#L96-L100 This can happen, for instance, if we need to write to a temporal...

jsha

Send email notifications when a new account issues for an FQDN you've previously issued for

1

If account _A_ regularly issues for FQDN _N_, and then account _B_ issues for _N_, we'd like for account _A_ to get an email notification. Most of the time this...

jsha

Right now we use syslog to process our audit logs, and store them on disk as unstructured log lines. It would be nice to store them in structured DB tables...

jsha

As discussed in https://community.letsencrypt.org/t/possible-new-feature-paused-acme-accounts/148364, it's desirable to turn off accounts that have been sending failed orders, and no good orders, for a long time. This ticket tracks the necessary work....

jsha