letsencrypt
/
boulder
mirror of https://github.com/letsencrypt/boulder.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Fix new CRL IDP construction to avoid double slash (#7402)

This commit is contained in:
Aaron Gable 2024-04-01 12:55:30 -07:00 committed by GitHub
parent bce14e56f6
commit 28bf76e4ce
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
2 changed files with 9 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
issuance/crl.go
View File

@ -84,7 +84,9 @@ func (i *Issuer) IssueCRL(prof *CRLProfile, req *CRLRequest) ([]byte, error) {
var idps []string
if i.crlURLBase != "" {
idps = append(idps, fmt.Sprintf("%s/%d.crl", i.crlURLBase, req.Shard))
// Concat the base with the shard directly, since we require that the base
// end with a single trailing slash.
idps = append(idps, fmt.Sprintf("%s%d.crl", i.crlURLBase, req.Shard))
}
if req.DeprecatedIDPBaseURL != "" {
// TODO(#7296): Remove this fallback once CCADB and all non-expired certs

6
issuance/crl_test.go
View File

@ -10,6 +10,7 @@ import (
"github.com/zmap/zlint/v3/lint"
"github.com/letsencrypt/boulder/config"
"github.com/letsencrypt/boulder/crl/idp"
"github.com/letsencrypt/boulder/test"
)
@ -139,6 +140,11 @@ func TestIssueCRL(t *testing.T) {
test.AssertEquals(t, parsedRes.NextUpdate, expectUpdate)
test.AssertEquals(t, len(parsedRes.Extensions), 3)
idps, err := idp.GetIDPURIs(parsedRes.Extensions)
test.AssertNotError(t, err, "getting IDP URIs from test CRL")
test.AssertEquals(t, idps[0], "http://crl-url.example.org/100.crl")
test.AssertEquals(t, idps[1], "http://old.crl.url/0/100.crl")
req = defaultRequest
req.DeprecatedIDPBaseURL = ""
issuer.crlURLBase = ""