-
Notifications
You must be signed in to change notification settings - Fork 40
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
generate_nmc_cert: rebase against Go 1.8.3 standard library. #54
generate_nmc_cert: rebase against Go 1.8.3 standard library. #54
Conversation
…iting merges from upstream Go stdlib substantially easier.
Note that I'm NACKing the |
In Go stdlib, RSA2048 is used by default. RSA support was removed in our fork, but we neglected to set a default ECDSA curve, so the user had to choose a curve. P256 is recommended by the Go devs and by us, so it seems to be a reasonable default.
This is because following its recommendations would produce unnecessary noise in the diff against upstream.
No idea why the last 2 Travis builds stalled out; triggered a rebuild on Travis in the hope that it was a temporary issue that's fixed now. |
Ready for review, I think it's mergeable. (I've verified that the cert rehydrates to the same DER encoding as the original; I haven't actually tried putting the generated cert+key into Nginx or anything like that.) |
Please remove commented code. |
@hlandau The commented code is deliberate; it makes it more straightforward to rebase against future Go versions. Given that I'm the one who will probably be doing those future rebases, I request that the commented code stay intact. |
@hlandau Is this okay to merge? |
This is for the same reason that gofmt is disabled.
ACK 986772b |
986772b generate_nmc_cert: disable goimports linter. (JeremyRand) fb709df generate_nmc_cert: Use more standard imports order. (JeremyRand) cee2b18 generate_nmc_cert: Disable gofmt linter. (JeremyRand) fca636d generate_nmc_cert: Use P256 curve by default. (JeremyRand) 7263b7a generate_nmc_cert: split falsehost into its own file, which makes auditing merges from upstream Go stdlib substantially easier. (JeremyRand) deea55b generate_nmc_cert: rebase against Go 1.8.3 standard library. (JeremyRand) Pull request description: ~~Not yet tested; feel free to review/test but do not merge.~~ Ready for review, I think it's mergeable. Tree-SHA512: 18fab3d3a335f742d021f6b516681a4e3cc2320443b647d12c52bb3726d8e3c2281e2314ab4014b934eaa93329feb891e02768ff5059acf8bce587f7b901b29a
9496034 Travis: disable gofmt linter. (JeremyRand) 99cb7d9 Travis: enable goimports static analyzer as critical. (JeremyRand) Pull request description: Depends on #54 and #77 . Should be mergeable after those are merged, assuming Travis passes at that point. Tree-SHA512: 174fc0d5b0bd5734703d4e97d04d70389883071fec41436ef6a93b543e449032db8faab2ab0a3b287a3c180504e3a2e64d446c613cc4643016c90e13a4744c7a
Not yet tested; feel free to review/test but do not merge.Ready for review, I think it's mergeable.