-
-
Notifications
You must be signed in to change notification settings - Fork 585
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Store and check previously denied CSRs #185
Conversation
…checking, added AddDeniedCSR to ra.NewCertificate
I think storing whole CSRs is the wrong approach. I think we to store a list of DNS names, possibly with some extra metadata. Otherwise you could avoid the list by changing some unimportant part of the CSR. Also one thing I didn't notice until re-reading the relevant CPS part is that this denied list is only necessary for revocations or denials "due to suspected phishing or other fraud." So we still need the table, but it can be pretty small. |
Ready for re-review. Not too sure about my method for passing a bool in |
@rolandshoemaker I don't think there's anything in golang you can do to make that cleaner, except to marshal to/from JSON. I'm fine with it as-is, or we can write a tiny marshalBool unmarshalBool function pair to be cleaner. |
Oh, and LGTM, ready to commit when you are @rolandshoemaker |
If we start passing more bools via RPC it'll make sense to write a function pair but for now i'm okay leaving it as-is... |
Store and check previously denied CSRs
Build failures merged to master:
|
Add missing mock method to fix build for PR #185.
Fix for #101, I plan to add
RA
tests tomorrow.