Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Address OCSP client caching issue #25986

Merged
merged 3 commits into from Mar 18, 2024
Merged

Address OCSP client caching issue #25986

merged 3 commits into from Mar 18, 2024

Conversation

stevendpclark
Copy link
Contributor

@stevendpclark stevendpclark commented Mar 15, 2024
edited

  • The OCSP cache built into the client that is used by cert-auth would cache the responses but when pulling out a cached value the response wasn't validating properly and was then thrown away. So effectively we were operating with no cache.

  • The issue was around a confusion of the client's internal status vs the Go SDK OCSP status integer values.

@stevendpclark
Address OCSP client caching issue
eeb94d7 
 - The OCSP cache built into the client that is used by cert-auth
   would cache the responses but when pulling out a cached value the
   response wasn't validating properly and was then thrown away.

 - The issue was around a confusion of the client's internal status
   vs the Go SDK OCSP status integer values.

 - Add a test that validates the cache is now used
@stevendpclark stevendpclark added bug Used to indicate a potential bug auth/cert Authentication - certificates backport/1.14.x Backport changes to `release/1.14.x` backport/1.15.x Backport changes to `release/1.15.x` backport/1.16.x Backport changes to `release/1.16.x` labels Mar 15, 2024
@stevendpclark stevendpclark added this to the 1.14.11 milestone Mar 15, 2024
@stevendpclark stevendpclark self-assigned this Mar 15, 2024
@stevendpclark stevendpclark requested a review from a team as a code owner March 15, 2024 22:24
@github-actions github-actions bot added the hashicorp-contributed-pr If the PR is HashiCorp (i.e. not-community) contributed label Mar 15, 2024
@github-actions GitHub Actions
Copy link

github-actions bot commented Mar 15, 2024
edited

CI Results:
All Go tests succeeded! ✅

@github-actions GitHub Actions
Copy link

github-actions bot commented Mar 15, 2024
edited

Build Results:
All builds succeeded! ✅

sgmiller
sgmiller approved these changes Mar 18, 2024
View reviewed changes
Copy link
Collaborator

@sgmiller sgmiller left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

lgtm!

@stevendpclark
Fix PKI test failing now due to the OCSP cache working
802f867 
 - Remove the previous lookup before revocation as now the OCSP
   cache works so we don't see the new revocation as we are actually
   leveraging the cache
@stevendpclark stevendpclark force-pushed the stevendpclark/vault-24947-fix-ocsp-cache branch from 77fe1c9 to 802f867 Compare March 18, 2024 18:51
@stevendpclark stevendpclark enabled auto-merge (squash) March 18, 2024 19:05
@stevendpclark stevendpclark merged commit 94d4223 into main Mar 18, 2024
78 checks passed
@stevendpclark stevendpclark deleted the stevendpclark/vault-24947-fix-ocsp-cache branch March 18, 2024 19:11
This was referenced Mar 18, 2024
Merged
Merged
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@sgmiller sgmiller sgmiller approved these changes

Assignees

@stevendpclark stevendpclark

Labels
auth/cert Authentication - certificates backport/1.14.x Backport changes to `release/1.14.x` backport/1.15.x Backport changes to `release/1.15.x` backport/1.16.x Backport changes to `release/1.16.x` bug Used to indicate a potential bug hashicorp-contributed-pr If the PR is HashiCorp (i.e. not-community) contributed
Projects
None yet
Milestone
1.14.11
Development

Successfully merging this pull request may close these issues.

None yet
2 participants
@stevendpclark @sgmiller