boulder

boulder copied to clipboard

grpc: Replace deprecated otelgrpc interceptors

4

This should stay in draft mode until [this upstream bug](https://github.com/open-telemetry/opentelemetry-go-contrib/issues/4575) is fixed. Fixes https://github.com/letsencrypt/boulder/issues/7235

pgporada

admin-revoker has the "private-key-block" and "private-key-revoke" subcommands, which take an on-disk private key as input, extract the corresponding public key, and revoke all certificates matching that public key's SPKI Hash...

aarongable

See https://github.com/letsencrypt/boulder/pull/7252#issuecomment-1889656409 for full context. Ignoring this lint is necessary as long as the integration test "setup six months ago" hits a date prior to 2023-09-15. Once we're past that...

aarongable

Proposal to Implement ACME "dns-account-01" Challenge in Boulder

8

### Description: I propose integrating the "dns-account-01" challenge into Boulder. This challenge introduces a novel method for domain control validation within the ACME protocol. ### Background: The "dns-account-01" challenge, in...

sheurich

Our current CT submission process is: - Randomly shuffle the list of log operators we submit to - Simultaneously kick off submission requests to logs operated by the first two...

aarongable

Recent [otelgrpc changes](https://github.com/letsencrypt/boulder/pull/7233) deprecate interceptors that we use throughout the [//grpc package](https://github.com/letsencrypt/boulder/tree/5972d43924a1e0ccc91c135bb3ad15dbe5dbc2bf/grpc). * `UnaryClientInterceptor` * `StreamClientInterceptor` * `UnaryServerInterceptor` * `StreamServerInterceptor` * `WithInterceptorFilter` Per documentation we should move away from these...

pgporada

For context, this issue came out of discussions surrounding #7218 and #7200. At current, the `policy` package, at the highest level, accomplishes two things: Determines whether a given domain or...

beautifulentropy

As usual, golangci-lint hasn't been updated to work in go1.22 yet, so we have to skip it when running tests against the go1.22 release candidates. https://github.com/letsencrypt/boulder/pull/7226 makes test.sh's lint checks...

aarongable

As of go1.22, you can say ``` for i := range 100 { ... } ``` This is exciting! We can change all of our `for i := 0; i...

aarongable

The CA is configured with a one-byte integer serial prefix, which it splats directly into the first byte of the serial it generates: https://github.com/letsencrypt/boulder/blob/eda6e4cb4a0ec4ebcd90812455abbd335c2289f2/cmd/boulder-ca/main.go#L48-L49 https://github.com/letsencrypt/boulder/blob/eda6e4cb4a0ec4ebcd90812455abbd335c2289f2/ca/ca.go#L328 The ocsp-responder is configured with...

aarongable