boulder

History

Aaron Gable c0e31f9a4f Add integration test for when CRL entries are removed (#8084 ) We already have an integration test showing that a serial does not show up on any CRL before its certificate has been revoked, and does show up afterwards. Extend that test to cover three new times: - shortly before the certificate expires, when the entry must still appear; - shortly after the certificate expires, when the entry must still appear; and - significantly after the certificate expires, when the entry may be removed. To facilitate this, augment the s3-test-srv with a new reset endpoint, so that the integration test can query the contents of only the most-recently-generated set of CRLs. I have confirmed that the new integration test fails with https://github.com/letsencrypt/boulder/pull/8072 reverted. Fixes https://github.com/letsencrypt/boulder/issues/8083	2025-03-31 09:07:41 -07:00
..
main.go	Add integration test for when CRL entries are removed (#8084 )	2025-03-31 09:07:41 -07:00

Add integration test for when CRL entries are removed (#8084 )

We already have an integration test showing that a serial does not show
up on any CRL before its certificate has been revoked, and does show up
afterwards. Extend that test to cover three new times:
- shortly before the certificate expires, when the entry must still
appear;
- shortly after the certificate expires, when the entry must still
appear; and
- significantly after the certificate expires, when the entry may be
removed.

To facilitate this, augment the s3-test-srv with a new reset endpoint,
so that the integration test can query the contents of only the
most-recently-generated set of CRLs.

I have confirmed that the new integration test fails with
https://github.com/letsencrypt/boulder/pull/8072 reverted.

Fixes https://github.com/letsencrypt/boulder/issues/8083

2025-03-31 09:07:41 -07:00

main.go

Add integration test for when CRL entries are removed (#8084 )

2025-03-31 09:07:41 -07:00