remove incorrect check on revoked certificate dates, add mutex lock for generating CRLs,

This commit is contained in:
Raal Goff 2022-09-15 15:03:42 +08:00
parent 4e19aa4c52
commit 40baf73dff
3 changed files with 5 additions and 1 deletions

View file

@ -71,6 +71,7 @@ type Authority struct {
// CRL vars
crlTicker *time.Ticker
crlMutex sync.Mutex
// Do not re-initialize
initOnce bool

View file

@ -637,6 +637,9 @@ func (a *Authority) GenerateCertificateRevocationList() error {
return errors.Errorf("CA does not support CRL Generation")
}
a.crlMutex.Lock() // use a mutex to ensure only one CRL is generated at a time to avoid concurrency issues
defer a.crlMutex.Unlock()
crlInfo, err := crlDB.GetCRL()
if err != nil {
return errors.Wrap(err, "could not retrieve CRL from database")

View file

@ -255,7 +255,7 @@ func (db *DB) GetRevokedCertificates() (*[]RevokedCertificateInfo, error) {
return nil, err
}
if !data.RevokedAt.IsZero() && data.RevokedAt.After(now) {
if !data.RevokedAt.IsZero() {
revokedCerts = append(revokedCerts, data)
} else if data.RevokedAt.IsZero() {
cert, err := db.GetCertificate(data.Serial)