letsencrypt
/
boulder
mirror of https://github.com/letsencrypt/boulder.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
boulder/cmd/ocsp-updater
History
Daniel McCarney ab26662fc8
ocsp-updater: fix generateResponse for precerts w/o certs (#4468) 
Since 9906c93217 when
`features.PrecertificateOCSP` is enabled it is possible for there to be
`certificateStatus` rows that correspond to `precertificates` that do not have
a matching final `certificates` row. This happens in the case where we began
serving OCSP for a precert and weren't able to issue a final certificate.

Prior to the fix in this branch when the `ocsp-updater` would find stale OCSP
responses by querying the `certificateStatus` table it would error in
`generateResponse` when it couldn't find a matching `certificates` row. This
branch updates the logic so that when `features.PrecertificateOCSP` is enabled
it will also try finding the ocsp update DER from the `precertificates` table
when there is no matching serial in the `certificates` table.
 		2019-10-07 13:11:31 -04:00
..
main.go ocsp-updater: fix generateResponse for precerts w/o certs (#4468) 2019-10-07 13:11:31 -04:00
main_test.go ocsp-updater: fix generateResponse for precerts w/o certs (#4468) 2019-10-07 13:11:31 -04:00
test-cert-b.pem core/util: ValidSerial should return false if the serial is not 32 or 36 (#3712) 2018-05-24 15:31:06 -04:00
test-cert.pem core/util: ValidSerial should return false if the serial is not 32 or 36 (#3712) 2018-05-24 15:31:06 -04:00