vault/25912.txt at 496bc67d3102273515bbcb71bf19c3b245df795f - vault - Gitea: Git with a cup of tea

scottk/vault

mirror of https://github.com/optim-enterprises-bv/vault.git synced 2025-10-29 09:42:25 +00:00

Files

Steven Clark 5785191067 Support OCSP responses without NextUpdate field set (#25912 )

* Support OCSP responses without a NextUpdate value set

 - Validate that the ThisUpdate value is
   properly prior to our current time and
   if NextUpdate is set that, ThisUpdate is
   before NextUpdate.
 - If we don't have a value for NextUpdate just compare against ThisUpdate.

* Add ocsp_this_update_max_ttl support to cert auth

 - Allow configuring a maximum TTL of the OCSP response based on the
   ThisUpdate time like OpenSSL does
 - Add test to validate that we don't cache OCSP responses with no NextUpdate

* Add cl

* Add missing ` in docs

* Rename ocsp_this_update_max_ttl to ocsp_this_update_max_age

* Missed a few TTL references

* Fix error message

2024-03-18 18:12:37 -04:00

4 lines

104 B

Plaintext

Raw Blame History

	```release-note:improvement
	`auth/cert: Allow validation with OCSP responses with no NextUpdate time`
	```