From 49571bbde7b5ff4cc7db8f1d347cb34df70a8c87 Mon Sep 17 00:00:00 2001 From: Arjan H Date: Sat, 4 Mar 2023 13:58:24 +0100 Subject: [PATCH] Bump boulder version to c33c3c83 2023-03-03 --- install | 2 +- mail-tester.go | 3 ++- patches/bad-key-revoker_main.patch | 18 ++++++++--------- patches/boulder-va_main.patch | 6 +++--- patches/cert-checker_main.patch | 24 +++++++++++------------ patches/config_expiration-mailer.patch | 6 +++--- patches/config_ocsp-responder.patch | 27 ++++++++++++++++++++++++-- patches/config_ra.patch | 2 +- patches/docker-compose-redis.patch | 12 ++++++------ patches/docker-compose.patch | 20 ++++++++----------- patches/errors_errors.patch | 4 ++-- patches/expiration-mailer_main.patch | 20 +++++++++---------- patches/ocsp-responder_main.patch | 6 +++--- patches/ra_ra.patch | 6 +++--- patches/ratelimit_rate-limits.patch | 8 ++++---- patches/test_config_ca_a.patch | 2 +- patches/test_config_ca_b.patch | 2 +- 17 files changed, 93 insertions(+), 75 deletions(-) diff --git a/install b/install index 7a6770d..ffd736d 100755 --- a/install +++ b/install @@ -24,7 +24,7 @@ dockerComposeVersion="v2.5.0" labcaUrl="https://github.com/hakwerk/labca/" boulderUrl="https://github.com/letsencrypt/boulder/" -boulderTag="release-2023-02-13a" +boulderTag="c33c3c83" # Feature flags flag_skip_redis=true diff --git a/mail-tester.go b/mail-tester.go index eaf6583..6843532 100644 --- a/mail-tester.go +++ b/mail-tester.go @@ -9,6 +9,7 @@ import ( "github.com/letsencrypt/boulder/bdns" "github.com/letsencrypt/boulder/cmd" + bconfig "github.com/letsencrypt/boulder/config" "github.com/letsencrypt/boulder/features" bmail "github.com/letsencrypt/boulder/mail" ) @@ -40,7 +41,7 @@ type config struct { // Path to a text/template email template EmailTemplate string - Frequency cmd.ConfigDuration + Frequency bconfig.Duration TLS cmd.TLSConfig SAService *cmd.GRPCClientConfig diff --git a/patches/bad-key-revoker_main.patch b/patches/bad-key-revoker_main.patch index 9e8ec47..e34c4ea 100644 --- a/patches/bad-key-revoker_main.patch +++ b/patches/bad-key-revoker_main.patch @@ -1,16 +1,16 @@ diff --git a/cmd/bad-key-revoker/main.go b/cmd/bad-key-revoker/main.go -index 8a199ca1..8e14561c 100644 +index b0b85495..9a21445c 100644 --- a/cmd/bad-key-revoker/main.go +++ b/cmd/bad-key-revoker/main.go -@@ -14,6 +14,7 @@ import ( +@@ -19,6 +19,7 @@ import ( + "google.golang.org/grpc" + "google.golang.org/protobuf/types/known/emptypb" - "github.com/honeycombio/beeline-go" - "github.com/jmhodges/clock" + "github.com/letsencrypt/boulder/bdns" "github.com/letsencrypt/boulder/cmd" + "github.com/letsencrypt/boulder/config" "github.com/letsencrypt/boulder/core" - "github.com/letsencrypt/boulder/db" -@@ -390,6 +391,9 @@ type Config struct { +@@ -393,6 +394,9 @@ type Config struct { TLS cmd.TLSConfig RAService *cmd.GRPCClientConfig @@ -20,7 +20,7 @@ index 8a199ca1..8e14561c 100644 // MaximumRevocations specifies the maximum number of certificates associated with // a key hash that bad-key-revoker will attempt to revoke. If the number of certificates // is higher than MaximumRevocations bad-key-revoker will error out and refuse to -@@ -423,6 +427,12 @@ type Config struct { +@@ -426,6 +430,12 @@ type Config struct { Syslog cmd.SyslogConfig Beeline cmd.BeelineConfig @@ -33,7 +33,7 @@ index 8a199ca1..8e14561c 100644 } func main() { -@@ -459,6 +469,32 @@ func main() { +@@ -462,6 +472,32 @@ func main() { cmd.FailOnError(err, "Failed to load credentials and create gRPC connection to RA") rac := rapb.NewRegistrationAuthorityClient(conn) @@ -66,7 +66,7 @@ index 8a199ca1..8e14561c 100644 var smtpRoots *x509.CertPool if config.BadKeyRevoker.Mailer.SMTPTrustedRootFile != "" { pem, err := os.ReadFile(config.BadKeyRevoker.Mailer.SMTPTrustedRootFile) -@@ -480,6 +516,7 @@ func main() { +@@ -483,6 +519,7 @@ func main() { config.BadKeyRevoker.Mailer.Username, smtpPassword, smtpRoots, diff --git a/patches/boulder-va_main.patch b/patches/boulder-va_main.patch index cc6a34e..76df065 100644 --- a/patches/boulder-va_main.patch +++ b/patches/boulder-va_main.patch @@ -1,8 +1,8 @@ diff --git a/cmd/boulder-va/main.go b/cmd/boulder-va/main.go -index cd6342bc..bb6f0074 100644 +index 905e1aec..39ce5e6b 100644 --- a/cmd/boulder-va/main.go +++ b/cmd/boulder-va/main.go -@@ -33,8 +33,10 @@ type Config struct { +@@ -25,8 +25,10 @@ type Config struct { // The number of times to try a DNS query (that has a temporary error) // before giving up. May be short-circuited by deadlines. A zero value // will be turned into 1. @@ -15,7 +15,7 @@ index cd6342bc..bb6f0074 100644 DNSTimeout string DNSAllowLoopbackAddresses bool -@@ -102,11 +104,13 @@ func main() { +@@ -98,11 +100,13 @@ func main() { clk := cmd.Clock() var servers bdns.ServerProvider diff --git a/patches/cert-checker_main.patch b/patches/cert-checker_main.patch index 13a8183..af5a760 100644 --- a/patches/cert-checker_main.patch +++ b/patches/cert-checker_main.patch @@ -1,8 +1,8 @@ diff --git a/cmd/cert-checker/main.go b/cmd/cert-checker/main.go -index 340c5629..0dc0389a 100644 +index cbc4f2e4..ec054876 100644 --- a/cmd/cert-checker/main.go +++ b/cmd/cert-checker/main.go -@@ -100,6 +100,7 @@ type certChecker struct { +@@ -101,6 +101,7 @@ type certChecker struct { checkPeriod time.Duration acceptableValidityDurations map[time.Duration]bool logger blog.Logger @@ -10,7 +10,7 @@ index 340c5629..0dc0389a 100644 } func newChecker(saDbMap certDB, -@@ -109,6 +110,7 @@ func newChecker(saDbMap certDB, +@@ -110,6 +111,7 @@ func newChecker(saDbMap certDB, period time.Duration, avd map[time.Duration]bool, logger blog.Logger, @@ -18,7 +18,7 @@ index 340c5629..0dc0389a 100644 ) certChecker { return certChecker{ pa: pa, -@@ -121,6 +123,7 @@ func newChecker(saDbMap certDB, +@@ -122,6 +124,7 @@ func newChecker(saDbMap certDB, checkPeriod: period, acceptableValidityDurations: avd, logger: logger, @@ -26,7 +26,7 @@ index 340c5629..0dc0389a 100644 } } -@@ -347,7 +350,7 @@ func (c *certChecker) checkCert(cert core.Certificate, ignoredLints map[string]b +@@ -348,7 +351,7 @@ func (c *certChecker) checkCert(cert core.Certificate, ignoredLints map[string]b err = c.pa.WillingToIssueWildcards([]identifier.ACMEIdentifier{id}) if err != nil { problems = append(problems, fmt.Sprintf("Policy Authority isn't willing to issue for '%s': %s", name, err)) @@ -35,21 +35,19 @@ index 340c5629..0dc0389a 100644 // For defense-in-depth, even if the PA was willing to issue for a name // we double check it against a list of forbidden domains. This way even // if the hostnamePolicyFile malfunctions we will flag the forbidden -@@ -409,11 +412,12 @@ type Config struct { +@@ -410,10 +413,11 @@ type Config struct { DB cmd.DBConfig cmd.HostnamePolicyConfig -- Workers int -- ReportDirectoryPath string -- UnexpiredOnly bool -- BadResultsOnly bool -- CheckPeriod cmd.ConfigDuration +- Workers int +- UnexpiredOnly bool +- BadResultsOnly bool +- CheckPeriod config.Duration + Workers int -+ ReportDirectoryPath string + UnexpiredOnly bool + BadResultsOnly bool + SkipForbiddenDomains bool -+ CheckPeriod cmd.ConfigDuration ++ CheckPeriod config.Duration // AcceptableValidityDurations is a list of durations which are // acceptable for certificates we issue. diff --git a/patches/config_expiration-mailer.patch b/patches/config_expiration-mailer.patch index 533fc6f..20d9a4d 100644 --- a/patches/config_expiration-mailer.patch +++ b/patches/config_expiration-mailer.patch @@ -2,8 +2,8 @@ diff --git a/test/config/expiration-mailer.json b/test/config/expiration-mailer. index 4519fe4d..f52a408c 100644 --- a/test/config/expiration-mailer.json +++ b/test/config/expiration-mailer.json -@@ -14,6 +14,11 @@ - "nagCheckInterval": "24h", +@@ -13,6 +13,11 @@ + "nagTimes": ["480h", "240h"], "emailTemplate": "test/config/expiration-mailer.gotmpl", "debugAddr": ":8008", + "dnsTries": 3, @@ -14,7 +14,7 @@ index 4519fe4d..f52a408c 100644 "tls": { "caCertFile": "test/grpc-creds/minica.pem", "certFile": "test/grpc-creds/expiration-mailer.boulder/cert.pem", -@@ -36,5 +41,9 @@ +@@ -35,5 +40,9 @@ "mute": true, "serviceName": "Test", "writeKey": {"passwordFile": "test/secrets/honeycomb_fake_password"} diff --git a/patches/config_ocsp-responder.patch b/patches/config_ocsp-responder.patch index 26e8096..e640cd1 100644 --- a/patches/config_ocsp-responder.patch +++ b/patches/config_ocsp-responder.patch @@ -1,8 +1,31 @@ diff --git a/test/config/ocsp-responder.json b/test/config/ocsp-responder.json -index ed874d3..a1a78f3 100644 +index bfea858d..fecea919 100644 --- a/test/config/ocsp-responder.json +++ b/test/config/ocsp-responder.json -@@ -45,9 +45,7 @@ +@@ -4,22 +4,6 @@ + "dbConnectFile": "test/secrets/ocsp_responder_dburl", + "maxOpenConns": 10 + }, +- "redis": { +- "username": "ocsp-responder", +- "passwordFile": "test/secrets/ocsp_responder_redis_password", +- "shardAddrs": { +- "shard1": "10.33.33.2:4218", +- "shard2": "10.33.33.3:4218" +- }, +- "timeout": "5s", +- "poolSize": 100, +- "routeRandomly": true, +- "tls": { +- "caCertFile": "test/redis-tls/minica.pem", +- "certFile": "test/redis-tls/boulder/cert.pem", +- "keyFile": "test/redis-tls/boulder/key.pem" +- } +- }, + "tls": { + "caCertFile": "test/grpc-creds/minica.pem", + "certFile": "test/grpc-creds/ocsp-responder.boulder/cert.pem", +@@ -39,9 +23,7 @@ "path": "/", "listenAddress": "0.0.0.0:4002", "issuerCerts": [ diff --git a/patches/config_ra.patch b/patches/config_ra.patch index ddad199..5fdc34a 100644 --- a/patches/config_ra.patch +++ b/patches/config_ra.patch @@ -2,7 +2,7 @@ diff --git a/test/config/ra.json b/test/config/ra.json index 6f0baae9..6ad0f08c 100644 --- a/test/config/ra.json +++ b/test/config/ra.json -@@ -15,9 +15,7 @@ +@@ -14,9 +14,7 @@ }, "orderLifetime": "168h", "issuerCerts": [ diff --git a/patches/docker-compose-redis.patch b/patches/docker-compose-redis.patch index d43f2c7..47c78c7 100644 --- a/patches/docker-compose-redis.patch +++ b/patches/docker-compose-redis.patch @@ -1,8 +1,8 @@ diff --git a/docker-compose.yml b/docker-compose.yml -index 4ce7c1d6..ed8da276 100644 +index 6ecb1a9c..acc970d6 100644 --- a/docker-compose.yml +++ b/docker-compose.yml -@@ -22,8 +22,6 @@ services: +@@ -17,8 +17,6 @@ services: ipv4_address: 10.77.77.77 rednet: ipv4_address: 10.88.88.88 @@ -10,8 +10,8 @@ index 4ce7c1d6..ed8da276 100644 - ipv4_address: 10.33.33.33 consulnet: ipv4_address: 10.55.55.55 - extra_hosts: -@@ -41,8 +39,6 @@ services: + # Use consul as a backup to Docker's embedded DNS server. If there's a name +@@ -36,8 +34,6 @@ services: - 4003:4003 # OCSP depends_on: - bmysql @@ -20,7 +20,7 @@ index 4ce7c1d6..ed8da276 100644 - bconsul entrypoint: test/entrypoint.sh working_dir: &boulder_working_dir /boulder -@@ -64,24 +60,6 @@ services: +@@ -59,24 +55,6 @@ services: logging: driver: none @@ -45,7 +45,7 @@ index 4ce7c1d6..ed8da276 100644 bconsul: image: hashicorp/consul:1.13.1 volumes: -@@ -118,13 +96,6 @@ networks: +@@ -113,13 +91,6 @@ networks: config: - subnet: 10.88.88.0/24 diff --git a/patches/docker-compose.patch b/patches/docker-compose.patch index 0d140ae..b4f18b2 100644 --- a/patches/docker-compose.patch +++ b/patches/docker-compose.patch @@ -1,18 +1,14 @@ diff --git a/docker-compose.yml b/docker-compose.yml -index ed8da276..9171ee2b 100644 +index fd157266..d272bf2d 100644 --- a/docker-compose.yml +++ b/docker-compose.yml -@@ -6,7 +6,7 @@ services: - image: &boulder_image letsencrypt/boulder-tools:${BOULDER_TOOLS_TAG:-go1.19.5_2023-02-02} +@@ -5,10 +5,12 @@ services: + image: &boulder_image letsencrypt/boulder-tools:${BOULDER_TOOLS_TAG:-go1.20.1_2023-02-22} environment: FAKE_DNS: 10.77.77.77 - BOULDER_CONFIG_DIR: &boulder_config_dir test/config + BOULDER_CONFIG_DIR: &boulder_config_dir labca/config GOFLAGS: -mod=vendor - # Go 1.18 turned off SHA-1 validation on CSRs (and certs, but that doesn't - # affect us) by default, but it can be turned back on with the x509sha1 -@@ -14,6 +14,8 @@ services: - GODEBUG: x509sha1=1 volumes: - .:/boulder:cached + - /home/labca/boulder_labca:/boulder/labca @@ -20,9 +16,9 @@ index ed8da276..9171ee2b 100644 - ./.gocache:/root/.cache/go-build:cached - ./.hierarchy:/hierarchy/:cached - ./.softhsm-tokens/:/var/lib/softhsm/tokens/:cached -@@ -33,18 +35,26 @@ services: - # IP (running consul). - # (https://docs.docker.com/config/containers/container-networking/#dns-services). +@@ -28,18 +30,26 @@ services: + # TODO: Remove this when ServerAddress is deprecated in favor of SRV records + # and DNSAuthority. dns: 10.55.55.10 - ports: - - 4001:4001 # ACMEv2 @@ -52,7 +48,7 @@ index ed8da276..9171ee2b 100644 networks: bluenet: aliases: -@@ -58,7 +68,11 @@ services: +@@ -53,7 +63,11 @@ services: # small. command: mysqld --bind-address=0.0.0.0 --slow-query-log --log-output=TABLE --log-queries-not-using-indexes=ON logging: @@ -65,7 +61,7 @@ index ed8da276..9171ee2b 100644 bconsul: image: hashicorp/consul:1.13.1 -@@ -69,18 +83,68 @@ services: +@@ -64,18 +78,68 @@ services: ipv4_address: 10.55.55.10 command: "consul agent -dev -config-format=hcl -config-file=/test/consul/config.hcl" diff --git a/patches/errors_errors.patch b/patches/errors_errors.patch index 48b9c58..8518bef 100644 --- a/patches/errors_errors.patch +++ b/patches/errors_errors.patch @@ -1,8 +1,8 @@ diff --git a/errors/errors.go b/errors/errors.go -index 50be1087a..ab2efe9d1 100644 +index 83adf7f1..cc136790 100644 --- a/errors/errors.go +++ b/errors/errors.go -@@ -113,10 +113,10 @@ func NotFoundError(msg string, args ...interface{}) error { +@@ -163,10 +163,10 @@ func NotFoundError(msg string, args ...interface{}) error { return New(NotFound, msg, args...) } diff --git a/patches/expiration-mailer_main.patch b/patches/expiration-mailer_main.patch index 58dcca7..83a202d 100644 --- a/patches/expiration-mailer_main.patch +++ b/patches/expiration-mailer_main.patch @@ -1,16 +1,16 @@ diff --git a/cmd/expiration-mailer/main.go b/cmd/expiration-mailer/main.go -index b8dc4972..3fb36447 100644 +index d30f0e7d..ce296c61 100644 --- a/cmd/expiration-mailer/main.go +++ b/cmd/expiration-mailer/main.go -@@ -22,6 +22,7 @@ import ( - "github.com/jmhodges/clock" - "google.golang.org/grpc" +@@ -24,6 +24,7 @@ import ( + + "github.com/prometheus/client_golang/prometheus" + "github.com/letsencrypt/boulder/bdns" "github.com/letsencrypt/boulder/cmd" + "github.com/letsencrypt/boulder/config" "github.com/letsencrypt/boulder/core" - corepb "github.com/letsencrypt/boulder/core/proto" -@@ -37,7 +38,7 @@ import ( +@@ -39,7 +40,7 @@ import ( ) const ( @@ -19,7 +19,7 @@ index b8dc4972..3fb36447 100644 ) type regStore interface { -@@ -605,6 +606,9 @@ type Config struct { +@@ -683,6 +684,9 @@ type Config struct { TLS cmd.TLSConfig SAService *cmd.GRPCClientConfig @@ -29,7 +29,7 @@ index b8dc4972..3fb36447 100644 // Path to a file containing a list of trusted root certificates for use // during the SMTP connection (as opposed to the gRPC connections). SMTPTrustedRootFile string -@@ -614,6 +618,12 @@ type Config struct { +@@ -692,6 +696,12 @@ type Config struct { Syslog cmd.SyslogConfig Beeline cmd.BeelineConfig @@ -42,7 +42,7 @@ index b8dc4972..3fb36447 100644 } func initStats(stats prometheus.Registerer) mailerStats { -@@ -750,6 +760,32 @@ func main() { +@@ -832,6 +842,32 @@ func main() { cmd.FailOnError(err, "Failed to load credentials and create gRPC connection to SA") sac := sapb.NewStorageAuthorityClient(conn) @@ -75,7 +75,7 @@ index b8dc4972..3fb36447 100644 var smtpRoots *x509.CertPool if c.Mailer.SMTPTrustedRootFile != "" { pem, err := os.ReadFile(c.Mailer.SMTPTrustedRootFile) -@@ -785,6 +821,7 @@ func main() { +@@ -867,6 +903,7 @@ func main() { c.Mailer.Username, smtpPassword, smtpRoots, diff --git a/patches/ocsp-responder_main.patch b/patches/ocsp-responder_main.patch index 7b8e9bf..92a294b 100644 --- a/patches/ocsp-responder_main.patch +++ b/patches/ocsp-responder_main.patch @@ -1,8 +1,8 @@ diff --git a/cmd/ocsp-responder/main.go b/cmd/ocsp-responder/main.go -index 983fb33a..e8a132cd 100644 +index 5c78b895..98abac22 100644 --- a/cmd/ocsp-responder/main.go +++ b/cmd/ocsp-responder/main.go -@@ -172,49 +172,51 @@ as generated by Boulder's ceremony command. +@@ -171,49 +171,51 @@ as generated by Boulder's ceremony command. source, err = responder.NewMemorySourceFromFile(filename, logger) cmd.FailOnError(err, fmt.Sprintf("Couldn't read file: %s", url.Path)) } else { @@ -28,7 +28,7 @@ index 983fb33a..e8a132cd 100644 - maxInflight := c.OCSPResponder.MaxInflightSignings - if maxInflight == 0 { - maxInflight = 1000 -+ if c.OCSPResponder.Redis.Addrs != nil { ++ if c.OCSPResponder.Redis.ShardAddrs != nil { + // Set up the redis source and the combined multiplex source. + rocspRWClient, err := rocsp_config.MakeClient(&c.OCSPResponder.Redis, clk, scope) + cmd.FailOnError(err, "Could not make redis client") diff --git a/patches/ra_ra.patch b/patches/ra_ra.patch index adeb92d..e30dbe8 100644 --- a/patches/ra_ra.patch +++ b/patches/ra_ra.patch @@ -1,8 +1,8 @@ diff --git a/ra/ra.go b/ra/ra.go -index b55bcd92..e15670a9 100644 +index fea4ac1f..37dfb2ca 100644 --- a/ra/ra.go +++ b/ra/ra.go -@@ -39,7 +39,6 @@ import ( +@@ -41,7 +41,6 @@ import ( "github.com/letsencrypt/boulder/issuance" blog "github.com/letsencrypt/boulder/log" "github.com/letsencrypt/boulder/metrics" @@ -10,7 +10,7 @@ index b55bcd92..e15670a9 100644 "github.com/letsencrypt/boulder/probs" pubpb "github.com/letsencrypt/boulder/publisher/proto" rapb "github.com/letsencrypt/boulder/ra/proto" -@@ -526,7 +525,7 @@ func (ra *RegistrationAuthorityImpl) validateContacts(contacts []string) error { +@@ -535,7 +534,7 @@ func (ra *RegistrationAuthorityImpl) validateContacts(contacts []string) error { contact, ) } diff --git a/patches/ratelimit_rate-limits.patch b/patches/ratelimit_rate-limits.patch index 7ea086d..a8e2735 100644 --- a/patches/ratelimit_rate-limits.patch +++ b/patches/ratelimit_rate-limits.patch @@ -1,8 +1,8 @@ diff --git a/ratelimit/rate-limits.go b/ratelimit/rate-limits.go -index c199b1141..474d8f740 100644 +index 35c981bc..5fc6f2ff 100644 --- a/ratelimit/rate-limits.go +++ b/ratelimit/rate-limits.go -@@ -22,6 +22,7 @@ type Limits interface { +@@ -21,6 +21,7 @@ type Limits interface { PendingOrdersPerAccount() RateLimitPolicy NewOrdersPerAccount() RateLimitPolicy LoadPolicies(contents []byte) error @@ -10,7 +10,7 @@ index c199b1141..474d8f740 100644 } // limitsImpl is an unexported implementation of the Limits interface. It acts -@@ -114,6 +115,15 @@ func (r *limitsImpl) NewOrdersPerAccount() RateLimitPolicy { +@@ -113,6 +114,15 @@ func (r *limitsImpl) NewOrdersPerAccount() RateLimitPolicy { return r.rlPolicy.NewOrdersPerAccount } @@ -26,7 +26,7 @@ index c199b1141..474d8f740 100644 // LoadPolicies loads various rate limiting policies from a byte array of // YAML configuration (typically read from disk by a reloader) func (r *limitsImpl) LoadPolicies(contents []byte) error { -@@ -171,6 +181,8 @@ type rateLimitConfig struct { +@@ -170,6 +180,8 @@ type rateLimitConfig struct { // lower threshold and smaller window), so that clients don't have to wait // a long time after a small burst of accidental duplicate issuance. CertificatesPerFQDNSetFast RateLimitPolicy `yaml:"certificatesPerFQDNSetFast"` diff --git a/patches/test_config_ca_a.patch b/patches/test_config_ca_a.patch index da9404c..5bf9f8e 100644 --- a/patches/test_config_ca_a.patch +++ b/patches/test_config_ca_a.patch @@ -2,7 +2,7 @@ diff --git a/test/config/ca-a.json b/test/config/ca-a.json index 1233a9c95..3c4a0a3ca 100644 --- a/test/config/ca-a.json +++ b/test/config/ca-a.json -@@ -94,30 +94,7 @@ +@@ -106,30 +106,7 @@ "crlURL": "http://example.com/crl", "location": { "configFile": "test/test-ca.key-pkcs11.json", diff --git a/patches/test_config_ca_b.patch b/patches/test_config_ca_b.patch index c7cd9d5..8c37a7e 100644 --- a/patches/test_config_ca_b.patch +++ b/patches/test_config_ca_b.patch @@ -2,7 +2,7 @@ diff --git a/test/config/ca-b.json b/test/config/ca-b.json index 960d62f95..54b25dd81 100644 --- a/test/config/ca-b.json +++ b/test/config/ca-b.json -@@ -94,30 +94,7 @@ +@@ -106,30 +106,7 @@ "crlURL": "http://example.com/crl", "location": { "configFile": "test/test-ca.key-pkcs11.json",