3pp-mirror/pomerium
1
0
Fork 0
mirror of https://github.com/pomerium/pomerium.git synced 2025-06-01 18:33:19 +02:00
Code Issues Projects Releases Packages Wiki Activity

cryptutil: update CRL parsing (#4454)

Browse source 
Move the parseCRLs() method from package 'authorize/evaluator' to
'pkg/cryptutil', replacing the existing DecodeCRL() method. This method
will parse all CRLs found in the PEM input, rather than just the first.

(This removes our usage of the deprecated method x509.ParseDERCRL.)

Update this method to return an error if there is non-PEM data found in
the input, to satisfy the existing test that raw DER-encoded CRLs are
not permitted.

Delete the CRLFromBase64() and CRLFromFile() methods, as these are no
longer used.
This commit is contained in:
Kenneth Jenkins 2023-08-11 08:33:22 -07:00 committed by GitHub
parent ed9a93fe5b
commit cc1ef1ae18
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
6 changed files with 29 additions and 91 deletions
Download patch file Download diff file Expand all files Collapse all files

2
config/mtls_test.go
View file

@ -131,7 +131,7 @@ func TestDownstreamMTLSSettingsValidate(t *testing.T) {
{"both CRL and CRL file", DownstreamMTLSSettings{CRL: "CRL", CRLFile: "CRLFile"},
"cannot set both crl and crl_file"},
{"bad CRL", DownstreamMTLSSettings{CRL: "dGhpc2lzZmluZQo="},
"CRL: cryptutil: invalid crl, no X509 CRL block found"},
"CRL: cryptutil: non-PEM data in CRL bundle"},
{"bad CRL file", DownstreamMTLSSettings{CRLFile: "-"},
"CRL file: open -: no such file or directory"},
{"bad enforcement mode", DownstreamMTLSSettings{Enforcement: "whatever"},