boulder
boulder copied to clipboard
letsencrypt
An ACME-based certificate authority, written in Go.
Currently we build and release boulder-tools manually using test/boulder-tools/tag_and_upload.sh. But we should automate that process to ensure builds are always made reproducibly and from a clean state. That would also...
Our Boulder configs have some fields that are required, and some that have defaults. We should encode these things in our config structs in a systematic way, using [struct tags](https://go.dev/ref/spec#Struct_types)....
After updating to current boulder, my ocsp stapling tests fail. Reason being that the openssl client fails with `Verification error: unable to get local issuer certificate`. I am giving the...
For each challenge in our database that gets validated, we store a ValidationRecord. This isn't for audit purposes (we have logs for that), but to help clients debug beyond what's...
Removing ACME v1 will open the door to a variety of cleanups that can be done but aren't strictly part of the removal itself -- for example, removing gRPC methods...
The process of creating a new hot fix release is entirely manual and prone to human error. This script automates a fair bit of the process and includes detailed instructions...
In https://github.com/letsencrypt/boulder/pull/6008 we're adding some logging to track how often TLS 1.0 / 1.1 are used during validation. Once we've fully removed support, we should remove that code.
From some proof of concept tests, we could save ~30% on memory requirements for storing OCSP responses in Redis if we compress the responses using the compress/flate package.
Config key `purgeInterval` is deprecated. Once this key has been removed from all staging and production configs we can remove all relevant codepaths (see comments `TODO(#6003)`) from the akamai-purger.
We don't want to have two different revocation codepaths sitting around longer than we have to. Once we've made the policy decision to turn on the MozRevocationReasons flag everywhere, we...
Metadata
Owner
Metadata
An ACME-based certificate authority, written in Go.