notmain

package

v0.0.0-...-57a4995 Latest Latest Go to latest Published: Apr 25, 2024 License: MPL-2.0 Imports: 18 Imported by: 0

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/letsencrypt/boulder

Links

Open Source Insights

Documentation ¶

Index ¶

type Config

Constants ¶

This section is empty.

Variables ¶

This section is empty.

Functions ¶

This section is empty.

Types ¶

type Config ¶

type Config struct {
	CA struct {
		cmd.ServiceConfig

		cmd.HostnamePolicyConfig

		GRPCCA *cmd.GRPCServerConfig

		SAService *cmd.GRPCClientConfig

		// Issuance contains all information necessary to load and initialize issuers.
		Issuance struct {
			// The name of the certificate profile to use if one wasn't provided
			// by the RA during NewOrder and Finalize requests. Must match a
			// configured certificate profile or boulder-ca will fail to start.
			DefaultCertificateProfileName string `validate:"omitempty,alphanum,min=1,max=32"`

			// TODO(#7414) Remove this deprecated field.
			// Deprecated: Use CertProfiles instead. Profile implicitly takes
			// the internal Boulder default value of ca.DefaultCertProfileName.
			Profile issuance.ProfileConfig `validate:"required_without=CertProfiles,structonly"`

			// One of the profile names must match the value of
			// DefaultCertificateProfileName or boulder-ca will fail to start.
			CertProfiles map[string]issuance.ProfileConfig `validate:"dive,keys,alphanum,min=1,max=32,endkeys,required_without=Profile,structonly"`

			// TODO(#7159): Make this required once all live configs are using it.
			CRLProfile   issuance.CRLProfileConfig `validate:"-"`
			Issuers      []issuance.IssuerConfig   `validate:"min=1,dive"`
			IgnoredLints []string
		}

		// How long issued certificates are valid for.
		Expiry config.Duration

		// How far back certificates should be backdated.
		Backdate config.Duration

		// What digits we should prepend to serials after randomly generating them.
		SerialPrefix int `validate:"required,min=1,max=127"`

		// MaxNames is the maximum number of subjectAltNames in a single cert.
		// The value supplied MUST be greater than 0 and no more than 100. These
		// limits are per section 7.1 of our combined CP/CPS, under "DV-SSL
		// Subscriber Certificate". The value must match the RA and WFE
		// configurations.
		MaxNames int `validate:"required,min=1,max=100"`

		// LifespanOCSP is how long OCSP responses are valid for. Per the BRs,
		// Section 4.9.10, it MUST NOT be more than 10 days. Default 96h.
		LifespanOCSP config.Duration

		// LifespanCRL is how long CRLs are valid for. It should be longer than the
		// `period` field of the CRL Updater. Per the BRs, Section 4.9.7, it MUST
		// NOT be more than 10 days.
		// Deprecated: Use Config.CA.Issuance.CRLProfile.ValidityInterval instead.
		LifespanCRL config.Duration `validate:"-"`

		// GoodKey is an embedded config stanza for the goodkey library.
		GoodKey goodkey.Config

		// Maximum length (in bytes) of a line accumulating OCSP audit log entries.
		// Recommended to be around 4000. If this is 0, do not perform OCSP audit
		// logging.
		OCSPLogMaxLength int

		// Maximum period (in Go duration format) to wait to accumulate a max-length
		// OCSP audit log line. We will emit a log line at least once per period,
		// if there is anything to be logged. Keeping this low minimizes the risk
		// of losing logs during a catastrophic failure. Making it too high
		// means logging more often than necessary, which is inefficient in terms
		// of bytes and log system resources.
		// Recommended to be around 500ms.
		OCSPLogPeriod config.Duration

		// Path of a YAML file containing the list of int64 RegIDs
		// allowed to request ECDSA issuance
		ECDSAAllowListFilename string

		// CTLogListFile is the path to a JSON file on disk containing the set of
		// all logs trusted by Chrome. The file must match the v3 log list schema:
		// https://www.gstatic.com/ct/log_list/v3/log_list_schema.json
		CTLogListFile string

		// CRLDPBase is the piece of the CRL Distribution Point URI which is common
		// across all issuers and shards. It must use the http:// scheme, and must
		// not end with a slash. Example: "http://prod.c.lencr.org".
		// TODO(#7296): Remove this fallback once all configs have issuer.CRLBaseURL
		CRLDPBase string `validate:"omitempty,url,startswith=http://,endsnotwith=/"`

		// DisableCertService causes the CertificateAuthority gRPC service to not
		// start, preventing any certificates or precertificates from being issued.
		DisableCertService bool
		// DisableCertService causes the OCSPGenerator gRPC service to not start,
		// preventing any OCSP responses from being issued.
		DisableOCSPService bool
		// DisableCRLService causes the CRLGenerator gRPC service to not start,
		// preventing any CRLs from being issued.
		DisableCRLService bool

		Features features.Config
	}

	PA cmd.PAConfig

	Syslog        cmd.SyslogConfig
	OpenTelemetry cmd.OpenTelemetryConfig
}

Source Files ¶

View all Source files

main.go

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL