boulder

boulder copied to clipboard

Add a new "OmitShortLivedRevocation" feature flag. When this flag is enabled in the CA, reset the AIA OCSP URL to be nil. Fixes https://github.com/letsencrypt/boulder/issues/7673 DO NOT MERGE: we're not yet...

aarongable

When creating an authorization, populate it with all challenges appropriate for that challenge type, regardless of whether those challenge types are currently "enabled" in the config. This ensures that authorizations...

aarongable

- [ ] Remove `if wfe.limiter == nil && wfe.txnBuilder == nil` in `checkNewAccountLimits` and `checkNewOrderLimits` WFE methods. - [ ] Remove `if ra.limiter == nil && ra.txnBuilder == nil`...

beautifulentropy

aarongable

Prepare for Ballot SC-067 v3 (MPIC)

2

Assuming the v3 ballot passes, we should add the following changes to Boulder to ease compliance: These first two implement logging requirement 5.4.1(7), which becomes effective March 15, 2025: -...

mcpherrinm

aarongable

Per MPIC ballot, we should record this explicitly in audit logs. We need to make sure that we can distinguish between a positive failure from an RVA versus not waiting...

mcpherrinm

Add zlint lints based on our specific CP/CPS

9

We do pre-issuance linting using zlint to ensure that we are compliant with the baseline requirements and various root program requirements. As [Bug 1715455](https://bugzilla.mozilla.org/show_bug.cgi?id=1715455) shows, it is possible to still...

aarongable

Add CAA presence/validity information to ValidationRecords

17

Since this is important information about an authorization.

rolandshoemaker

test/certs/generate.sh: should regenerate when new service names are added

1

After a recent pull, I was getting errors running the integration tests because `test/certs/ipki/sfe.boulder/` didn't exist. That's because `sfe.boulder` was recently added to the list of services, but `generate.sh` doesn't...

jsha