boulder

boulder copied to clipboard

Right now the crl-updater in continuous mode sets up each shard to update every N minutes. But we don't want all shards to update right away when crl-updater starts so...

jsha

`bad-key-revoker` should search for, and deactivate, existing ACME accounts that are using a compromised key as their account key. (`goodkey` already catches attempts to use an already-known compromised key when...

jprenken

database: Improve our approach to migrations that add or remove columns

1

Our approach to migrations that add or remove columns is documented at https://github.com/letsencrypt/boulder/blob/master/docs/CONTRIBUTING.md#gating-migrations. Right now that process isn't doing a good enough job ensuring the correctness of our code, as...

jsha

This new schema is designed for Vitess and for supporting profiles. Fixes https://github.com/letsencrypt/boulder/issues/7926 Fixes https://github.com/letsencrypt/boulder/issues/7715

aarongable

`ra.NewRegistrationAuthorityImpl` takes some arguments that are pointers, and could be nil (e.g. `limiter`). It currently does not return an `error`. We should add an `error` value, return errors when passed...

jprenken

Design goals: - authorizations can have profiles associated with them, so we can control cross-profile authorization reuse - tables should have a single primary key and no additional indices, to...

aarongable

The `ratelimits` package has excellent test coverage, but we have relatively few tests that check rate limit behaviour end-to-end. Let's add more cases to [`test/integration/ratelimit_test.go`](https://github.com/letsencrypt/boulder/blob/main/test/integration/ratelimit_test.go). For example, although [`ratelimits/transaction_test.go`](https://github.com/letsencrypt/boulder/blob/main/ratelimits/transaction_test.go) tests...

jprenken

# Background This isn't planned anytime soon, but something that was on my mind so I thought I'd record some notes. It would be nice to be able to build...

mcpherrinm

`wfe.NewOrder` refunds any increments to NewOrder rate limits if order creation fails (due to a reason other than rate limits). This behaviour is not currently unit tested, and should be.

jprenken

Tests in the `ratelimits` package were written against the combined `loadAndParse...` functions. Now that those functions' logic is being split up (e.g. #7869), the tests should be too.

jprenken