alexvanin/certificates
1
0
Fork 0
forked from TrueCloudLab/certificates
Code Pull requests Activity

remove incorrect check on revoked certificate dates, add mutex lock for generating CRLs,

Browse source
This commit is contained in:
Raal Goff 2022-09-15 15:03:42 +08:00
parent 4e19aa4c52
commit 40baf73dff
3 changed files with 5 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

1
authority/authority.go
View file

@ -71,6 +71,7 @@ type Authority struct {
// CRL vars // CRL vars
crlTicker *time.Ticker crlTicker *time.Ticker
crlMutex sync.Mutex
// Do not re-initialize // Do not re-initialize
initOnce bool initOnce bool

3
authority/tls.go
View file

@ -637,6 +637,9 @@ func (a *Authority) GenerateCertificateRevocationList() error {
return errors.Errorf("CA does not support CRL Generation") return errors.Errorf("CA does not support CRL Generation")
} }
a.crlMutex.Lock() // use a mutex to ensure only one CRL is generated at a time to avoid concurrency issues
defer a.crlMutex.Unlock()
crlInfo, err := crlDB.GetCRL() crlInfo, err := crlDB.GetCRL()
if err != nil { if err != nil {
return errors.Wrap(err, "could not retrieve CRL from database") return errors.Wrap(err, "could not retrieve CRL from database")

2
db/db.go
View file

@ -255,7 +255,7 @@ func (db *DB) GetRevokedCertificates() (*[]RevokedCertificateInfo, error) {
return nil, err return nil, err
} }
if !data.RevokedAt.IsZero() && data.RevokedAt.After(now) { if !data.RevokedAt.IsZero() {
revokedCerts = append(revokedCerts, data) revokedCerts = append(revokedCerts, data)
} else if data.RevokedAt.IsZero() { } else if data.RevokedAt.IsZero() {
cert, err := db.GetCertificate(data.Serial) cert, err := db.GetCertificate(data.Serial)