boulder
boulder copied to clipboard
letsencrypt
An ACME-based certificate authority, written in Go.
For incident response, it can be useful to revoke (set `status = 4`) either pending or already-finalized Authorizations. We should look into what it would take for admin-revoker to be...
boulder should always issue certificates with the "must staple OCSP response" X.509 extension (aka "TLS features, [RFC 7633](https://datatracker.ietf.org/doc/html/rfc7633)) if a `must-staple=true` parameter is present for the [CAA record](https://datatracker.ietf.org/doc/html/rfc8659) corresponding to...
Use an non-wrapped sql.Db client to iterate over results and return them on a channel.
It is the last remaining interface in `//core/interfaces.go`; there's no need to keep that file around or to keep the interface in that package any longer.
Many of GRPC methods perform some amount of request validation and then immediately construct requests to be dispatched to other component via an inner GRPC client. When one of these...
For example, in a scenario like this: Account A issues a cert for a DNS name Z Account B issues a cert for DNS name Z Notify Account A (after...
We currently use ProxySQL in production but have yet to backport this change into our dev (docker) stack.
https://github.com/letsencrypt/boulder/blob/1bed7405757fa283a14e5cb7a58236113c485c88/sa/model.go#L56-L64 This code path is hot, and the data here is not changing per ID that often. We can also deal with stale data here as well. Caching this is...
Most of the components for a dev container are already in place. The main things that we'd need for a dev container are: 1. Probably only one of each component...
It would be useful to know how many rps per core an ocsp-responder can serve, if it's not limited by its datastore performance. To do that, I propose to stand...
Metadata
Owner
Metadata
An ACME-based certificate authority, written in Go.