Skip to content

Commit

Permalink
Squashed commit of the following:
Browse files Browse the repository at this point in the history
commit e1165bba970713da395f6fbe7ff318ae8a63fb24
Merge: ce41e38e 21c13ab9
Author: Nicky Semenza <nicky@cloudflare.com>
Date:   Mon May 15 09:25:14 2023 -0700

    Merge pull request #1300 from cloudflare/dependabot/go_modules/golang.org/x/crypto-0.9.0

commit ce41e38ef579f4375baff57ffc816192f3842442
Merge: b2e0b850 7479ed6d
Author: Nicky Semenza <nicky@cloudflare.com>
Date:   Mon May 15 09:25:04 2023 -0700

    Merge pull request #1299 from cloudflare/dependabot/go_modules/github.com/stretchr/testify-1.8.2

commit 21c13ab91a1a408559bac83af8989423cc62cfce
Author: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Date:   Mon May 15 03:59:39 2023 +0000

    build(deps): bump golang.org/x/crypto from 0.8.0 to 0.9.0

    Bumps [golang.org/x/crypto](https://github.com/golang/crypto) from 0.8.0 to 0.9.0.
    - [Commits](https://github.com/golang/crypto/compare/v0.8.0...v0.9.0)

    ---
    updated-dependencies:
    - dependency-name: golang.org/x/crypto
      dependency-type: direct:production
      update-type: version-update:semver-minor
    ...

    Signed-off-by: dependabot[bot] <support@github.com>

commit 7479ed6d29ba27e8e26cb4aa270d18c777d07932
Author: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Date:   Mon May 15 03:59:26 2023 +0000

    build(deps): bump github.com/stretchr/testify from 1.8.0 to 1.8.2

    Bumps [github.com/stretchr/testify](https://github.com/stretchr/testify) from 1.8.0 to 1.8.2.
    - [Release notes](https://github.com/stretchr/testify/releases)
    - [Commits](https://github.com/stretchr/testify/compare/v1.8.0...v1.8.2)

    ---
    updated-dependencies:
    - dependency-name: github.com/stretchr/testify
      dependency-type: direct:production
      update-type: version-update:semver-patch
    ...

    Signed-off-by: dependabot[bot] <support@github.com>

commit b2e0b850df40f0e46d62258a32fcc0eece5f72d7
Merge: 9618eba9 f6cb3e8a
Author: Nicky Semenza <nicky@nickysemenza.com>
Date:   Fri May 12 14:09:17 2023 -0700

    Merge pull request #1290 from cloudflare/nicky/golang-cross-latest

commit 9618eba9b36427f80fa99e50c7af07a4cd4590ab
Merge: 7bcbc6d8 372ef3d8
Author: Nicky Semenza <nicky@cloudflare.com>
Date:   Fri May 12 10:28:07 2023 -0700

    Merge pull request #1295 from cloudflare/dependabot/go_modules/github.com/google/certificate-transparency-go-1.1.6

    build(deps): bump github.com/google/certificate-transparency-go from 1.1.4 to 1.1.6

commit 372ef3d8c256e7e423c4ddbe6b5650a36520313a
Author: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Date:   Fri May 12 17:12:34 2023 +0000

    build(deps): bump github.com/google/certificate-transparency-go

    Bumps [github.com/google/certificate-transparency-go](https://github.com/google/certificate-transparency-go) from 1.1.4 to 1.1.6.
    - [Release notes](https://github.com/google/certificate-transparency-go/releases)
    - [Changelog](https://github.com/google/certificate-transparency-go/blob/master/CHANGELOG.md)
    - [Commits](https://github.com/google/certificate-transparency-go/compare/v1.1.4...v1.1.6)

    ---
    updated-dependencies:
    - dependency-name: github.com/google/certificate-transparency-go
      dependency-type: direct:production
      update-type: version-update:semver-patch
    ...

    Signed-off-by: dependabot[bot] <support@github.com>

commit 7bcbc6d879cb8030a83bcc2ff23653ca019f172d
Merge: 0d872f60 04f6d3e0
Author: Nicky Semenza <nicky@cloudflare.com>
Date:   Fri May 12 10:11:55 2023 -0700

    Merge pull request #1297 from cloudflare/dependabot/go_modules/github.com/go-sql-driver/mysql-1.7.1

    build(deps): bump github.com/go-sql-driver/mysql from 1.6.0 to 1.7.1

commit 0d872f6073bcb65fb4c730d9f6b8c61421533c6c
Merge: 11796e14 be9f3a38
Author: Nicky Semenza <nicky@cloudflare.com>
Date:   Fri May 12 10:11:47 2023 -0700

    Merge pull request #1298 from cloudflare/dependabot/go_modules/github.com/lib/pq-1.10.9

    build(deps): bump github.com/lib/pq from 1.10.1 to 1.10.9

commit 11796e1478655e4f8618ea3d5875b98ed7f48526
Merge: c1cdc1bc bf9636a0
Author: Nicky Semenza <nicky@cloudflare.com>
Date:   Fri May 12 10:11:20 2023 -0700

    Merge pull request #1291 from ahrtr/bump_zlint_20230512

    bump github.com/zmap/zlint/v3  from 3.1.0 to 3.4.1

commit bf9636a01e88945b1b2fbae19b37d37a9b6a30fe
Author: Nicky Semenza <nicky@cloudflare.com>
Date:   Fri May 12 09:34:41 2023 -0700

    update lint test for bumped zlint

commit 4a5a64d7e29d14d2aa947cf377ffe166ccf57954
Author: Benjamin Wang <wachao@vmware.com>
Date:   Fri May 12 12:58:29 2023 +0800

    bump github.com/zmap/zlint/v3  from 3.1.0 to 3.4.1

    Signed-off-by: Benjamin Wang <wachao@vmware.com>

commit be9f3a384d4cfe0f00e54431bfb534c2889bb5ad
Author: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Date:   Fri May 12 16:07:32 2023 +0000

    build(deps): bump github.com/lib/pq from 1.10.1 to 1.10.9

    Bumps [github.com/lib/pq](https://github.com/lib/pq) from 1.10.1 to 1.10.9.
    - [Release notes](https://github.com/lib/pq/releases)
    - [Commits](https://github.com/lib/pq/compare/v1.10.1...v1.10.9)

    ---
    updated-dependencies:
    - dependency-name: github.com/lib/pq
      dependency-type: direct:production
      update-type: version-update:semver-patch
    ...

    Signed-off-by: dependabot[bot] <support@github.com>

commit 04f6d3e068bdc95b0c7b60911ff6f1760e1703f6
Author: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Date:   Fri May 12 16:07:05 2023 +0000

    build(deps): bump github.com/go-sql-driver/mysql from 1.6.0 to 1.7.1

    Bumps [github.com/go-sql-driver/mysql](https://github.com/go-sql-driver/mysql) from 1.6.0 to 1.7.1.
    - [Release notes](https://github.com/go-sql-driver/mysql/releases)
    - [Changelog](https://github.com/go-sql-driver/mysql/blob/master/CHANGELOG.md)
    - [Commits](https://github.com/go-sql-driver/mysql/compare/v1.6.0...v1.7.1)

    ---
    updated-dependencies:
    - dependency-name: github.com/go-sql-driver/mysql
      dependency-type: direct:production
      update-type: version-update:semver-minor
    ...

    Signed-off-by: dependabot[bot] <support@github.com>

commit c1cdc1bce69d276f492931ee02656c4187c569d6
Merge: 3e4a0601 03a86ea2
Author: Nicky Semenza <nicky@cloudflare.com>
Date:   Fri May 12 09:06:21 2023 -0700

    Merge pull request #1296 from cloudflare/dependabot/go_modules/github.com/jmoiron/sqlx-1.3.5

    build(deps): bump github.com/jmoiron/sqlx from 1.3.3 to 1.3.5

commit 3e4a06013525875ba40313220aaa0e0f571b528a
Merge: f37a685b e1d17772
Author: Nicky Semenza <nicky@cloudflare.com>
Date:   Fri May 12 09:00:23 2023 -0700

    Merge pull request #1293 from cloudflare/dependabot/github_actions/docker/build-push-action-4

    build(deps): bump docker/build-push-action from 3 to 4

commit f37a685b3e172e9d4f2aa4e5f6622f33afb94375
Merge: 58b12e72 e2461488
Author: Nicky Semenza <nicky@cloudflare.com>
Date:   Fri May 12 09:00:10 2023 -0700

    Merge pull request #1294 from cloudflare/dependabot/go_modules/github.com/prometheus/client_golang-1.15.1

    build(deps): bump github.com/prometheus/client_golang from 1.13.0 to 1.15.1

commit 03a86ea2cddbcb84900d462c6ac6597ddd883e95
Author: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Date:   Fri May 12 15:45:58 2023 +0000

    build(deps): bump github.com/jmoiron/sqlx from 1.3.3 to 1.3.5

    Bumps [github.com/jmoiron/sqlx](https://github.com/jmoiron/sqlx) from 1.3.3 to 1.3.5.
    - [Commits](https://github.com/jmoiron/sqlx/compare/v1.3.3...v1.3.5)

    ---
    updated-dependencies:
    - dependency-name: github.com/jmoiron/sqlx
      dependency-type: direct:production
      update-type: version-update:semver-patch
    ...

    Signed-off-by: dependabot[bot] <support@github.com>

commit 58b12e72ad7adc4429e26cb641eb9e9c7130e21a
Merge: 214bd576 5f34df79
Author: Nicky Semenza <nicky@cloudflare.com>
Date:   Fri May 12 08:45:53 2023 -0700

    Merge pull request #1289 from cloudflare/nicky/docker-arch

    fix architecture for docker builds

commit e2461488a140d0814d702b0a6746c962afc6ff44
Author: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Date:   Fri May 12 15:45:42 2023 +0000

    build(deps): bump github.com/prometheus/client_golang

    Bumps [github.com/prometheus/client_golang](https://github.com/prometheus/client_golang) from 1.13.0 to 1.15.1.
    - [Release notes](https://github.com/prometheus/client_golang/releases)
    - [Changelog](https://github.com/prometheus/client_golang/blob/main/CHANGELOG.md)
    - [Commits](https://github.com/prometheus/client_golang/compare/v1.13.0...v1.15.1)

    ---
    updated-dependencies:
    - dependency-name: github.com/prometheus/client_golang
      dependency-type: direct:production
      update-type: version-update:semver-minor
    ...

    Signed-off-by: dependabot[bot] <support@github.com>

commit e1d1777290871c186e482eaca1955569090c3b05
Author: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Date:   Fri May 12 15:45:34 2023 +0000

    build(deps): bump docker/build-push-action from 3 to 4

    Bumps [docker/build-push-action](https://github.com/docker/build-push-action) from 3 to 4.
    - [Release notes](https://github.com/docker/build-push-action/releases)
    - [Commits](https://github.com/docker/build-push-action/compare/v3...v4)

    ---
    updated-dependencies:
    - dependency-name: docker/build-push-action
      dependency-type: direct:production
      update-type: version-update:semver-major
    ...

    Signed-off-by: dependabot[bot] <support@github.com>

commit 214bd576c4dd15fded3e3bba8a0557fce7fac92b
Merge: 88bfcbf5 2b2dd1a7
Author: Nicky Semenza <nicky@cloudflare.com>
Date:   Fri May 12 08:45:11 2023 -0700

    Merge pull request #1292 from ahrtr/configure_dependabot_20230512

    configure dependabot

commit 2b2dd1a75a3972bc1e9b9101f6096088ff4143db
Author: Benjamin Wang <wachao@vmware.com>
Date:   Fri May 12 13:03:50 2023 +0800

    configure dependabot

    Signed-off-by: Benjamin Wang <wachao@vmware.com>

commit f6cb3e8a12c79fd074c0ef514aba1d25e0f73436
Author: Nicky Semenza <nicky@cloudflare.com>
Date:   Thu May 11 12:41:54 2023 -0700

    build pacakges with latest go

    disabling buildvcs for now, seems to be related to https://github.com/golang/go/issues/51253

commit 88bfcbf5e0fdbb6d8ddbb89e51618b0dc40bd9f5
Merge: 415a59e1 e9d07906
Author: Nicky Semenza <nicky@cloudflare.com>
Date:   Tue May 2 09:00:41 2023 -0700

    Merge pull request #1288 from kbdharun/master

    CI: bump actions version, fix node 12 deprecation warning

commit 5f34df79341ba7f3aa734926f7347078a02b2907
Author: Nicky Semenza <nicky@cloudflare.com>
Date:   Wed Apr 26 10:35:05 2023 -0700

    fix architecture for docker builds

    it seems that specifing the platform arg is not needed / incorrect for github actions: https://github.com/docker/build-push-action/issues/668#issuecomment-1213063705

    resolves #1287

commit e9d07906f1f5cf1a26fd1ffbe02747a4d7420e3c
Author: K.B.Dharun Krishna <kbdharunkrishna@gmail.com>
Date:   Fri Apr 28 11:53:13 2023 +0530

    go.yml: update actions/checkout to v3, actions/setup-go to v4

commit 76629b56e45ca81359a377d22485ff8f214bf364
Author: K.B.Dharun Krishna <kbdharunkrishna@gmail.com>
Date:   Fri Apr 28 11:50:46 2023 +0530

    snapshot.yml: update actions/checkout to v3

commit 415a59e18b98f13c65ae51baf07df40aa281c782
Merge: 908df500 636ddf8b
Author: Nicky Semenza <nicky@cloudflare.com>
Date:   Wed Apr 26 10:35:39 2023 -0700

    Merge pull request #1282 from patrickelectric/arm

commit 636ddf8b9e5073cd3ba80897edcbe7d6b11a8838
Author: Patrick José Pereira <patrickelectric@gmail.com>
Date:   Tue Apr 18 18:01:34 2023 -0300

    goreleaser: Add ARMv7 binaries

    Such boards are still available

    Signed-off-by: Patrick José Pereira <patrickelectric@gmail.com>

commit 908df500cbbd167cf4ad0e1766e7273a7c607c7c
Merge: b4d0d877 2fab338a
Author: Nicky Semenza <nicky@cloudflare.com>
Date:   Wed Apr 19 09:07:50 2023 -0700

    Merge pull request #1285 from cloudflare/nicky/goreleaser-action-snapshot

commit 2fab338a5e797b5992a8a0cd85f2fe36b58df26b
Author: Nicky Semenza <nicky@cloudflare.com>
Date:   Wed Nov 30 09:04:17 2022 -0800

    add workflow to run goreleaser snapshot

commit b4d0d877cac528f63db39dfb62d5c96cd3a32a0b
Merge: 6b3f2331 6e8b0316
Author: Nicky Semenza <nicky@cloudflare.com>
Date:   Tue Mar 28 08:57:26 2023 -0700

    Merge pull request #1277 from cloudflare/nicky/docker

    push images to github/docker container registry

commit 6e8b03168b08906a3e39b33f6779dfa9a9dab843
Author: Nicky Semenza <nicky@cloudflare.com>
Date:   Tue Mar 21 16:17:15 2023 -0700

    push images to github/docker container registry

    relates to #1265

commit 6b3f23319ae12650ddc738ef1e4176bd068fe3b2
Merge: a8697b2e cf63dcbf
Author: Nicky Semenza <nicky@cloudflare.com>
Date:   Tue Mar 21 16:16:15 2023 -0700

    Merge pull request #1267 from shahidhs-ibm/s390x-multiarch

    Add support to multi architecture docker image using github action

commit a8697b2ed5173a3c9d9391772c05dc2379482939
Merge: 4db924a7 51a7fa85
Author: Nicky Semenza <nicky@cloudflare.com>
Date:   Tue Mar 21 16:11:51 2023 -0700

    Merge pull request #1273 from ehershey/patch-2

    Make api intro.txt references links

commit 4db924a7ae723f8ae764e6adcae1e9207f1c1727
Merge: c5e40da6 fcde786e
Author: Nicky Semenza <nicky@cloudflare.com>
Date:   Wed Mar 8 09:56:25 2023 -0800

    Merge pull request #1274 from cloudflare/dependabot/go_modules/golang.org/x/net-0.7.0

    build(deps): bump golang.org/x/net from 0.2.0 to 0.7.0

commit fcde786e4e604306415c347527839d9179d6ab22
Author: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Date:   Sat Feb 18 03:23:06 2023 +0000

    build(deps): bump golang.org/x/net from 0.2.0 to 0.7.0

    Bumps [golang.org/x/net](https://github.com/golang/net) from 0.2.0 to 0.7.0.
    - [Release notes](https://github.com/golang/net/releases)
    - [Commits](https://github.com/golang/net/compare/v0.2.0...v0.7.0)

    ---
    updated-dependencies:
    - dependency-name: golang.org/x/net
      dependency-type: indirect
    ...

    Signed-off-by: dependabot[bot] <support@github.com>

commit 51a7fa85befb7cf5bf1bf5de84f06a9b44e9da4a
Author: Ernie Hershey <github@ernie.org>
Date:   Thu Feb 16 00:56:34 2023 -0500

    Make api intro.txt references links

commit cf63dcbff72726324f0370afa8bae0194a5681ad
Author: Shahid <shahid@us.ibm.com>
Date:   Tue Feb 7 14:08:43 2023 +0530

    Update Dockerfile

    Incorporating review comments https://github.com/cloudflare/cfssl/pull/1267#discussion_r1083943730 and https://github.com/cloudflare/cfssl/pull/1267#discussion_r1083963991

commit 8467879cdfaede36ab545bf873deb8497d41f3e5
Author: Shahid <shahid@us.ibm.com>
Date:   Tue Feb 7 14:05:24 2023 +0530

    Update Makefile

    Adding check before using `GOOS` and `GOARCH` variables in `go build` command. Ref. https://github.com/cloudflare/cfssl/pull/1267#discussion_r1083938333

commit b37103e9542a298ff32511a73298216a5e5c856e
Author: Shahid <shahid@us.ibm.com>
Date:   Tue Jan 10 19:27:54 2023 +0530

    Add support to multi architecture docker image using a github action

commit c5e40da603065e56dbb3c2c443609a855aa7d79c
Merge: 2ac5c8a1 1382f3b0
Author: Nicky Semenza <nicky@cloudflare.com>
Date:   Thu Dec 8 08:57:09 2022 -0800

    Merge pull request #1262 from thaJeztah/remove_go_net

commit 1382f3b0bd966cbf881250af13845a301a97e73a
Author: Sebastiaan van Stijn <github@gone.nl>
Date:   Thu Dec 8 02:50:50 2022 +0100

    remove use of obsolete golang.org/x/net/context package

    This package is an alias for "context", which has been part of
    stdlib since go1.7, so should no longer be needed.

    Signed-off-by: Sebastiaan van Stijn <github@gone.nl>

commit 2ac5c8a1c1eadac50649678e9d638b165a61a58f
Merge: 37715e73 fa8441a9
Author: Nicky Semenza <nicky@cloudflare.com>
Date:   Tue Dec 6 10:08:57 2022 -0800

    Merge pull request #1260 from linux-on-ibm-z/s390x-binary-enablement

    Binary enablement for s390x

commit fa8441a97a6f4d400230b7753b60755c256cf0e2
Author: Shahid Shaikh <shahid@us.ibm.com>
Date:   Wed Nov 30 03:51:47 2022 -0800

    Binary enablement for s390x

commit 37715e73dc6c71533a0c7381348239468b47dcb7
Merge: 123abe0b 39c4590c
Author: Nicky Semenza <nicky@cloudflare.com>
Date:   Tue Nov 29 08:46:16 2022 -0800

    Merge pull request #1259 from sonork/master

    Add linux/arm64 Build

commit 123abe0b8fdc0540b96b8f127d2ef73414491084
Merge: a4a432ba 00a28f65
Author: Nicky Semenza <nicky@cloudflare.com>
Date:   Wed Nov 23 09:05:34 2022 -0800

    Merge pull request #1187 from jonathanio/improve-ocspserve-ipv6-handling

    Improve IPv6 address handling in ocspserve

commit 39c4590c8a3a566d8ed437cdb4d118caf2fa6e38
Author: Michael Wiesenbauer <michael.wiesenbauer@ambos.io>
Date:   Wed Nov 23 09:16:30 2022 +0100

    add arm64 on all linux binaries

commit a4a432ba1e23ac001fdd90f26b43e7759549441e
Merge: cfd0e9ab 0eecfe20
Author: Nicky Semenza <nicky@cloudflare.com>
Date:   Tue Nov 22 09:12:34 2022 -0800

    Merge pull request #1257 from thaJeztah/remove_goutils

    transport/ca/localca: New(): return error instead of calling os.Exit(1), remove github.com/kisom/goutils/assert

commit c09440215f80f186550982193f92e3d8ff0263bb
Author: Michael Wiesenbauer <michael.wiesenbauer@ambos.io>
Date:   Tue Nov 22 12:13:28 2022 +0100

    remove docker socket volume mount

commit 4dd587dbb11450ba27db56af282e14675d06df57
Author: Michael Wiesenbauer <michael.wiesenbauer@ambos.io>
Date:   Tue Nov 22 12:12:04 2022 +0100

    remove privileged argument from docker runs

commit 540aeaf9efeb4e26912f87c06c8b97ac3d8fa035
Author: Michael Wiesenbauer <michael.wiesenbauer@ambos.io>
Date:   Mon Nov 21 13:20:42 2022 +0100

    remove external linker in linux builds

commit c383f2add921c88a23f39d292a8336900bea5e44
Author: Michael Wiesenbauer <michael.wiesenbauer@ambos.io>
Date:   Mon Nov 21 13:16:20 2022 +0100

    use cgo only in darwin builds

commit 24b3ec5c2f27d7edebf8dbea5b5955858220c5e4
Author: Michael Wiesenbauer <michael.wiesenbauer@ambos.io>
Date:   Mon Nov 21 11:13:36 2022 +0100

    use gythialy/golang-cross for snapshot builds

commit 188cfa4871a6883c202d500ced4711ad434e2a7d
Author: Michael Wiesenbauer <michael.wiesenbauer@ambos.io>
Date:   Mon Nov 21 10:08:03 2022 +0100

    include linux/arm64 in builds

commit 0eecfe207f46635217e1e543e5638c9e88cad3db
Author: Sebastiaan van Stijn <github@gone.nl>
Date:   Sun Nov 20 12:41:54 2022 +0100

    transport/ca/localca: remove uses of deprecated io/ioutil

    Using their replacements instead. Also making use of t.TempDir(),
    to let Go's testing take care of cleaning up.

    Signed-off-by: Sebastiaan van Stijn <github@gone.nl>

commit b069c865435fd29bc93168a6832c3364b17a2147
Author: Sebastiaan van Stijn <github@gone.nl>
Date:   Sun Nov 20 12:34:12 2022 +0100

    transport/ca/localca: remove unused testGenerateKeypair utility

    This was added in 56dfed7c82597110116d549dc1c990a5e24d1db7, but never
    used.

    Signed-off-by: Sebastiaan van Stijn <github@gone.nl>

commit 5937a3f33738b1be432168d46b8dc818fe141724
Author: Sebastiaan van Stijn <github@gone.nl>
Date:   Sun Nov 20 12:27:14 2022 +0100

    transport/ca/localca: remove uses of github.com/kisom/goutils/assert

    This package was the only package using this assertion library. Looking
    for a replacement, all packages (except for one) in this repository were
    not using an assertion library, so replacing it with standard checks.

    Signed-off-by: Sebastiaan van Stijn <github@gone.nl>

commit 4607acedb3dfc22ea832dcfa1bddfbb5f800d3e6
Author: Sebastiaan van Stijn <github@gone.nl>
Date:   Sun Nov 20 12:18:23 2022 +0100

    transport/ca/localca: New(): return error instead of calling os.Exit(1)

    This code was added in 56dfed7c82597110116d549dc1c990a5e24d1db7, but
    now has become the only use of github.com/kisom/goutils/assert, which
    previously was used in tests, and now is archived (moved to a new module).

    There were a couple of issues with this code;

    The `assert.NoError` appears to have a bug; it accepts optional arguments,
    but those are ignored; https://github.com/kisom/goutils/blob/v1.4.3/assert/assert.go#L90-L99
    In this case, it meant that the additional information to describe the
    error won't be printed.

    Looking at the code (https://github.com/kisom/goutils/blob/v1.4.3/assert/assert.go#L35-L45),
    it defaults (`GOTRACEBACK` anything other than "crash") using `os.Exit(1)`.
    While (from the description), program execution MUST be terminated, there
    are some downsides to using `os.Exit` here, as it terminates execution
    immediately (which is desirable), but has no way to recover. While users
    should NOT use the result in this case, they still may want to catch this
    error (without terminating the program as a whole, which may be problematic
    if this module is used as part of a service). `os.Exit` also does not execute
    pending `defer` statements, which may still be desirable to handle state cleanup.

    This patch changes the function to return an error instead, allowing the
    caller to handle the error.

    Signed-off-by: Sebastiaan van Stijn <github@gone.nl>

commit cfd0e9ab2afa2101e9cf7647babf7eec2c3d4829
Merge: c71f9f68 052932c1
Author: Nicky Semenza <nicky@cloudflare.com>
Date:   Mon Nov 21 13:44:33 2022 -0800

    Merge pull request #1255 from thaJeztah/update_gomod

    go.mod: update for go1.18 and update/remove obsolete dependencies

commit c71f9f68dbbb2bdb90ff95db71c05ab94a330a6d
Merge: b553d93a 68b96f84
Author: Nicky Semenza <nicky@cloudflare.com>
Date:   Mon Nov 21 13:41:24 2022 -0800

    Merge pull request #1258 from thaJeztah/remove_ioutils

    chore: remove uses of deprecated io/ioutil

commit 68b96f84a7e2891320491683ce4e28a4591c36fd
Author: Sebastiaan van Stijn <github@gone.nl>
Date:   Sun Nov 20 13:58:17 2022 +0100

    doc: remove mention of deprecated io/ioutil

    Signed-off-by: Sebastiaan van Stijn <github@gone.nl>

commit f277884f6332b9f3c3a2e9b5a467856cb6b930e3
Author: Sebastiaan van Stijn <github@gone.nl>
Date:   Sun Nov 20 13:58:04 2022 +0100

    selfsign: replace uses of deprecated io/ioutil

    Signed-off-by: Sebastiaan van Stijn <github@gone.nl>

commit f98ae4a6790151daf96162528a07a8756023c85f
Author: Sebastiaan van Stijn <github@gone.nl>
Date:   Sun Nov 20 13:57:50 2022 +0100

    revoke: replace uses of deprecated io/ioutil

    Signed-off-by: Sebastiaan van Stijn <github@gone.nl>

commit 9d4d8c6779a1dc71d3c1678f3420b9e01e99f888
Author: Sebastiaan van Stijn <github@gone.nl>
Date:   Sun Nov 20 13:57:39 2022 +0100

    multiroot: replace uses of deprecated io/ioutil

    Signed-off-by: Sebastiaan van Stijn <github@gone.nl>

commit df5893e91e4e72e08b0f824ba32b15644d134918
Author: Sebastiaan van Stijn <github@gone.nl>
Date:   Sun Nov 20 13:57:27 2022 +0100

    initca: replace uses of deprecated io/ioutil

    Signed-off-by: Sebastiaan van Stijn <github@gone.nl>

commit 62ebbe3726683f1716a55c92363f7eef043345f9
Author: Sebastiaan van Stijn <github@gone.nl>
Date:   Sun Nov 20 13:56:29 2022 +0100

    csr: replace uses of deprecated io/ioutil

    Signed-off-by: Sebastiaan van Stijn <github@gone.nl>

commit 31652f3d0c5cdea571d94e08123a34e69de1e7c9
Author: Sebastiaan van Stijn <github@gone.nl>
Date:   Sun Nov 20 13:56:10 2022 +0100

    crl: replace uses of deprecated io/ioutil

    Signed-off-by: Sebastiaan van Stijn <github@gone.nl>

commit 77a52e775f073de941b01388a9e7362da5ef1218
Author: Sebastiaan van Stijn <github@gone.nl>
Date:   Sun Nov 20 13:55:37 2022 +0100

    config: replace uses of deprecated io/ioutil

    Signed-off-by: Sebastiaan van Stijn <github@gone.nl>

commit 7c1b3588da2292c39966676b118cb72d3262fea5
Author: Sebastiaan van Stijn <github@gone.nl>
Date:   Sun Nov 20 13:55:24 2022 +0100

    certinfo: replace uses of deprecated io/ioutil

    Signed-off-by: Sebastiaan van Stijn <github@gone.nl>

commit 7025962aaa5975891ca0ef8d317f452d79c41922
Author: Sebastiaan van Stijn <github@gone.nl>
Date:   Sun Nov 20 13:55:07 2022 +0100

    certdb: replace uses of deprecated io/ioutil

    Signed-off-by: Sebastiaan van Stijn <github@gone.nl>

commit c9e5b44932223adb111e354e2cc00af434228b54
Author: Sebastiaan van Stijn <github@gone.nl>
Date:   Sun Nov 20 13:54:25 2022 +0100

    whitelist: replace uses of deprecated io/ioutil

    Signed-off-by: Sebastiaan van Stijn <github@gone.nl>

commit 052932c167809da1e64de0d7e061e425164fff43
Author: Sebastiaan van Stijn <github@gone.nl>
Date:   Sun Nov 20 00:33:41 2022 +0100

    go.mod: github.com/matttproud/golang_protobuf_extensions v1.0.2

    adds go module support

    Signed-off-by: Sebastiaan van Stijn <github@gone.nl>

commit 3eb1f2940731045ef9e94e53582f3f880d7fa3bb
Author: Sebastiaan van Stijn <github@gone.nl>
Date:   Sun Nov 20 00:18:26 2022 +0100

    go.mod: golang.org/x/crypto v0.3.0

    Signed-off-by: Sebastiaan van Stijn <github@gone.nl>

commit 706ae75e7314493ef46bd278f6c4faed08f019b1
Author: Sebastiaan van Stijn <github@gone.nl>
Date:   Sun Nov 20 00:46:44 2022 +0100

    go.mod: golang.org/x/net v0.2.0

    the golang.org/x projects now tag releases.

    Signed-off-by: Sebastiaan van Stijn <github@gone.nl>

commit 1ddff47e3db73d5374c9c6e822b361153a06d461
Author: Sebastiaan van Stijn <github@gone.nl>
Date:   Sun Nov 20 00:09:20 2022 +0100

    go.mod: github.com/jmhodges/clock v1.2.0

    Adds go module support. No code changes in vendored files

    full diff: https://github.com/jmhodges/clock/compare/880ee4c33548...v1.2.0

    Signed-off-by: Sebastiaan van Stijn <github@gone.nl>

commit 59534b3c34eeea05e9d0ba22b3543b2312e6af91
Author: Sebastiaan van Stijn <github@gone.nl>
Date:   Sun Nov 20 00:04:56 2022 +0100

    go.mod: github.com/cloudflare/redoctober v0.0.0-20211013234631-6a74ccc611f6

    Adds go module support and drops various obsolete dependencies;

    full diff: https://github.com/cloudflare/redoctober/compare/99c99a8e7544...6a74ccc611f6

    Signed-off-by: Sebastiaan van Stijn <github@gone.nl>

commit 0cb76cee3fd9110af602ce9b5b930c0a7a056b29
Author: Sebastiaan van Stijn <github@gone.nl>
Date:   Sat Nov 19 23:59:37 2022 +0100

    go.mod: github.com/google/certificate-transparency-go v1.1.4

    This version drops a great number of (indirect) dependencies

    Signed-off-by: Sebastiaan van Stijn <github@gone.nl>

commit 1c31e687d9b60adc5795aa107971584a2ecc2a7a
Author: Sebastiaan van Stijn <github@gone.nl>
Date:   Sun Nov 20 00:50:14 2022 +0100

    remove deprecated golint (golang.org/x/lint)

    CI is already using golangci-lint, which should cover whatever
    golint was still covering.

    Signed-off-by: Sebastiaan van Stijn <github@gone.nl>

commit d90536d5434a63ac5e6552745848282619e4f43f
Author: Sebastiaan van Stijn <github@gone.nl>
Date:   Sun Nov 20 14:26:50 2022 +0100

    all: gofmt for go1.18 (fixes missing build-tags)

    Signed-off-by: Sebastiaan van Stijn <github@gone.nl>

commit d7e9e5fab6848ab355aa01049626ea8dd03c260a
Author: Sebastiaan van Stijn <github@gone.nl>
Date:   Sun Nov 20 13:53:31 2022 +0100

    ubiquity: replace uses of deprecated io/ioutil

    Signed-off-by: Sebastiaan van Stijn <github@gone.nl>

commit 8bd4af2b3b90449b45f798a6ffaee31fc21881bc
Author: Sebastiaan van Stijn <github@gone.nl>
Date:   Sun Nov 20 13:49:48 2022 +0100

    transport: replace uses of deprecated io/ioutil

    Signed-off-by: Sebastiaan van Stijn <github@gone.nl>

commit 6a932bb7bf8ce68afc752af67d61804c7cedf739
Author: Sebastiaan van Stijn <github@gone.nl>
Date:   Sun Nov 20 13:49:30 2022 +0100

    scan: replace uses of deprecated io/ioutil

    Signed-off-by: Sebastiaan van Stijn <github@gone.nl>

commit 5b8919c197a03bc3f2651f9ca11fc19c5c22bdd1
Author: Sebastiaan van Stijn <github@gone.nl>
Date:   Sun Nov 20 13:49:03 2022 +0100

    ocsp: replace uses of deprecated io/ioutil

    Signed-off-by: Sebastiaan van Stijn <github@gone.nl>

commit e7d48f1cd9f17db0ae4bab8e05b5b864bd0d685d
Author: Sebastiaan van Stijn <github@gone.nl>
Date:   Sun Nov 20 13:48:33 2022 +0100

    signer: replace uses of deprecated io/ioutil

    Signed-off-by: Sebastiaan van Stijn <github@gone.nl>

commit b27c723cccb13f14dc6b3936415bdd7759ab930b
Author: Sebastiaan van Stijn <github@gone.nl>
Date:   Sun Nov 20 13:47:22 2022 +0100

    helpers: replace uses of deprecated io/ioutil

    Signed-off-by: Sebastiaan van Stijn <github@gone.nl>

commit fc8619eae3f3734998c8dab9fe574dbd16ff1f50
Author: Sebastiaan van Stijn <github@gone.nl>
Date:   Sun Nov 20 13:47:00 2022 +0100

    cmd: replace uses of deprecated io/ioutil

    Signed-off-by: Sebastiaan van Stijn <github@gone.nl>

commit 45225c2f2246b8037f39b5af192f425db9d308ec
Author: Sebastiaan van Stijn <github@gone.nl>
Date:   Sun Nov 20 13:46:26 2022 +0100

    cli: replace uses of deprecated io/ioutil

    Signed-off-by: Sebastiaan van Stijn <github@gone.nl>

commit 6f34ba02802b99dddceccd9685cf764418b206d7
Author: Sebastiaan van Stijn <github@gone.nl>
Date:   Sun Nov 20 13:45:10 2022 +0100

    bundler: replace uses of deprecated io/ioutil

    Signed-off-by: Sebastiaan van Stijn <github@gone.nl>

commit 2bc4f21a8c8e8e559c9969acfd7f7f9b5a2c1c72
Author: Sebastiaan van Stijn <github@gone.nl>
Date:   Sun Nov 20 13:44:33 2022 +0100

    auth: replace uses of deprecated io/ioutil

    Signed-off-by: Sebastiaan van Stijn <github@gone.nl>

commit 941a1cde099d8ad7655d4239eb2e283c58591241
Author: Sebastiaan van Stijn <github@gone.nl>
Date:   Sun Nov 20 13:44:03 2022 +0100

    api: replace uses of deprecated io/ioutil

    Signed-off-by: Sebastiaan van Stijn <github@gone.nl>

commit 28c127eebf13a457da4048e8fa08200aa502c4c3
Author: Sebastiaan van Stijn <github@gone.nl>
Date:   Sat Nov 19 23:55:03 2022 +0100

    go.mod: tidy and vendor with go1.18

    go1.17 and older are deprecated and no longer tested in CI

    Signed-off-by: Sebastiaan van Stijn <github@gone.nl>

commit b553d93abe2c9749c86b3c375be43770b7c3b17e
Merge: 079aed0a 879b1d38
Author: Nicky Semenza <nicky@cloudflare.com>
Date:   Mon Nov 7 10:23:10 2022 -0800

    Merge pull request #1254 from thaJeztah/remove_go1.12_support

    helpers/derhelpers: remove support for go1.12

commit 879b1d38a56467eccd595812bbf8b2bc71f5d0ea
Author: Sebastiaan van Stijn <github@gone.nl>
Date:   Sun Nov 6 02:17:31 2022 +0100

    helpers/derhelpers: remove support for go1.12

    go1.12 has reached EOL when go1.14 was released in 2020, so it
    should be safe to remove now.

    Also removing uses of golang.org/x/crypto/ed25519, which is now part of stdlib:

        Beginning with Go 1.13, the functionality of this package was moved to the
        standard library as crypto/ed25519. This package only acts as a compatibility
        wrapper.

    This partially reverts e45ead24ff2d3a16f9c662d6f3b787176096049e / 81e54732c78bc0320d4f6061b9d27b441d8ff8f7

    Signed-off-by: Sebastiaan van Stijn <github@gone.nl>

commit 079aed0a45c58d019740b4de1811e2116eae6866
Merge: d4be5f51 e0c522a3
Author: Nicky Semenza <nicky@cloudflare.com>
Date:   Tue Oct 4 09:00:58 2022 -0700

    Merge pull request #1249 from cloudflare/nicky/new-db-accessor

    add db accessor to get unexpired certs by labels, add DB tests back to CI

commit e0c522a34cb793a4beb7a092112b57a1f913c75a
Author: Nicky Semenza <nicky@cloudflare.com>
Date:   Mon Oct 3 16:02:44 2022 -0700

    add test for GetUnexpiredCertificatesByLabel

commit a9a2c2e4be1a3f087451cf971a79fd76c0febbc8
Author: Nicky Semenza <nicky@cloudflare.com>
Date:   Mon Oct 3 15:09:18 2022 -0700

    add postgres and mysql tests back to CI

    resolves #1238

commit d4488a84e2595902f2b0bf2eaead2d9d3bd5fa83
Author: Nicky Semenza <nicky@cloudflare.com>
Date:   Mon Oct 3 13:54:55 2022 -0700

    add DB accessor to get unexpired certs by one or more labels

commit d4be5f51fd039a532d63f2bca4c6fb2551dfed58
Merge: 4e654dd0 d9b0432a
Author: Nicky Semenza <nicky@cloudflare.com>
Date:   Thu Sep 22 08:57:50 2022 -0700

    Merge pull request #1245 from sevan/patch-2

commit 4e654dd020506d64966159d2547040c4d72c0b03
Merge: ffddf3ab 97e7ff29
Author: Nicky Semenza <nicky@cloudflare.com>
Date:   Thu Sep 22 08:57:42 2022 -0700

    Merge pull request #1246 from sevan/patch-3

commit ffddf3ab3da7a094f546aad1a5f5d1fc431047e6
Merge: bba3a201 40209b17
Author: Nicky Semenza <nicky@cloudflare.com>
Date:   Thu Sep 22 08:57:32 2022 -0700

    Merge pull request #1244 from sevan/patch-1

commit 97e7ff29bc08fcc75006afe5238c17e9be300a1b
Author: Sevan Janiyan <venture37@geeklan.co.uk>
Date:   Fri Sep 2 00:19:34 2022 +0100

    doc/api/intro.txt: there are 13 endpoints

    sorte and document certinfo & revoke endpoints.

commit d9b0432a55b04f9189cd089678b41109fa07c000
Author: Sevan Janiyan <venture37@geeklan.co.uk>
Date:   Thu Sep 1 22:59:56 2022 +0100

    doc/cmd/multiroot.txt: Add dbconfig to example

    multirootca/config was moved to the root of the source directory.

commit 40209b175f798d3e3f282a731ba16de59ee9191b
Author: Sevan Janiyan <venture37@geeklan.co.uk>
Date:   Thu Sep 1 22:27:31 2022 +0100

    doc/cmd/cfssl.txt: grammar

commit bba3a2015ca4ad91f5b2c61c5876f0ecbfcb39bc
Author: Nicky Semenza <nicky@cloudflare.com>
Date:   Fri Aug 26 11:51:10 2022 -0700

    update release make target to use go 1.18

commit cacf1702e49e95c402b3b041a1689965e784dadd
Merge: 81f1f19f 73645931
Author: Nicky Semenza <nicky@cloudflare.com>
Date:   Wed Aug 24 10:57:20 2022 -0700

    Merge pull request #1241 from cloudflare/nicky/bump-crypto

    chore: bump golang.org/x/crypto

commit 81f1f19fe6c83482a0f86dc87b1596f62138c246
Merge: a3eea0c1 f1e6594a
Author: Nicky Semenza <nicky@cloudflare.com>
Date:   Wed Aug 24 10:54:57 2022 -0700

    Merge pull request #1213 from akamac/patch-1

    add health endpoint to docs

commit 73645931e8ffcb9234a8dadba192fa83fc69c506
Author: Nicky Semenza <nicky@cloudflare.com>
Date:   Wed Aug 24 10:51:19 2022 -0700

    chore: bump golang.org/x/crypto

    Resolves #1226

commit a3eea0c13300dd9c1d9110c208c2540325d0490b
Merge: 7614d6ca 23c92b07
Author: Nicky Semenza <nicky@cloudflare.com>
Date:   Wed Aug 24 10:46:18 2022 -0700

    Merge pull request #1239 from cloudflare/nicky/add-gh-actions

    add github Actions to replace travis

commit 23c92b07d69cac29e39c04b34ae7727759fdf1fc
Author: Nicky Semenza <nicky@cloudflare.com>
Date:   Sun Jan 24 10:06:25 2021 -0800

    add github Actions to replace travis

    Travis hasn't been running for ~ 1 year, this adds some basic Actions tests so that there's some form of CI running
    * some certs have expired since, filed #1237 to handle fixing those
    * this doesn't quite have feature parity - namely missing the tests that run against the database. (filed #1238)

commit 7614d6cad35dd6d33c8c1fc2e2db5d9ce111e56b
Merge: 04def84a 33661a29
Author: Nicky Semenza <nicky@cloudflare.com>
Date:   Fri Aug 19 10:34:05 2022 -0700

    Merge pull request #1236 from blotus/use-go-embed

    Replace go.rice with go embed

commit 33661a291000b3e21419f9418760304cec018015
Author: Sebastien Blot <sebastien@crowdsec.net>
Date:   Wed Aug 17 13:23:14 2022 +0200

    min go version is now 1.16

commit 3d2d3b520937be058f1f1b217f1947555be662da
Author: Sebastien Blot <sebastien@crowdsec.net>
Date:   Wed Aug 17 13:22:51 2022 +0200

    update Dockerfiles to use go 1.16

commit 33ed56286f3847949fc3607461c8351ba6bce804
Author: Sebastien Blot <sebastien@crowdsec.net>
Date:   Wed Aug 17 13:14:07 2022 +0200

    remove go.rice dependency

commit 9ca1d0a10e7414ea22c23b7b77153a6028c51a8a
Author: Sebastien Blot <sebastien@crowdsec.net>
Date:   Wed Aug 17 13:08:46 2022 +0200

    use go:embed

commit 04def84a58a0220d5adec64406b28a8e1ec6f716
Merge: e6502bb7 547d051e
Author: Nicky Semenza <nicky@cloudflare.com>
Date:   Tue May 24 10:41:16 2022 -1000

    Merge pull request #1231 from boranx/readme-go1.18-install

    docs: add go install

commit 547d051ee560db1e0459b9e24d48934f7fd03b63
Author: boranx <boran.seref@gmail.com>
Date:   Tue May 24 12:50:06 2022 +0200

    docs: add go install

commit e6502bb7ffe4ee576227c9123a101deda248884c
Merge: 503b4d7b 34ce3de5
Author: Nicky Semenza <nicky@cloudflare.com>
Date:   Wed Jan 19 08:37:23 2022 -0800

    Merge pull request #1224 from romantomjak/master

commit 34ce3de5d5868b670f5bb224dc3e33875e1d5c7e
Author: Roman Tomjak <6570684+romantomjak@users.noreply.github.com>
Date:   Sun Jan 16 12:05:33 2022 +0000

    add support for m1 macs

commit f1e6594a1fa8e5d1873733aa84b4d5b0dcafb427
Author: Alexey Miasoedov <alexey.miasoedov@gmail.com>
Date:   Thu Dec 2 14:02:28 2021 +0300

    add health endpoint to docs

commit 503b4d7bdf090b00d20d67dcc1d129163c86d5c7
Merge: 29ae05fe a8591c38
Author: Watson Ladd <watson@cloudflare.com>
Date:   Wed Sep 15 14:32:28 2021 -0700

    Merge pull request #1205 from cloudflare/watson/fix-delegation-support

    Support for DelegationUsage extension

commit a8591c383218ee9869cbc152ebebf2502895cbdb
Author: Watson Ladd <watson@cloudflare.com>
Date:   Tue Sep 14 15:51:13 2021 -0700

    Support for DelegationUsage extension

    This special cases the DelegationUsage extension, copying it to the
    output when signing. It also adds support for a flag
    delegation_enabled in certificate specifications. I have manually
    confirmed this works.

commit 29ae05fe80e1a9c704ddad7002d90ade7a38cb29
Merge: f4208c64 e582ed4c
Author: Nicky Semenza <nicky@cloudflare.com>
Date:   Wed Jul 14 15:06:11 2021 -0700

    Merge pull request #1189 from cloudflare/nicky/fix-coreos-mod-rename

commit f4208c6426fc943869353262c073f96a062ec0ef
Merge: 1f29b040 19c09ff6
Author: Nicky Semenza <nicky@cloudflare.com>
Date:   Thu Jun 17 12:50:52 2021 -0700

    Merge pull request #1195 from BowonY/bowon/avoid-select-all

commit 19c09ff6ad5a2a2625647dd993d4b742d8508b01
Author: Bowon Yang <bowon@cloudflare.com>
Date:   Thu Jun 17 12:09:53 2021 -0700

    pick columns to get revoked/unexpired certs

commit 1f29b040495c08c983351455acc957826d2e597f
Merge: 6dd12c2d 87f86f18
Author: Nicky Semenza <nicky@cloudflare.com>
Date:   Mon Jun 7 17:25:49 2021 -0700

    Merge pull request #1191 from Rutori/loglevel-multiroot-ca

commit 87f86f189b1fad65d1c08e9cee58e6983e27893f
Author: Rutori <saintmishin@gmail.com>
Date:   Mon May 24 17:28:13 2021 +0300

    Add loglevel flag for multiroot-ca

commit e582ed4cfff7e0875c8136fe00e790ca29b81450
Author: Nicky Semenza <nicky@cloudflare.com>
Date:   Tue May 11 15:46:31 2021 -0700

    remove -u flag from readme, link to releases

commit bea2d3db90fe13a9d4c220a9ef506a82af4b1b9f
Author: Nicky Semenza <nicky@cloudflare.com>
Date:   Tue May 11 10:32:00 2021 -0700

    remove old go versions from travis

commit b2552cabdf56f79fe67618bea930916d7ad47089
Author: Nicky Semenza <nicky@cloudflare.com>
Date:   Fri Apr 2 15:38:55 2021 -0700

    fix upgrading transitive coreos dependency breakage

    The root of the problem is that the latest semver release of https://github.com/google/certificate-transparency-go is from 2018, and the etcd packages have been renamed since. For some reason the readme instructs the usage of `-u` with go get, so this upgrades that to the latest version, along with some other packages that are years out of date.

    more context at: https://github.com/etcd-io/etcd/issues/11749

    resolves #1142,
    resolves #1182
    resolves #1183
    resolves #1188

commit 00a28f6561cfaebeb8dd59c930137fb327088ae5
Author: Jonathan Wright <jon@than.io>
Date:   Sat May 8 18:20:40 2021 +0100

    Improve IPv6 address handling in ocspserve

    When setting an IPv6 address to listing on via the -address command-line
    argument for both serve and ocspserve, the latter errors with "listen
    tcp: address ::1:8889: too many colons in address" unless it is escaped.
    However, the former uses the net library to process the address and
    port, which results in the enforced escaping of IPv6 addresses
    regardless of if the address is already enclosed in square brackets
    (e.g. [::1]).

    This changes oscpserve to use the same net library call as serve to
    provide consistency between the two calls when handling IPv6 addresses.

commit 6dd12c2d4cf9471540566d3758ac744a4cdfd943
Merge: 0707dc7c 57d4044c
Author: Nicky Semenza <nicky@cloudflare.com>
Date:   Fri Mar 26 10:14:02 2021 -0700

    Merge pull request #1157 from mayocream/patch-1

commit 0707dc7c7679d3d9b4e53f5b3193844df64b20cc
Merge: b1512a1f ea20c62e
Author: Nicky Semenza <nicky@cloudflare.com>
Date:   Fri Mar 26 10:12:42 2021 -0700

    Merge pull request #1181 from myokoyama28/fix-certadd

commit ea20c62e8f777ba0de98fdf406016c2d71a1d98e
Author: myokoyama28 <bayokoyama43@gmail.com>
Date:   Tue Mar 23 15:26:37 2021 +0900

    fix lint errors

commit 6b41bfc832dbb3d4a4d226109e128396be7d6e31
Author: myokoyama28 <bayokoyama43@gmail.com>
Date:   Tue Mar 23 15:10:58 2021 +0900

    fix serve_test.go

commit 9af920455ab53a5b95c9e1fa46f447b45cc568c7
Author: myokoyama28 <bayokoyama43@gmail.com>
Date:   Tue Mar 23 13:53:47 2021 +0900

    make certadd available

commit b1512a1f2b696488459832cf5ec4ec3d59f4cd1b
Merge: 2215630d 9b27d0d8
Author: Max Nystrom <maxnystrom@users.noreply.github.com>
Date:   Wed Feb 24 17:57:51 2021 -0800

    Merge pull request #1172 from aklyachkin/master

    Support for E attribute (emailAddress) in CSR

commit 2215630d72a34603d912d2715f9c39e8a6c4328c
Merge: c6f04ed9 152fb8b0
Author: Nicky Semenza <nicky@cloudflare.com>
Date:   Wed Feb 24 12:02:09 2021 -0800

    Merge pull request #1175 from chienfuchen32/patch-1

    Add http response close in client post function

commit 152fb8b0d7fb5c8d1fa7c29e81d308e008c0eee9
Author: 陳傑夫 <chienfuchen32@gmail.com>
Date:   Tue Feb 16 15:26:03 2021 +0800

    Add http response close in client post function

commit c6f04ed940e8ab5f52f583ac07cca9849f71a226
Merge: 6eb16407 84e7ff5e
Author: Nicky Semenza <nicky@cloudflare.com>
Date:   Fri Feb 12 15:29:03 2021 -0800

    Merge pull request #1174 from nickysemenza/go-metrics-prometheus

    replace deprecated go-metrics with prometheus

commit 84e7ff5e1a6fc982b2627395acc520f192ec18f0
Author: Nicky Semenza <nicky@nickysemenza.com>
Date:   Tue Feb 9 17:53:04 2021 -0800

    chore(multirootca): replace deprecated go-metrics with prometheus

    This _is_ a breaking change.

commit 6eb1640765c7330eb7a67b4556ab5f12c6b9455e
Merge: 9f7129a6 f247e5be
Author: Nicky Semenza <nicky@cloudflare.com>
Date:   Mon Feb 8 17:31:41 2021 -0800

    Merge pull request #1173 from iguanesolutions/revoke_leak

    revoke: fix connection leak

commit f247e5be73a3b69ab9ba011c17c1e1b05a7b8c6a
Author: Benjamin Gustin <benjamin.gustin@iguanesolutions.com>
Date:   Mon Feb 8 13:27:32 2021 +0100

    revoke: fix connection leak

commit 9b27d0d80ebfdab86f3b54d64f194e726818d236
Author: aklyachkin <aklyachkin@gmail.com>
Date:   Mon Feb 8 13:17:54 2021 +0100

    support for E attribute in CSR

commit 9f7129a65ac028f14451258d860bf3efd3e63576
Merge: 57882e0a 5628e979
Author: Nicky Semenza <nicky@cloudflare.com>
Date:   Mon Feb 1 08:36:33 2021 -0800

    Merge pull request #1163 from akgmartin/master

commit 5628e979a3ac93446abc504656e4e15e2784bdef
Merge: 38b82406 b156a8c1
Author: akgmartin <andy@martin-robson.com>
Date:   Fri Jan 29 15:31:43 2021 -0600

    Merge pull request #1 from benbuzbee/benbuz/tests

    Fix tests and add OID test

commit b156a8c16c79634bdd2ea6795a1d75a8526b186e
Author: Ben Buzbee <bbuzbee@cloudflare.com>
Date:   Fri Jan 29 21:25:54 2021 +0000

    Fix tests and add OID test

commit 38b82406acc59d214d4d282d0dcb592a40770f52
Author: Andy Martin <amartin@cloudflare.com>
Date:   Thu Dec 31 10:55:56 2020 -0600

    Added support for general OID names in CSRs

commit 57882e0acfd6cd873edb826bfcf0505662a56ab0
Merge: 3cc617f2 1c752601
Author: Nicky Semenza <nicky@cloudflare.com>
Date:   Sun Jan 24 09:48:42 2021 -0800

    Merge pull request #1170 from qinghai5060/fixErrorCheck

    fix error check when check signature

commit 1c7526010688af74c36733d69dcccebd0c23c19e
Author: root <root@DESKTOP-HI73GJM.localdomain>
Date:   Sun Jan 24 20:22:24 2021 +0800

    fix error check when check signature

commit 3cc617f27de99f13068b41960b52a62015616e97
Merge: 23b638f5 7a59a7db
Author: Nicky Semenza <nicky@cloudflare.com>
Date:   Tue Jan 12 09:10:30 2021 -0800

    Merge pull request #1164 from grongor/dont-use-default-http-client

    Allow users to use custom HTTP client

commit 7a59a7dbae656717661d880ecdb35990334cda8a
Author: Jakub Chábek <jakub.chabek@cdn77.com>
Date:   Tue Jan 5 12:17:44 2021 +0100

    Allow users to use custom HTTP client

commit 23b638f5a9370a5f13fb22f9d7b909f1bc0e0205
Merge: c75db4fe c90849d7
Author: Nicky Semenza <nicky@cloudflare.com>
Date:   Tue Dec 22 11:28:16 2020 -0800

    Merge pull request #1160 from orangepizza/zlint_upgrade

commit c90849d7dc60036d73fb68f738f29eb54099c39e
Author: abnoeh <abnoeh@mail.com>
Date:   Tue Dec 22 16:08:53 2020 +0000

    update zlint to v3.0.0

commit c75db4fe0dff203f6291e149e1dbe253db30c18a
Merge: a538700a d103ea14
Author: Nicky Semenza <nicky@cloudflare.com>
Date:   Fri Dec 11 13:42:20 2020 -0800

    Merge pull request #1156 from mayocream/master

    format json indent

commit 57d4044c66be4a8c7c22067db781352ed77644c7
Author: Han Huang <huanghan@corp-ci.com>
Date:   Wed Dec 9 17:59:16 2020 +0800

    trigger

commit 763faa7f5632a49d4d40eb2c282c33ad352e23a6
Author: 真夜 <35420264+mayocream@users.noreply.github.com>
Date:   Wed Dec 9 13:49:43 2020 +0800

    fix: cfssl provider support SAN URI

commit d103ea147140377e6179a8fd1a3d27ac3426c81c
Author: Mayo <mayocream39@yahoo.co.jp>
Date:   Mon Dec 7 13:45:42 2020 +0800

    format json indent

commit a538700acfbab2ae160df7c145207f0c3114e5d3
Merge: aebbc137 9f1ff979
Author: Nicky Semenza <nicky@cloudflare.com>
Date:   Mon Nov 23 08:25:44 2020 -0800

    Merge pull request #1151 from nagesh4193/master

    Add Power Support ppc64le

commit 9f1ff9797cd9d5a64b79dae69b93898365b9c7c9
Author: nagesh4193 <70690392+nagesh4193@users.noreply.github.com>
Date:   Mon Nov 23 12:43:41 2020 +0530

    Add Power Support ppc64le

commit aebbc137271af51055fb97ea77be67a1868a3d21
Merge: c1bf7b99 f712ad9e
Author: Nicky Semenza <nicky@cloudflare.com>
Date:   Fri Nov 13 14:46:11 2020 -0800

    Merge pull request #1143 from nickysemenza/add-go-1.15

commit c1bf7b99b33c754afc837dc43d4619de162dee5f
Merge: 9ccff9a3 a22fd94a
Author: Nicky Semenza <nicky@cloudflare.com>
Date:   Fri Nov 13 11:06:09 2020 -0800

    Merge pull request #1119 from jbampton/fix-spelling

    Fix spelling

commit f712ad9e454aec2d0ec40979fb3375bd71e67a2c
Author: Nicky Semenza <nicky@cloudflare.com>
Date:   Fri Nov 13 10:00:24 2020 -0800

    copy over ca-bundle and int-bundle testdata from cloudflare/cfssl_trust

commit 9ccff9a3f5332b52a6103a3876bdc990be872163
Merge: 816bb927 7f460093
Author: Nicky Semenza <nicky@cloudflare.com>
Date:   Mon Nov 9 12:37:41 2020 -0800

    Merge pull request #1145 from AshleyPoole/ash/add-health-api-doc

    Add documentation for API health endpoint

commit 7f460093583f10da924467345a42f48af6f2438b
Author: Ashley Poole <git@ashleypoole.co.uk>
Date:   Sun Nov 8 12:16:12 2020 +0000

    Add documentation for API health endpoint

commit 5c037eb7f964ea31e38129ccefcc3039a65a838e
Author: Nicky Semenza <nicky@cloudflare.com>
Date:   Fri Nov 6 15:56:45 2020 -0800

    chore: add go 1.15 to travis

commit 816bb92712c79b67d5eb4bf918ab1d3c67db111b
Merge: e905e919 6152bbbf
Author: Nicky Semenza <nicky@cloudflare.com>
Date:   Wed Nov 4 16:19:59 2020 -0800

    Merge pull request #1141 from nickysemenza/add-docker-push

    add Docker Hub push to release make target

commit 6152bbbf41b60c5a7e204e48389365e5f4b3a0ad
Author: Nicky Semenza <nicky@cloudflare.com>
Date:   Wed Nov 4 15:01:25 2020 -0800

    add Docker Hub push to release make target

commit e905e919f68e0214990a445928752ece41a86038
Merge: d6ad84ed a0fb6096
Author: Nicky Semenza <nicky@cloudflare.com>
Date:   Wed Oct 21 10:35:54 2020 -0700

    Merge pull request #1137 from hugoboos/update-zlint

    Update dependency zlint to 2.2.1

commit d6ad84ed79e75c6be0dfc7a7e35fd26543df5f2c
Merge: 8fb54138 e8f9337d
Author: Nicky Semenza <nicky@cloudflare.com>
Date:   Wed Oct 21 10:31:15 2020 -0700

    Merge pull request #1136 from nickysemenza/fix-null-commonname

    fix(certdb): allow reading other null columns (part 2 of #1135)

commit e8f9337d2c132653bedd6368b60a1a161a5d278c
Author: Nicky Semenza <nicky@cloudflare.com>
Date:   Tue Oct 13 15:36:41 2020 -0700

    fix(certdb): allow reading other null columns (part 2 of #1135)

    This follows up #1135 to properly handle the case when columns written pre-migration have null values.

commit 8fb54138795b4030fb4e6d0183660f71aa4d764d
Merge: d1be3c20 34885de9
Author: Nicky Semenza <nicky@cloudflare.com>
Date:   Thu Oct 15 09:42:47 2020 -0700

    Merge pull request #1112 from RocketPuppy/patch-1

    Document revocation parameter formats

commit a0fb609621624e0a6b41bf649935fb9b24fe1499
Author: Hugo Stijns <hugo@boosboos.net>
Date:   Thu Oct 15 15:26:42 2020 +0200

    update dependency zlint to 2.2.1

commit d1be3c20dd38c5e1044919090461a6cc9aad5072
Merge: 8e907d36 c7426dff
Author: Nicky Semenza <nicky@cloudflare.com>
Date:   Tue Oct 13 15:10:53 2020 -0700

    Merge pull request #1135 from nickysemenza/fix-null-commonname

    fix selecting rows created before migration introduced in #1126

commit c7426dffe46a00aaceaa0ef191ac56b9bb88df4f
Author: Nicky Semenza <nicky@cloudflare.com>
Date:   Tue Oct 13 14:36:51 2020 -0700

    fix(certdb): use `sql.NullString` for CertificateRecord.CommonName

    Rows inserted before the migration in #1126 will have the `common_name` set to NULL. This fixes selects for those rows.

commit 8e907d36f0663163058b9f9a102bdc471ce40d9a
Merge: 8090bcee 1b44b481
Author: Nicky Semenza <nicky@cloudflare.com>
Date:   Fri Sep 25 14:46:16 2020 -0700

    Merge pull request #1132 from asayyah/master

    Fix race condition in revoke

commit 1b44b481724ef795de3ff08efabf8a7b29078c1d
Author: Ali Sayyah <asayyah@apple.com>
Date:   Fri Sep 25 10:55:04 2020 -0700

    Fix race condition in revoke

commit 8090bceefe6c9cc3b044197a8341bea2619d00a6
Author: Nicky Semenza <nicky@cloudflare.com>
Date:   Fri Sep 25 10:25:11 2020 -0700

    feat(authsign): store additional metadata/fields in `certdb` (#1126)

    This is a major change in that the included DB migrations *must* be run before the new version of `cfssl` is deployed.
    This allows for clients (i.e. https://github.com/cloudflare/certmgr) to send some additional optional fields to `/api/v1/cfssl/authsign` to be stored in `certdb`. It also starts saving SANs, common name, and NotBefore from the issued certificates so that they can be queried without having to parse the PEM.

commit 046b174bc41a3d0d6e5c56c6e62783c461ac5c00
Merge: ca392c0f beeced86
Author: Nicky Semenza <nicky@cloudflare.com>
Date:   Thu Sep 17 15:20:26 2020 -0700

    Merge pull request #1129 from mitalirawat/mitali/SECENG-8092

    Allowing CertificateRequest to take CRL url as input which can then be used on a cert

commit beeced861039dcb4f2f378ed9efcb8ac71e766e4
Author: Mitali Rawat <mitali@cloudflare.com>
Date:   Wed Sep 16 13:37:58 2020 -0700

    Allowing CSR to take CRL url as input which can then be used on a certificate

commit ca392c0f5e00b59ca8a5e1f5863c757495e7b08a
Merge: efd6a76c ff9470e2
Author: Nicky Semenza <nicky@cloudflare.com>
Date:   Wed Sep 16 14:56:07 2020 -0700

    Merge pull request #1100 from gzzchh/patch-1

    typo fix of json

commit efd6a76c0b801ebf1baf1e198a986d20fa95a44b
Merge: 2916a1fa 1fb9b902
Author: Nicky Semenza <nicky@cloudflare.com>
Date:   Wed Sep 16 09:08:16 2020 -0700

    Merge pull request #1128 from huiyifyj/fix-typo

    Fix typo and go fmt this file

commit 1fb9b902d2323457031618a3ba50a75139680f0f
Author: huiyifyj <jxfengyijie@gmail.com>
Date:   Wed Sep 16 11:51:38 2020 +0800

    Fix typo and go fmt this file

commit a22fd94ab951d23c1f84195403ad443e14e22e6a
Author: John Bampton <jbampton@users.noreply.github.com>
Date:   Sat Jul 4 09:39:24 2020 +1000

    Fix spelling

commit 2916a1fa6bf37b6d7a672a9be7e734871e08039c
Merge: 6b49beae d3846318
Author: Ryan Carter <eiginn@users.noreply.github.com>
Date:   Wed Jun 10 16:32:06 2020 -0700

    Merge pull request #1111 from cpu/cpu-temp-fix-bundle-test

    bundler: temporarily remove `leafRSA3072` testcases.

commit 34885de9fe6d332f5aad675d582f3a1822a81e9d
Author: Daniel Wilson-Thomas <RocketPuppy@users.noreply.github.com>
Date:   Wed May 27 12:54:31 2020 -0400

    Document revocation parameter formats

commit d38463181f7363e3d4c4b046a031d0f4df4269db
Author: Daniel McCarney <daniel@binaryparadox.net>
Date:   Tue May 26 18:46:56 2020 -0400

    bundler: temporarily remove `leafRSA3072` testcases.

    The `leafRSA3072` test file, (`bundler/testdata/cfssl-leaf-rsa3072.pem`)
    expired and breaks tests. A proper fix would be to regenerate this test
    file but in the meantime removing the testcases fixes CI.

commit ff9470e2fbfe5a79d00088f88e67ea0b2b2c59d2
Author: CA_GA_64 <xjdzch@126.com>
Date:   Wed Apr 22 22:47:38 2020 +0800

    typo fix of json

commit 6b49beae21ff90a09aea3901741ef02b1057ee65
Author: DarkEdges <nirving.darkedges@darkedges.com>
Date:   Fri Mar 27 04:30:38 2020 +1100

    add copy_extensions configuration to local signer to allow  (#1082)

    * Added ability to copy Extensions from CSR

    * Added Profile to determine if the Signer should
    copy the extensions provided in the CSR across.

    * Added config test

    Co-authored-by: Nicholas Irving <nirving@darkedges.com>

commit f30ae6a1f0bacda4972528f0c5e70141cb658344
Author: Sofía Celi <claucece@users.noreply.github.com>
Date:   Thu Mar 26 11:27:25 2020 -0500

    Add go 1.14 to the CI (#1092)

    * Update mod

    * Include go 1.14 to CI

    * Update go to 1.14 in dockerfiles

commit abef926615f4d1d3afb7c3e6573158551ad7dd54
Author: Daniel McCarney <daniel@binaryparadox.net>
Date:   Tue Mar 24 18:52:41 2020 -0400

    local/signer: use zmap/zlint v2.0.0, add filtering. (#1080)

    This updates the CFSSL local signer ZLint pre-issuance linting
    integration to use v2.0.0.

    The existing signing profile configuration field "ignored_lints" is
    joined by a new field "ignored_lint_sources". This relies on features in
    the new 2.0.0 release and is useful for CAs that know certain classes of
    ZLint lints are never applicable (e.g. CABF EV guidelines, ETSI ESI,
    etc).

    Co-authored-by: Daniel <cpu@letsencrypt.org>

commit 7c8e5017d5eca62b5b635b5ed98daab18b0fca16
Author: Sofía Celi <claucece@users.noreply.github.com>
Date:   Mon Mar 23 16:05:07 2020 -0500

    Fix 'TestNewMutualTLSServer' test for go1.14 #1075 (#1091)

commit e9f28f7c74bf21d35565721a5eea349d35943398
Author: Chris Broglie <cbroglie@cloudflare.com>
Date:   Wed Mar 18 09:08:55 2020 -0700

    Replace pkg.cfssl.org with 'Packages' tab (#1050)

commit 44db4a7efa5989a423b7cfe452e656706e7a985d
Author: Sven Sauleau <github@sauleau.com>
Date:   Wed Mar 18 04:12:00 2020 +0000

    Cloud_f_lare (#1070)

commit f1bc990b9d4c86ae0c859ddeaad355036ffeb57a
Author: Thomas <tosie@users.noreply.github.com>
Date:   Wed Mar 18 05:11:12 2020 +0100

    Updated github.com/lib/pq to v1.3.0 (#1086)

commit e45ead24ff2d3a16f9c662d6f3b787176096049e
Author: Daniel McCarney <daniel@binaryparadox.net>
Date:   Tue Mar 17 18:15:04 2020 -0400

    deps: update /x/crypto, fix Go 1.13 test breakage. (#1081)

    * deps: update /x/crypto to 8b5121be2f68

    * helpers/derhelpers: split Go 1.12/1.13 impls.

    When using modern `golang.org/x/crypto/ed25519` on Go 1.13 the `x`
    library is a small wrapper around the stdlib version. The helper
    function needs to match on the stdlib type in this case.

    To maintain backwards compat with Go 1.12 the helper code is split by
    a build tag. The legacy code can use the `golang.org/x/crypto/ed25519`
    import while the new code can use the `crypto/ed25519` import.

    Co-authored-by: Daniel <cpu@letsencrypt.org>

commit 10ed8daa8bb427c5ac7d133c1b449476e76c954d
Author: Sofía Celi <claucece@users.noreply.github.com>
Date:   Tue Mar 17 16:39:50 2020 -0500

    Correctly check for different golang versions #1076 (#1083)

commit 87a2fe70720844802207b55cd96f7fedc5d833ed
Author: Jon Moroney <darakian@gmail.com>
Date:   Tue Feb 11 10:39:10 2020 -0800

    Ignore EC parameters when parsing private keys

commit 644917271238216c94866f021e2b24ce54555848
Merge: 828c23c2 4468af66
Author: Chris Broglie <cbroglie@cloudflare.com>
Date:   Tue Jan 21 12:38:48 2020 -0800

    Merge pull request #1073 from PeterLincsafe/master

    Fix readme still referencing deleted doc file

commit 4468af6609d0b0091c4f6340cbcdde341387e73f
Author: Peter Buijs <peter@lincsafe.com>
Date:   Tue Jan 21 13:18:01 2020 +0100

    Fix readme still referencing deleted doc file

commit 828c23c22cbca1f7632b9ba85174aaa26e745340
Merge: ebe01990 c7e13aec
Author: Chris Broglie <cbroglie@cloudflare.com>
Date:   Mon Dec 16 20:41:24 2019 -0800

    Merge pull request #1065 from linux-on-ibm-z/test-s390x-pr

    Add s390x support

commit c7e13aec684d881e995107198807295de5bef239
Author: Prasanna Kelkar <Prasanna.Kelkar@ibm.com>
Date:   Fri Dec 6 10:32:35 2019 +0530

    Add support for s390x in travis.yml

commit ebe01990a23a309186790f4f8402eec68028f148
Merge: 358fd07c 69fa54a3
Author: Chris Broglie <cbroglie@cloudflare.com>
Date:   Wed Nov 13 02:15:33 2019 -0800

    Merge pull request #1054 from dsix-work/musl-builds

    Build staticly with musl for better compatibility

commit 69fa54a3e275939077528092eb8b8a504d74088e
Author: David Six <david.six@flexential.com>
Date:   Mon Nov 11 13:06:08 2019 +0000

    Update goreleaser tag to musl version

commit 49924c4a02e6438269a5ef550953333daad898dd
Author: David Six <david.six@flexential.com>
Date:   Fri Nov 8 22:22:51 2019 +0000

    Build staticly with musl for better compatibility

commit 358fd07c64357b144621d8a700d67fdfbeb80899
Merge: 67aae946 acbed0af
Author: Chris Broglie <cbroglie@cloudflare.com>
Date:   Wed Nov 6 11:14:45 2019 -0800

    Merge pull request #1052 from cloudflare/cbroglie/pkg-deb-rpm

    Add make targets for building .deb and .rpm packages

commit acbed0afe20f978880b83aaaaa70132d592c28fe
Author: Christopher Broglie <cbroglie@cloudflare.com>
Date:   Tue Nov 5 22:00:32 2019 -0800

    Add make targets for building .deb and .rpm packages

commit 67aae9466f3559ce0ae1c2450336ed84c0a3bb8e
Merge: d9af611a 1bfc9462
Author: Chris Broglie <cbroglie@cloudflare.com>
Date:   Thu Oct 31 10:14:18 2019 -0700

    Merge pull request #966 from andrewheberle/patch-1

    Add missing sqlite import

commit d9af611a7824cabde35280a6f2964672650a96e7
Merge: 2318616c ce0e2949
Author: Chris Broglie <cbroglie@cloudflare.com>
Date:   Thu Oct 31 09:32:35 2019 -0700

    Merge pull request #1048 from cloudflare/cbroglie/goreleaser

    Support building/releasing binaries with goreleaser

commit ce0e2949afe2b929ca966d6d5010690a75a6ca85
Author: Christopher Broglie <cbroglie@cloudflare.com>
Date:   Wed Oct 30 19:36:54 2019 -0700

    Support building/releasing binaries with goreleaser

    Since this project requires cgo, the builds are performed in a
    container which includes the MinGW compiler (for Windows) and an OSX
    SDK.

commit 2318616c6faa8ced58522e59bb2acaab30b8478d
Merge: 40f4f514 9f1008dd
Author: Chris Broglie <cbroglie@cloudflare.com>
Date:   Wed Oct 30 15:11:19 2019 -0700

    Merge pull request #1047 from cloudflare/cbroglie/modules

    Migrate to Go modules

commit 9f1008ddb886243a959be9c66e048ed4e13be721
Author: Christopher Broglie <cbroglie@cloudflare.com>
Date:   Wed Oct 30 14:14:28 2019 -0700

    Drop the slow macOS build

    It takes forever in Travis, and we have enough folks developing on
    macOS so any regressions will be caught quickly.

commit ee731906980f0e89d124b8e56384733a1c6ed588
Author: Christopher Broglie <cbroglie@cloudflare.com>
Date:   Wed Oct 30 12:14:57 2019 -0700

    Migrate to Go modules

commit 40f4f514ff4fd6bf6fec99f1b25ec44dd1ad1241
Merge: 1a911ca1 ac360f21
Author: Chris Broglie <cbroglie@cloudflare.com>
Date:   Mon Oct 28 13:23:25 2019 -0700

    Merge pull request #1044 from cloudflare/cbroglie/selfsign

    Fix bug causing selfsign to ignore the default profile

commit ac360f21638790fd6fd6cc5fa6b4b18fa79cbe45
Author: Christopher Broglie <cbroglie@cloudflare.com>
Date:   Mon Oct 28 11:31:33 2019 -0700

    Fix bug causing selfsign to ignore the default profile

commit 1a911ca1b1d6e899bf97dcfa4a14b38db0d31134
Merge: b1ec8c58 27c56f6c
Author: Chris Broglie <cbroglie@cloudflare.com>
Date:   Wed Sep 11 15:19:28 2019 -0700

    Merge pull request #1030 from ashemedai/master

    Fix typo of genkey to gencsr

commit 27c56f6c15cc70d8f44ab6664f681e4b62664c66
Author: Jeroen Ruigrok van der Werven <asmodai@in-nomine.org>
Date:   Tue Aug 13 16:27:23 2019 +0200

    Fix typo of genkey to gencsr

commit b1ec8c586c2aa3ec3eaf4a622933f169cfa5648b
Merge: d4e85528 df5c37b0
Author: Chris Broglie <cbroglie@cloudflare.com>
Date:   Wed Aug 7 18:16:37 2019 -0700

    Merge pull request #1025 from cpu/cpu-bump-zlint-dep

    Gopkg: update zlint/zcrypto to latest.

commit df5c37b0aa5db6a2bed60324f65f2bfc35f8d213
Author: Daniel <cpu@letsencrypt.org>
Date:   Wed Aug 7 14:23:19 2019 -0400

    review: fix local signer TestLint unit test.

    The upstream `zlint` project removed the `w_serial_number_low_entropy`
    lint and so the `TestLint` function needed to be updated accordingly.

commit aa3425363ca8eb49da2afe0601d049d6fb2ad929
Merge: db143166 d4e85528
Author: Daniel <cpu@letsencrypt.org>
Date:   Wed Aug 7 14:12:47 2019 -0400

    Merge remote-tracking branch 'cf/master' into cpu-bump-zlint-dep

commit d4e85528af85aba17223fcb2caf207d57293730a
Merge: 633726f6 0338350c
Author: Chris Broglie <cbroglie@cloudflare.com>
Date:   Wed Aug 7 11:11:14 2019 -0700

    Merge pull request #1027 from cpu/cpu-go-one-dot-twelve-plus

    project: require Go 1.12.x

commit 0338350c7e690613d92816e7ef89e68e27171c0c
Author: Daniel <cpu@letsencrypt.org>
Date:   Wed Aug 7 13:43:58 2019 -0400

    project: require Go 1.12.x

    Dependencies are starting to require Go 1.12.x, Go 1.13 is near ready,
    and the project maintainers are comfortable dropping support for 1.11.x.

commit db1431664129eebf4d121e3889ff14445fc43701
Author: Daniel <cpu@letsencrypt.org>
Date:   Tue Aug 6 13:37:18 2019 -0400

    Gopkg: update zlint/zcrypto to latest.

    There was a slight bug with adding a `zlint.lints.LintStatus`
    field to the CFSSL signer config object: Prior to zlint commit 9971d62
    this type could only be marshaled to JSON, but not unmarshaled.

    As a result if you marshal a CFSSL config (with or without setting the
    new `LintErrLevel` field) then unmarshaling it produces an error like:

    ```
    Failed to create CA: {"code":5200,"message":"failed to unmarshal
    configuration: json: cannot unmarshal string into Go struct field
    SigningProfile.lint_error_level of type lints.LintStatus"}
    ```

    Updating to `github.com/zmap/zlint` >= 9971d62 resolves the problem.

commit 633726f6bcb7574626ae05ae72ca3c8dbc51810f
Merge: 5fc50ce7 c4ed0e46
Author: Chris Broglie <cbroglie@cloudflare.com>
Date:   Thu Jul 25 17:06:31 2019 -0700

    Merge pull request #1022 from QuLogic/log-format

    Fix formatted logging calls.

commit c4ed0e46dc584377df6f18daee78ad37d4993bc8
Author: Elliott Sales de Andrade <quantum.analyst@gmail.com>
Date:   Thu Jul 25 19:47:42 2019 -0400

    Fix formatted logging calls.

    These pass format strings, but don't call the formatting version of the
    function.

commit 5fc50ce768d7c06f5dd84c7b5f83252ac05602c0
Merge: 6abac05f 2185c182
Author: Chris Broglie <cbroglie@cloudflare.com>
Date:   Mon Jul 15 17:59:13 2019 -0700

    Merge pull request #1018 from cloudflare/cbroglie/1.3.4

    Release 1.3.4

commit 2185c182e6bad3bf99f55ca6f6af0027124c112d
Author: Christopher Broglie <cbroglie@cloudflare.com>
Date:   Mon Jul 15 17:42:20 2019 -0700

    Release 1.3.4

commit 6abac05fccc688161be1e75d48791d31e347aa1b
Merge: 2001f384 a4b817c6
Author: Chris Broglie <cbroglie@cloudflare.com>
Date:   Mon Jul 15 17:15:03 2019 -0700

    Merge pull request #1015 from cpu/cpu-add-a-lint-trap

    local signer: pre-issuance linting support with zlint.

commit a4b817c681805f0131a1728e27addad3c42c6cb8
Author: Daniel <cpu@letsencrypt.org>
Date:   Mon Jul 15 09:51:14 2019 -0400

    review: use lints.LintStatus, not int.

commit 0434ea05422c409cd0b3ab12bdc2ae0aa3b5adeb
Author: Daniel <cpu@letsencrypt.org>
Date:   Fri Jun 28 14:55:27 2019 -0400

    local: lint tbs certificates with zlint.

commit 66f7d5d783cff90dd1b3b8306bd5c5e920e59ef2
Author: Daniel <cpu@letsencrypt.org>
Date:   Fri Jun 28 12:42:27 2019 -0400

    local: generate lintPriv key when required by profiles.

commit 787a454ef67bf11b3fb2952e0115a0dacac44bd6
Author: Daniel <cpu@letsencrypt.org>
Date:   Fri Jun 28 12:28:27 2019 -0400

    config: populate an ignored lints map

commit f02ee2f1150405da0c202b0c8a7c1b61762c55cc
Author: Daniel <cpu@letsencrypt.org>
Date:   Fri Jun 28 11:46:13 2019 -0400

    config: add linting fields to signing profile config

commit 797ea50c6819e9fc3905007e03600b9c9c131a06
Author: Daniel <cpu@letsencrypt.org>
Date:   Fri Jun 28 11:03:15 2019 -0400

    dep: add and vendor github.com/zmap/zlint dependency.

commit 2001f384ec4fea8e6e648cd89d07bda9bd7568c1
Merge: 21cbcb0d acf90ad9
Autho…
  • Loading branch information
Somsak Meesangpetch committed Jun 1, 2023
1 parent 7414261 commit 4b2b3a0
Show file tree
Hide file tree
Showing 2 changed files with 190 additions and 80 deletions.
132 changes: 93 additions & 39 deletions csr/csr.go
Original file line number Diff line number Diff line change
Expand Up @@ -12,8 +12,11 @@ import (
"encoding/asn1"
"encoding/pem"
"errors"
"fmt"
"net"
"net/mail"
"net/url"
"strconv"
"strings"

cferr "github.com/cloudflare/cfssl/errors"
Expand All @@ -29,46 +32,40 @@ const (

// A Name contains the SubjectInfo fields.
type Name struct {
C string // Country
ST string // State
L string // Locality
O string // OrganisationName
OU string // OrganisationalUnitName
SerialNumber string
C string `json:"C,omitempty" yaml:"C,omitempty"` // Country
ST string `json:"ST,omitempty" yaml:"ST,omitempty"` // State
L string `json:"L,omitempty" yaml:"L,omitempty"` // Locality
O string `json:"O,omitempty" yaml:"O,omitempty"` // OrganisationName
OU string `json:"OU,omitempty" yaml:"OU,omitempty"` // OrganisationalUnitName
E string `json:"E,omitempty" yaml:"E,omitempty"`
SerialNumber string `json:"SerialNumber,omitempty" yaml:"SerialNumber,omitempty"`
OID map[string]string `json:"OID,omitempty", yaml:"OID,omitempty"`
}

// A KeyRequest is a generic request for a new key.
type KeyRequest interface {
Algo() string
Size() int
Generate() (crypto.PrivateKey, error)
SigAlgo() x509.SignatureAlgorithm
}

// A BasicKeyRequest contains the algorithm and key size for a new private key.
type BasicKeyRequest struct {
// A KeyRequest contains the algorithm and key size for a new private key.
type KeyRequest struct {
A string `json:"algo" yaml:"algo"`
S int `json:"size" yaml:"size"`
}

// NewBasicKeyRequest returns a default BasicKeyRequest.
func NewBasicKeyRequest() *BasicKeyRequest {
return &BasicKeyRequest{"ecdsa", curveP256}
// NewKeyRequest returns a default KeyRequest.
func NewKeyRequest() *KeyRequest {
return &KeyRequest{"ecdsa", curveP256}
}

// Algo returns the requested key algorithm represented as a string.
func (kr *BasicKeyRequest) Algo() string {
func (kr *KeyRequest) Algo() string {
return kr.A
}

// Size returns the requested key size.
func (kr *BasicKeyRequest) Size() int {
func (kr *KeyRequest) Size() int {
return kr.S
}

// Generate generates a key as specified in the request. Currently,
// only ECDSA and RSA are supported.
func (kr *BasicKeyRequest) Generate() (crypto.PrivateKey, error) {
func (kr *KeyRequest) Generate() (crypto.PrivateKey, error) {
log.Debugf("generate key from request: algo=%s, size=%d", kr.Algo(), kr.Size())
switch kr.Algo() {
case "rsa":
Expand Down Expand Up @@ -99,7 +96,7 @@ func (kr *BasicKeyRequest) Generate() (crypto.PrivateKey, error) {

// SigAlgo returns an appropriate X.509 signature algorithm given the
// key request's type and size.
func (kr *BasicKeyRequest) SigAlgo() x509.SignatureAlgorithm {
func (kr *KeyRequest) SigAlgo() x509.SignatureAlgorithm {
switch kr.Algo() {
case "rsa":
switch {
Expand Down Expand Up @@ -139,20 +136,22 @@ type CAConfig struct {
// A CertificateRequest encapsulates the API interface to the
// certificate request functionality.
type CertificateRequest struct {
CN string
Names []Name `json:"names" yaml:"names"`
Hosts []string `json:"hosts" yaml:"hosts"`
KeyRequest KeyRequest `json:"key,omitempty" yaml:"key,omitempty"`
CA *CAConfig `json:"ca,omitempty" yaml:"ca,omitempty"`
SerialNumber string `json:"serialnumber,omitempty" yaml:"serialnumber,omitempty"`
Extensions []pkix.Extension `json:"extensions,omitempty" yaml:"extensions,omitempty"`
CN string `json:"CN" yaml:"CN"`
Names []Name `json:"names" yaml:"names"`
Hosts []string `json:"hosts" yaml:"hosts"`
KeyRequest *KeyRequest `json:"key,omitempty" yaml:"key,omitempty"`
CA *CAConfig `json:"ca,omitempty" yaml:"ca,omitempty"`
SerialNumber string `json:"serialnumber,omitempty" yaml:"serialnumber,omitempty"`
DelegationEnabled bool `json:"delegation_enabled,omitempty" yaml:"delegation_enabled,omitempty"`
Extensions []pkix.Extension `json:"extensions,omitempty" yaml:"extensions,omitempty"`
CRL string `json:"crl_url,omitempty" yaml:"crl_url,omitempty"`
}

// New returns a new, empty CertificateRequest with a
// BasicKeyRequest.
// KeyRequest.
func New() *CertificateRequest {
return &CertificateRequest{
KeyRequest: NewBasicKeyRequest(),
KeyRequest: NewKeyRequest(),
}
}

Expand All @@ -163,8 +162,25 @@ func appendIf(s string, a *[]string) {
}
}

// OIDFromString creates an ASN1 ObjectIdentifier from its string representation
func OIDFromString(s string) (asn1.ObjectIdentifier, error) {
var oid []int
parts := strings.Split(s, ".")
if len(parts) < 1 {
return oid, fmt.Errorf("invalid OID string: %s", s)
}
for _, p := range parts {
i, err := strconv.Atoi(p)
if err != nil {
return nil, fmt.Errorf("invalid OID part %s", p)
}
oid = append(oid, i)
}
return oid, nil
}

// Name returns the PKIX name for the request.
func (cr *CertificateRequest) Name() pkix.Name {
func (cr *CertificateRequest) Name() (pkix.Name, error) {
var name pkix.Name
name.CommonName = cr.CN

Expand All @@ -174,9 +190,19 @@ func (cr *CertificateRequest) Name() pkix.Name {
appendIf(n.L, &name.Locality)
appendIf(n.O, &name.Organization)
appendIf(n.OU, &name.OrganizationalUnit)
for k, v := range n.OID {
oid, err := OIDFromString(k)
if err != nil {
return name, err
}
name.ExtraNames = append(name.ExtraNames, pkix.AttributeTypeAndValue{Type: oid, Value: v})
}
if n.E != "" {
name.ExtraNames = append(name.ExtraNames, pkix.AttributeTypeAndValue{Type: asn1.ObjectIdentifier{1, 2, 840, 113549, 1, 9, 1}, Value: n.E})
}
}
name.SerialNumber = cr.SerialNumber
return name
return name, nil
}

// BasicConstraints CSR information RFC 5280, 4.2.1.9
Expand All @@ -194,7 +220,7 @@ type BasicConstraints struct {
func ParseRequest(req *CertificateRequest) (csr, key []byte, err error) {
log.Info("received CSR")
if req.KeyRequest == nil {
req.KeyRequest = NewBasicKeyRequest()
req.KeyRequest = NewKeyRequest()
}

log.Infof("generating key: %s-%d", req.KeyRequest.Algo(), req.KeyRequest.Size())
Expand Down Expand Up @@ -269,14 +295,17 @@ func getHosts(cert *x509.Certificate) []string {
for _, email := range cert.EmailAddresses {
hosts = append(hosts, email)
}
for _, uri := range cert.URIs {
hosts = append(hosts, uri.String())
}

return hosts
}

// getNames returns an array of Names from the certificate
// It onnly cares about Country, Organization, OrganizationalUnit, Locality, Province
// It only cares about Country, Organization, OrganizationalUnit, Locality, Province
func getNames(sub pkix.Name) []Name {
// anonymous func for finding the max of a list of interger
// anonymous func for finding the max of a list of integer
max := func(v1 int, vn ...int) (max int) {
max = v1
for i := 0; i < len(vn); i++ {
Expand Down Expand Up @@ -370,8 +399,13 @@ func Generate(priv crypto.Signer, req *CertificateRequest) (csr []byte, err erro
return nil, cferr.New(cferr.PrivateKeyError, cferr.Unavailable)
}

subj, err := req.Name()
if err != nil {
return nil, err
}

var tpl = x509.CertificateRequest{
Subject: req.Name(),
Subject: subj,
SignatureAlgorithm: sigAlgo,
}

Expand All @@ -380,11 +414,15 @@ func Generate(priv crypto.Signer, req *CertificateRequest) (csr []byte, err erro
tpl.IPAddresses = append(tpl.IPAddresses, ip)
} else if email, err := mail.ParseAddress(req.Hosts[i]); err == nil && email != nil {
tpl.EmailAddresses = append(tpl.EmailAddresses, email.Address)
} else if uri, err := url.ParseRequestURI(req.Hosts[i]); err == nil && uri != nil {
tpl.URIs = append(tpl.URIs, uri)
} else {
tpl.DNSNames = append(tpl.DNSNames, req.Hosts[i])
}
}

tpl.ExtraExtensions = []pkix.Extension{}

if req.CA != nil {
err = appendCAInfoToCSR(req.CA, &tpl)
if err != nil {
Expand All @@ -393,8 +431,16 @@ func Generate(priv crypto.Signer, req *CertificateRequest) (csr []byte, err erro
}
}

if req.DelegationEnabled {
tpl.ExtraExtensions = append(tpl.Extensions, helpers.DelegationExtension)
}

if req.Extensions != nil {
tpl.ExtraExtensions = append(tpl.ExtraExtensions, req.Extensions...)
err = appendExtensionsToCSR(req.Extensions, &tpl)
if err != nil {
err = cferr.Wrap(cferr.CSRError, cferr.GenerationFailed, err)
return
}
}

csr, err = x509.CreateCertificateRequest(rand.Reader, &tpl, priv)
Expand Down Expand Up @@ -433,3 +479,11 @@ func appendCAInfoToCSR(reqConf *CAConfig, csr *x509.CertificateRequest) error {

return nil
}

// appendCAInfoToCSR appends user-defined extension to a CSR
func appendExtensionsToCSR(extensions []pkix.Extension, csr *x509.CertificateRequest) error {
for _, extension := range extensions {
csr.ExtraExtensions = append(csr.ExtraExtensions, extension)
}
return nil
}
Loading

0 comments on commit 4b2b3a0

Please sign in to comment.