8cf597459d
The ocsp-responder takes a path to a certificate file as one of its config values. It uses this path as one of the inputs when constructing its DBSource, the object responsible for querying the database for pregenerated OCSP responses to fulfill requests. However, this certificate file is not necessary to query the database; rather, it only acts as a filter: OCSP requests whose IssuerKeyHash do not match the hash of the loaded certificate are rejected outright, without querying the DB. In addition, there is currently only support for a single certificate file in the config. This change adds support for multiple issuer certificate files in the config, and refactors the pre-database filtering of bad OCSP requests into a helper object dedicated solely to that purpose. Fixes #5119 |
||
|---|---|---|
| .. | ||
| testdata | ||
| akamai_purger_drain_queue_test.go | ||
| authz_test.go | ||
| caa_test.go | ||
| common_mock.go | ||
| common_test.go | ||
| errors_test.go | ||
| ocsp_test.go | ||
| orphan_finder_test.go | ||
| revocation_test.go | ||
| wfe_test.go | ||