Move the parseCRLs() method from package 'authorize/evaluator' to
'pkg/cryptutil', replacing the existing DecodeCRL() method. This method
will parse all CRLs found in the PEM input, rather than just the first.
(This removes our usage of the deprecated method x509.ParseDERCRL.)
Update this method to return an error if there is non-PEM data found in
the input, to satisfy the existing test that raw DER-encoded CRLs are
not permitted.
Delete the CRLFromBase64() and CRLFromFile() methods, as these are no
longer used.
* envoyconfig: add virtual host domains for certificates in addition to routes
* Update pkg/cryptutil/certificates.go
Co-authored-by: bobby <1544881+desimone@users.noreply.github.com>
* Update pkg/cryptutil/tls.go
Co-authored-by: bobby <1544881+desimone@users.noreply.github.com>
* comments
Co-authored-by: bobby <1544881+desimone@users.noreply.github.com>
- gofumpt everything
- fix TLS MinVersion to be at least 1.2
- add octal syntax
- remove newlines
- fix potential decompression bomb in ecjson
- remove implicit memory aliasing in for loops.
Signed-off-by: Bobby DeSimone <bobbydesimone@gmail.com>
