Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

ocsp-updater should expire responses that are in the CDN on cert revocation #733

Closed
jmhodges opened this issue Sep 2, 2015 · 1 comment
Closed

ocsp-updater should expire responses that are in the CDN on cert revocation #733

jmhodges opened this issue Sep 2, 2015 · 1 comment

Comments

@jmhodges
Copy link
Contributor

jmhodges commented Sep 2, 2015

Currently, the ocsp-updater just flips some bits in the database. However, it should also toss the OCSP responses from the CDN.

This has repercussions for the ca.RevokeCertificate flow which currently believes (or, well, is supposed to believe but apparently that's another bug) it can update CertificateStatus.OCSPLatestUpdate itself without talking to anyone else.

But the ocsp-updater looks at just that OCSPLatestUpdate field to determine if it needs to do work, like CDN expiration.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@jmhodges @jsha @pde