boulder icon indicating copy to clipboard operation
boulder copied to clipboard

verified publisher icon letsencrypt

Metadata

An ACME-based certificate authority, written in Go.

Results 421 boulder issues
Sort by recently updated
recently updated
newest added

Set transaction isolation levels explicitly for certain queries

Right now in our DSN configuration for certain components, we set `tx_isolation=READ-UNCOMMITTED`: - bad-key-revoker - notify-mailer - contact-auditor - cert-checker - expiration-mailer - admin-revoker That's because these make big queries...

jsha avatar jsha

Use docker multi-stage builds to improve updating our image to new go versions

1 comment

Should be a minor change, but will allow more sharing/cacheing of partial images and should improve build speed.

aarongable avatar aarongable

admin-revoker: add commands to create and enable incident tables

1 comment

We need a way to create a new incident table, the corresponding row in the incidents table, and to set/unset enabled=1, instead of doing it with manual SQL commands. And...

mcpherrinm avatar mcpherrinm

Create tool to streamline notifying subscribers of an incident

This idea came out of remediation for https://bugzilla.mozilla.org/show_bug.cgi?id=1838667 This will probably (but not necessarily) be implemented by adding functionality to the existing notify-mailer tool. Given: - The name of an...

aarongable avatar aarongable

CA: Add lint/check that leaf Issuer bytes match issuer's Subject bytes

2 comment

This idea came out of remediation for https://bugzilla.mozilla.org/show_bug.cgi?id=1838667 One of the x509 requirements is that every cert's Issuer field must be byte-for-byte identical to its issuer's Subject field. The go...

aarongable avatar aarongable

sa: implement retry of certain operations that we know are safe to retry

For instance, SELECT and BEGIN TRANSACTION are generally safe in our codebase to automatically retry. We sometimes get errors from the database driver level that the driver does not know...

jsha avatar jsha

CLI tool to update registration contact

5 comment

CAs occasionally get GDPR/CCPA/similar requests to delete personal data, including email addresses. For handling these requests, it would be nice to have a CLI tool to modify a registration's contact...

jprenken avatar jprenken

ca: implement deep health check

1 comment

Discussing health checks with @beautifulentropy, I got nerd sniped and went down a rabbit hole. Here's a canned CA health check I came up with. ---- Set up softhsm2 ```...

pgporada avatar pgporada

bdns test: Expected B server to have non-zero lookup attempts

6 comment

Spotted [here](https://github.com/letsencrypt/boulder/actions/runs/4611958634/jobs/8152296945?pr=6793) while running tests for the [go 1.20.3 security release](https://github.com/letsencrypt/boulder/pull/6793), but I've seen this randomly pop up before only on Github CI. ``` --- FAIL: TestRotateServerOnErr (0.00s) dns_test.go:793: Expected...

pgporada avatar pgporada

Move bJSONWebSignature and constructor from wfe2 into a new package

The problem we want to solve here is, "Do we know where the bJSONWebSignature came from?" There's still going to be a potential mutability issue. Relates to https://github.com/letsencrypt/boulder/pull/6860

pgporada avatar pgporada

Metadata

5.0k
Stars
585
Forks
Watchers

Owner

verified publisher icon letsencrypt

Metadata

An ACME-based certificate authority, written in Go.

Back