boulder

boulder copied to clipboard

Add pkilint to CI via custom zlint

5

Add a new "LintConfig" item to the CA's config, which can point to a zlint configuration toml file. This allows lints to be configured, e.g. to control the number of...

aarongable

config: Update minimum TLS version from 1.2 to 1.3

3

- Set the minimum TLS version used for communication with gRPC, Redis, and Unbound to 1.3. - Remove deprecated `SecurityVersion` setting in `clientTransportCredentials` and `serverTransportCredentials`, as grpc-go now depends on...

beautifulentropy

Add a new remoteva binary

2

* Adds a new `remoteva` binary that takes a distinct configuration from the existing `boulder-va` * Removed the `boulder-remoteva` name registration from `boulder-va`. * Existing users of `boulder-remoteva` must either...

pgporada

Issues with new admin tool

4

I've been testing out the new admin tool and have the following quality-of-life problems: Some are relatively straightforward tool fixes: * [x] #7358 * [x] #7357 * [x] #7460 Some...

mcpherrinm

There is a bug in [gopls](https://github.com/golang/go/issues/66876) that requires us to rebind the loop variable if/when we run subtests in parallel such as what I did in https://github.com/letsencrypt/boulder/pull/7438 and https://github.com/letsencrypt/boulder/pull/7452. Once...

pgporada

beautifulentropy

[pkilint](https://github.com/digicert/pkilint) is a newish linter which has a acquired a reputation of catching things that zlint doesn't. It is written in python, and very slow, so we don't want to...

aarongable

Split remote-va into separate implementation

1

When the RA makes a `PerformValidation` gRPC call to the VA, three things happen: 1) the VA kicks off remote validations by making `PerformValidation` gPRC calls to remote VAs 2)...

aarongable

Per the [BRs, Section 7.1.2.7.6](https://github.com/cabforum/servercert/blob/c4a34fe2292022e0a04ba66b5a85df75907ac2a2/docs/BR.md#71276-subscriber-certificate-extensions), the Subject Key Identifier extension is NOT RECOMMENDED for end-entity Subscriber certificates. This is because the SKID is mostly useful for path-building. It's important for...

aarongable

Bumps [go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp](https://github.com/open-telemetry/opentelemetry-go-contrib) from 0.46.1 to 0.50.0. Release notes Sourced from go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp's releases. Release v1.25.0/v0.50.0/v0.19.0/v0.5.0/v0.0.1 Added Implemented setting the cloud.resource_id resource attribute in go.opentelemetry.io/detectors/aws/ecs based on the ECS Metadata v4 endpoint....

dependabot[bot]