Move the parseCRLs() method from package 'authorize/evaluator' to
'pkg/cryptutil', replacing the existing DecodeCRL() method. This method
will parse all CRLs found in the PEM input, rather than just the first.
(This removes our usage of the deprecated method x509.ParseDERCRL.)
Update this method to return an error if there is non-PEM data found in
the input, to satisfy the existing test that raw DER-encoded CRLs are
not permitted.
Delete the CRLFromBase64() and CRLFromFile() methods, as these are no
longer used.
* envoyconfig: add virtual host domains for certificates in addition to routes
* Update pkg/cryptutil/certificates.go
Co-authored-by: bobby <1544881+desimone@users.noreply.github.com>
* Update pkg/cryptutil/tls.go
Co-authored-by: bobby <1544881+desimone@users.noreply.github.com>
* comments
Co-authored-by: bobby <1544881+desimone@users.noreply.github.com>
* envoy: check certificates for must-staple flag and drop them if they are missing the response
* Update config/envoyconfig/tls_test.go
Co-authored-by: Denis Mishin <dmishin@pomerium.com>
Co-authored-by: Denis Mishin <dmishin@pomerium.com>
