boulder

History

Aaron Gable ad699af3d4 Add CRL capabilities to issuance package (#7300 ) Move the CRL issuance logic -- building an x509.RevocationList template, populating it with correctly-built extensions, linting it, and actually signing it -- out of the //ca package and into the //issuance package. This means that the CA's CRL code no longer needs to be able to reach inside the issuance package to access its issuers and certificates (and those fields will be able to be made private after the same is done for OCSP issuance). Additionally, improve the configuration of CRL issuance, create additional checks on CRL's ThisUpdate and NextUpdate fields, and make it possible for a CRL to contain two IssuingDistributionPoint URIs so that we can migrate to shorter addresses. IN-10045 tracks the corresponding production changes. Fixes https://github.com/letsencrypt/boulder/issues/7159 Part of https://github.com/letsencrypt/boulder/issues/7296 Part of https://github.com/letsencrypt/boulder/issues/7294 Part of https://github.com/letsencrypt/boulder/issues/7094 Part of https://github.com/letsencrypt/boulder/issues/7100	2024-02-13 09:13:36 -08:00
..
checker.go	Unfork crl x509 (#7078 )	2023-09-15 20:25:13 -07:00
checker_test.go	Add CRL capabilities to issuance package (#7300 )	2024-02-13 09:13:36 -08:00

Add CRL capabilities to issuance package (#7300 )

Move the CRL issuance logic -- building an x509.RevocationList template,
populating it with correctly-built extensions, linting it, and actually
signing it -- out of the //ca package and into the //issuance package.
This means that the CA's CRL code no longer needs to be able to reach
inside the issuance package to access its issuers and certificates (and
those fields will be able to be made private after the same is done for
OCSP issuance).

Additionally, improve the configuration of CRL issuance, create
additional checks on CRL's ThisUpdate and NextUpdate fields, and make it
possible for a CRL to contain two IssuingDistributionPoint URIs so that
we can migrate to shorter addresses.

IN-10045 tracks the corresponding production changes.

Fixes https://github.com/letsencrypt/boulder/issues/7159
Part of https://github.com/letsencrypt/boulder/issues/7296
Part of https://github.com/letsencrypt/boulder/issues/7294
Part of https://github.com/letsencrypt/boulder/issues/7094
Part of https://github.com/letsencrypt/boulder/issues/7100

2024-02-13 09:13:36 -08:00

checker.go

Unfork crl x509 (#7078 )

2023-09-15 20:25:13 -07:00

checker_test.go

Add CRL capabilities to issuance package (#7300 )

2024-02-13 09:13:36 -08:00