Bump CFSSL

[dperny]

to the tune of "There Was and Old Lady Who Swallowed a Fly"

There was a go update that broke the build
I don't know why it broke the build
I am not thrilled

There was go update that bumped certificate-transparency
How about that errancy, bump certifcate-transparency
It bumped certificate transparency to fix the build
I don't know why it broke the build
I am not thrilled

There was a go update that bumped cfssl
Vendoring hell, CFSSL.
It bumped CFSSL to fix certificate-transparency
How about that errancy, bump certificate-transparency
It bumped certificate transparency to fix the build
I don't know why it broke the build
I am not thrilled.

There was a go update that bumped golang.org/x/crypto
What is this limbo, breaking golang.org/x/crypto
It bumped golang/x/crypto to fix CFSSL
It bumped CFSSL to fix certificate-transparency
How about that errancy, bump certificate-transparency
It bumped certificate transparency to fix the build
I don't know why it broke the build
I am not thrilled.

A change in golang 1.10 broke github.com/google/certificate-transparency on OSX, which needed to be bumped. But github.com/google/certificate-transparency got changed to github.com/google/certificate-transparency-go, which means we needed to bump github.com/cloudlflare/cfssl (which depends on certificate-transparency). However, bumping CFSSL added a dependency on a newer version of golang.org/x/crypto, so I bumped that too.

This will probably also require bumping all of the relevant vendoring downstream as well.

/cc @thaJeztah

[dperny]

Also /cc @cyli, because I do not know what affect this update has on cryptoland.

[cyli]

+1 for lyrics

I think these changes were also in https://github.com/docker/swarmkit/pull/2631/files#diff-4061fcef378a6d912e14e2ce162a1995. I'm happy to merge this separately though as this will make that PR a bit smaller, and that PR is blocked on some GRPC changes we need to make to our code anyway.

Tests locally pass in go 1.10.x. LGTM pending CI.

A lot of the updates to CFSSL were updates to their vendoring, building, etc. pipeline, updates to correspond to new versions of go, etc. There were some CLI changes, and some fixes for OCSP which we do not use.

As for golang/x/crypto - the changes that affect us are mainly nacl/secretbox/salsa20 and were comments and an out of bounds fix

[codecov]

Codecov Report

Merging #2644 into master will decrease coverage by 0.02%.
The diff coverage is n/a.

@@            Coverage Diff             @@
##           master    #2644      +/-   ##
==========================================
- Coverage   61.96%   61.93%   -0.03%     
==========================================
  Files         134      134              
  Lines       21823    21823              
==========================================
- Hits        13522    13517       -5     
+ Misses       6856     6851       -5     
- Partials     1445     1455      +10

[thaJeztah]

LGTM if CI is happy

Thanks for the lyrics 🤘