letsencrypt / boulder / 13368 / 7
66%
master: 66%

LAST BUILD BRANCH: ocsp-fail-stops-issuances
DEFAULT BRANCH: master
Ran
Files 110
Run time 18s
Badge
Embed ▾
README BADGES
x

If you need to use a raster PNG badge, change the '.svg' to '.png' in the link

Markdown

Textile

RDoc

HTML

Rst
coverage: 65.292% (+0.003%) from 65.289%
TESTFLAGS="--coverage" CONTAINER="netaccess"

push

travis-pro

web-flow 
Adding support for multiple issuers to publisher (#5272)

Publisher currently loads a PEM formatted certificate bundle from file
using LoadCertBundle a utility function in the core package.
LoadCertBundle parses the PEM file to a slice of x509.Certificates and
returns them to boulder-publisher (without checking validity). Using
these x509 Certificates, boulder-publisher to construct an ASN1Cert
bundle. This bundle is passed to each new publisher instance. When
publisher receives a request it unconditionally appends this bundle to
each end-entity precertificate for submission to CT logs.

This change augments this process to add support for multiple issuers
using the IssuerNameID concept in the Issuance package. Config field
Common.CT.CertificateBundleFilename has been replaced with the Chains
field. LoadChain, a utility function added in PR #5271, loads and
validates the chain (which nets us some added deploy-time safety) before
returning it to boulder-publisher. Using these x509 Certificates,
boulder-publisher constructs a mapping of IssuerNameID to ASN1Cert
bundle and passes this to each new publisher instance. When publisher
receives a request it determines the IssuerNameID of the precertificate
to select and append the correct ASN1Cert bundle for a given Issuer.

A followup issue #5269 has been created to address removal of the Common
field from the publisher configuration and code has been commented with
TODOs where code will need to be removed or refactored.

Fixes #1669

13394 of 20514 relevant lines covered (65.29%)

0.73 hits per line

Source Files on job 13368.7 (TESTFLAGS="--coverage" CONTAINER="netaccess")