forked from TrueCloudLab/certificates
remove incorrect check on revoked certificate dates, add mutex lock for generating CRLs,
This commit is contained in:
parent
4e19aa4c52
commit
40baf73dff
3 changed files with 5 additions and 1 deletions
|
@ -71,6 +71,7 @@ type Authority struct {
|
|||
|
||||
// CRL vars
|
||||
crlTicker *time.Ticker
|
||||
crlMutex sync.Mutex
|
||||
|
||||
// Do not re-initialize
|
||||
initOnce bool
|
||||
|
|
|
@ -637,6 +637,9 @@ func (a *Authority) GenerateCertificateRevocationList() error {
|
|||
return errors.Errorf("CA does not support CRL Generation")
|
||||
}
|
||||
|
||||
a.crlMutex.Lock() // use a mutex to ensure only one CRL is generated at a time to avoid concurrency issues
|
||||
defer a.crlMutex.Unlock()
|
||||
|
||||
crlInfo, err := crlDB.GetCRL()
|
||||
if err != nil {
|
||||
return errors.Wrap(err, "could not retrieve CRL from database")
|
||||
|
|
2
db/db.go
2
db/db.go
|
@ -255,7 +255,7 @@ func (db *DB) GetRevokedCertificates() (*[]RevokedCertificateInfo, error) {
|
|||
return nil, err
|
||||
}
|
||||
|
||||
if !data.RevokedAt.IsZero() && data.RevokedAt.After(now) {
|
||||
if !data.RevokedAt.IsZero() {
|
||||
revokedCerts = append(revokedCerts, data)
|
||||
} else if data.RevokedAt.IsZero() {
|
||||
cert, err := db.GetCertificate(data.Serial)
|
||||
|
|
Loading…
Reference in a new issue