0a22f83c0b
Completely refactor the way we organize our code related to OCSP. - Move it all into one `//ocsp/` package, rather than having multiple top-level packages. - Merge the OCSP updater's config sub-package with its parent (since it isn't necessary to break it out to avoid cyclic imports). - Remove all `Source` logic from ocsp-responder's `main.go`, because it was difficult to mentally trace the control flow there. - Replace that logic with a set of composable `Source`s in the `//ocsp/responder/` package, each of which is good at just one thing. - Update the way the filters work to make sure that the request's `IssuerKeyHash` and the response's `ResponderName` can both be derived from the same issuer certificate, ensuring that the req and resp are correctly matched. - Split the metrics into a separate metric for each `Source`, so we can tell what all of them are doing, not just aggregate behavior. - Split the tests into individual files for each `Source`, and update them for the new public interfaces. |
||
|---|---|---|
| .. | ||
| LICENSE | ||
| ocsp.req | ||
| ocsp.resp | ||
| resp64.pem | ||
| response.der | ||
| response_broken.pem | ||
| response_mix.pem | ||
| test-ca.der.pem | ||