602f3e4708
In the process of writing https://github.com/letsencrypt/boulder/pull/7533 I discovered that the method for detecting pkcs11.Error errors is broken: it attempts to unwrap the returned error into a pointer-to-a-pointer type, which doesn't work because only `pkcs11.Error` implements the Error interface, while `*pkcs11.Error` does not. Add a test which shows that the current noteSignError implementation is broken. Then fix noteSignError and the two locations which duplicate that code by removing the extra layer of indirection. And since the same code exists in three locations, refactor how the caImpl, ocspImpl, and crlImpl share metrics so that it only has to exist in one place. A minimal reproduction case of this type of breakage can be seen here: https://go.dev/play/p/qCLDQ1SFiWu |
||
|---|---|---|
| .. | ||
| proto | ||
| testdata | ||
| ca.go | ||
| ca_test.go | ||
| crl.go | ||
| crl_test.go | ||
| ecdsa_allow_list.go | ||
| ecdsa_allow_list_test.go | ||
| ocsp.go | ||
| ocsp_test.go | ||