boulder

History

Aaron Gable 0f0c3e1432 Add issuer label to ocsp_filter_responses metric (#7546 ) Add a new "issuer" label to the ocsp-responder's ocsp_filter_responses metric. This allows the count of responses served by ocsp-responder to be broken down by which intermediate issued the certificate (and OCSP response) in question. This approach has the benefit of being minimal. The filterSource is the only place within ocsp-responder that actually has knowledge of which intermediate issued the certificate/ocsp response. The HTTP-handling code above filterSource and the other redis and live-signing sources below filterSource have no knowledge of the set of issuing intermediates. They operate solely on the serial, because we guarantee that our serials are unique across all issuers. So adding the metric label here means that we don't have to make any other ocsp-responder code aware of the issuers. However, this approach has the cost of being somewhat surprising. Every source has a `counter` metric with a "result" label; adding this "issuer" label makes the filterSource's metric unique. Fixes https://github.com/letsencrypt/boulder/issues/7538	2024-06-14 09:39:32 -07:00
..
responder	Add issuer label to ocsp_filter_responses metric (#7546 )	2024-06-14 09:39:32 -07:00
test	ocsp/responder: update Redis source to use live signing (#6207 )	2022-07-18 10:47:14 -07:00

Add issuer label to ocsp_filter_responses metric (#7546 )

Add a new "issuer" label to the ocsp-responder's ocsp_filter_responses
metric. This allows the count of responses served by ocsp-responder to
be broken down by which intermediate issued the certificate (and OCSP
response) in question.

This approach has the benefit of being minimal. The filterSource is the
only place within ocsp-responder that actually has knowledge of which
intermediate issued the certificate/ocsp response. The HTTP-handling
code above filterSource and the other redis and live-signing sources
below filterSource have no knowledge of the set of issuing
intermediates. They operate solely on the serial, because we guarantee
that our serials are unique across all issuers. So adding the metric
label here means that we don't have to make any other ocsp-responder
code aware of the issuers.

However, this approach has the cost of being somewhat surprising. Every
source has a `counter` metric with a "result" label; adding this
"issuer" label makes the filterSource's metric unique.

Fixes https://github.com/letsencrypt/boulder/issues/7538

2024-06-14 09:39:32 -07:00

responder

Add issuer label to ocsp_filter_responses metric (#7546 )

2024-06-14 09:39:32 -07:00

test

ocsp/responder: update Redis source to use live signing (#6207 )

2022-07-18 10:47:14 -07:00