boulder
boulder copied to clipboard
letsencrypt
An ACME-based certificate authority, written in Go.
Right now we do end-to-end issuance testing with Certbot in a cron job, and analyze the resulting output to generate alerts. This has a few weaknesses: - The DNS challenge...
I believe there's a race condition involving compromised keys. Consider the following scenario: * A certificate issuance begins, and passes its final `goodkey`/`sa.KeyBlocked` check before signing. * A compromised key...
This change introduces a new config key `certProfiles` which contains a list of `profiles`. Each profile from `certProfiles` and `profile` are added to a map comprised of a human-readable name...
Add a new "certProfileName" field to the CA's gRPC services. This field is intended to pass an ACME client provided profile name from the RA into the CA. Part of...
Implement draft-ietf-acme-ari-02 changes to WFE newOrder: - Add a `replaces` field to the newOrder request object - Ensure that `replaces` values provided by subscribers are vetted according to the requirements...
This bug is an umbrella/tracking bug, acting as a one-stop-shop to see progress on the multiple sub-tasks necessary to achieve this 2024 OKR. Prerequisities: - [x] https://github.com/letsencrypt/boulder/issues/7309 Subtasks: - [x]...
Bumps [github.com/aws/aws-sdk-go-v2/service/s3](https://github.com/aws/aws-sdk-go-v2) from 1.48.0 to 1.49.0. Commits 4fd9126 Release 2024-02-13 d22cecd Regenerated Clients b640bf5 Update SDK's smithy-go dependency to v1.20.0 94e885c Update endpoints model b3a6cd7 Update API model 5f328e6 chore:...
![dependabot[bot] avatar](https://avatars.githubusercontent.com/in/29110?v=4 "dependabot[bot] avatar"){kind=avatar}
SendError accepting both a problem and an error has been flagged as being non-idiomatic and leads to adjacent code being written in a non-idiomatic fashion. This has been flagged in...
Add a profile field to the SA's NewOrder request object. Decide where to store it: a new column in the orders table? a new table? Add a profile field to...
This idea came out of remediation for https://bugzilla.mozilla.org/show_bug.cgi?id=1838667 Idea sketch: We should update the CAs configuration and in-memory structures to support multiple different profiles, each identified by a unique human-readable...
Metadata
Owner
Metadata
An ACME-based certificate authority, written in Go.