Documentation
¶
Index ¶
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
type Config ¶
type Config struct {
CA struct {
cmd.ServiceConfig
cmd.HostnamePolicyConfig
GRPCCA *cmd.GRPCServerConfig
SAService *cmd.GRPCClientConfig
SCTService *cmd.GRPCClientConfig
// Issuance contains all information necessary to load and initialize issuers.
Issuance struct {
// The name of the certificate profile to use if one wasn't provided
// by the RA during NewOrder and Finalize requests. Must match a
// configured certificate profile or boulder-ca will fail to start.
//
// Deprecated: set the defaultProfileName in the RA config instead.
DefaultCertificateProfileName string `validate:"omitempty,alphanum,min=1,max=32"`
// One of the profile names must match the value of ra.defaultProfileName
// or large amounts of issuance will fail.
CertProfiles map[string]issuance.ProfileConfig `validate:"required,dive,keys,alphanum,min=1,max=32,endkeys"`
// TODO(#7159): Make this required once all live configs are using it.
CRLProfile issuance.CRLProfileConfig `validate:"-"`
Issuers []issuance.IssuerConfig `validate:"min=1,dive"`
}
// What digits we should prepend to serials after randomly generating them.
// Deprecated: Use SerialPrefixHex instead.
SerialPrefix int `validate:"required_without=SerialPrefixHex,omitempty,min=1,max=127"`
// SerialPrefixHex is the hex string to prepend to serials after randomly
// generating them. The minimum value is "01" to ensure that at least
// one bit in the prefix byte is set. The maximum value is "7f" to
// ensure that the first bit in the prefix byte is not set. The validate
// library cannot enforce mix/max values on strings, so that is done in
// NewCertificateAuthorityImpl.
//
// TODO(#7213): Replace `required_without` with `required` when SerialPrefix is removed.
SerialPrefixHex string `validate:"required_without=SerialPrefix,omitempty,hexadecimal,len=2"`
// MaxNames is the maximum number of subjectAltNames in a single cert.
// The value supplied MUST be greater than 0 and no more than 100. These
// limits are per section 7.1 of our combined CP/CPS, under "DV-SSL
// Subscriber Certificate". The value must match the RA and WFE
// configurations.
MaxNames int `validate:"required,min=1,max=100"`
// GoodKey is an embedded config stanza for the goodkey library.
GoodKey goodkey.Config
// Maximum length (in bytes) of a line documenting the signing of a CRL.
// The name is a carryover from when this config was shared between both
// OCSP and CRL audit log emission. Recommended to be around 4000.
OCSPLogMaxLength int
// CTLogListFile is the path to a JSON file on disk containing the set of
// all logs trusted by Chrome. The file must match the v3 log list schema:
// https://www.gstatic.com/ct/log_list/v3/log_list_schema.json
CTLogListFile string
// CTIncludeTestLogs allows logs marked as "test" to be included in the
// CT log list used for linting. This should be enabled in environments
// configured to submit SCTs to test logs.
CTIncludeTestLogs bool
// DisableCertService causes the CertificateAuthority gRPC service to not
// start, preventing any certificates or precertificates from being issued.
DisableCertService bool
// DisableCRLService causes the CRLGenerator gRPC service to not start,
// preventing any CRLs from being issued.
DisableCRLService bool
Features features.Config
}
PA cmd.PAConfig
Syslog cmd.SyslogConfig
OpenTelemetry cmd.OpenTelemetryConfig
}
Source Files
Click to show internal directories.
Click to hide internal directories.