scottk/vault
1
0
Fork 0
mirror of https://github.com/optim-enterprises-bv/vault.git synced 2025-10-31 02:28:09 +00:00
Code Issues Packages Projects Releases Wiki Activity

Load existing CRLs on startup and after invalidate (#17138)

Browse Source 
* Load existing CRLs on startup and after invalidate

* changelog
This commit is contained in:
Scott Miller
2022-09-14 14:30:44 -06:00
committed by GitHub
parent 20eddffb60
commit f4fa806489
3 changed files with 12 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
builtin/credential/cert/backend.go
View File

@@ -14,6 +14,9 @@ func Factory(ctx context.Context, conf *logical.BackendConfig) (logical.Backend,
if err := b.Setup(ctx, conf); err != nil { if err := b.Setup(ctx, conf); err != nil {
return nil, err return nil, err
} }
if err := b.populateCRLs(ctx, conf.StorageView); err != nil {
return nil, err
}
return b, nil return b, nil
} }

6
builtin/credential/cert/path_login.go
View File

@@ -82,6 +82,12 @@ func (b *backend) pathLogin(ctx context.Context, req *logical.Request, data *fra
return nil, err return nil, err
} }
if b.crls == nil {
if err := b.populateCRLs(ctx, req.Storage); err != nil {
return nil, err
}
}
var matched *ParsedCert var matched *ParsedCert
if verifyResp, resp, err := b.verifyCredentials(ctx, req, data); err != nil { if verifyResp, resp, err := b.verifyCredentials(ctx, req, data); err != nil {
return nil, err return nil, err

3
changelog/17138.txt Normal file
View File

@@ -0,0 +1,3 @@
```release-note:bug
auth/cert: Vault does not initially load the CRLs in cert auth unless the read/write CRL endpoint is hit.
```