Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Identify issuer on revocation (#16763)
* Identify issuer on revocation When we attempt to revoke a leaf certificate, we already parse all of the issuers within the mount (to x509.Certificate) to ensure we don't accidentally revoke an issuer via the leaf revocation endpoint. We can reuse this information to associate the issuer (via issuer/subject comparison and signature checking) to the revoked cert in its revocation info. This will help OCSP, avoiding the case where the OCSP handler needs to associate a certificate to its issuer. Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com> * Add test to ensure issuers are identified Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com> Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>
- Loading branch information
Showing
2 changed files
with
83 additions
and
15 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters