letsencrypt
/
boulder
mirror of https://github.com/letsencrypt/boulder.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

crl: Improve crlNumber and thisUpdate comparison (#8037) 

Fixes https://github.com/letsencrypt/boulder/issues/8036
This commit is contained in:
Aaron Gable 2025-03-06 10:01:03 -06:00 committed by GitHub
parent a00821ada6
commit 1a3f898e7e
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
1 changed files with 2 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
crl/checker/checker.go
View File

@ -59,11 +59,11 @@ func Diff(old, new *x509.RevocationList) (*diffResult, error) {
return nil, fmt.Errorf("CRLs were not issued by same issuer") return nil, fmt.Errorf("CRLs were not issued by same issuer")
} }
if !old.ThisUpdate.Before(new.ThisUpdate) { if old.Number.Cmp(new.Number) >= 0 {
return nil, fmt.Errorf("old CRL does not precede new CRL") return nil, fmt.Errorf("old CRL does not precede new CRL")
} }
if old.Number.Cmp(new.Number) >= 0 { if new.ThisUpdate.Before(old.ThisUpdate) {
return nil, fmt.Errorf("old CRL does not precede new CRL") return nil, fmt.Errorf("old CRL does not precede new CRL")
} }