boulder/linter/lints/rfc
Jacob Hoffman-Andrews 97828d82db
ca: Create "OmitOCSP" profile config option (#8103)
Add a new config field for profiles which causes the profile to omit the
AIA OCSP URI. It can only be omitted if the CRLDP extension is
configured to be included instead. Enable this flag in config-next.

When a certificate is revoked, if it does not have an AIA OCSP URI,
don't bother with an Akamai OCSP purge.

Builds on #8089

Most of the changes in this PR relate to tests. Different from #8089, I
chose to keep testing of OCSP in the config-next world. This is because
we intend to keep operating OCSP even after we have stopped including it
in new certificates. So we should test it in as many environments as
possible.

Adds a WithURLFallback option to ocsp_helper. When
`ocsp_helper.ReqDer()` is called for a certificate with no OCSP URI, it
will query the fallback URL instead. As before, if the certificate has
an OCSP URI ocsp_helper will use that. Use that for all places in the
integration tests that call ocsp_helper.
2025-04-09 11:46:58 -07:00
..
testdata Use zlint to check our CRLs (#6972) 2023-07-11 15:39:05 -07:00
lint_cert_via_pkimetal.go ca: Create "OmitOCSP" profile config option (#8103) 2025-04-09 11:46:58 -07:00
lint_crl_has_aki.go Use zlint to check our CRLs (#6972) 2023-07-11 15:39:05 -07:00
lint_crl_has_aki_test.go Use zlint to check our CRLs (#6972) 2023-07-11 15:39:05 -07:00
lint_crl_has_issuer_name.go Use zlint to check our CRLs (#6972) 2023-07-11 15:39:05 -07:00
lint_crl_has_issuer_name_test.go Use zlint to check our CRLs (#6972) 2023-07-11 15:39:05 -07:00
lint_crl_has_number.go Use zlint to check our CRLs (#6972) 2023-07-11 15:39:05 -07:00
lint_crl_has_number_test.go Use zlint to check our CRLs (#6972) 2023-07-11 15:39:05 -07:00
lint_crl_has_valid_timestamps.go Use zlint to check our CRLs (#6972) 2023-07-11 15:39:05 -07:00
lint_crl_has_valid_timestamps_test.go Use zlint to check our CRLs (#6972) 2023-07-11 15:39:05 -07:00
lint_crl_no_empty_revoked_certificates_list.go Unfork crl x509 (#7078) 2023-09-15 20:25:13 -07:00
lint_crl_no_empty_revoked_certificates_list_test.go Use zlint to check our CRLs (#6972) 2023-07-11 15:39:05 -07:00
lint_crl_via_pkimetal.go Use PKIMetal to lint CRLs in CI (#8061) 2025-03-14 16:28:56 -07:00