luxolus
/
open-vault
2
0
Fork 0
Code Issues 1 Pull Requests Releases Activity

Load existing CRLs on startup and after invalidate (#17138) 

* Load existing CRLs on startup and after invalidate

* changelog
This commit is contained in:
Scott Miller 2022-09-14 14:30:44 -06:00 committed by GitHub
parent 2231f588a5
commit 2152a933ff
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
3 changed files with 12 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
builtin/credential/cert/backend.go
View File

@ -14,6 +14,9 @@ func Factory(ctx context.Context, conf *logical.BackendConfig) (logical.Backend,
if err := b.Setup(ctx, conf); err != nil { if err := b.Setup(ctx, conf); err != nil {
return nil, err return nil, err
} }
if err := b.populateCRLs(ctx, conf.StorageView); err != nil {
return nil, err
}
return b, nil return b, nil
} }

6
builtin/credential/cert/path_login.go
View File

@ -82,6 +82,12 @@ func (b *backend) pathLogin(ctx context.Context, req *logical.Request, data *fra
return nil, err return nil, err
} }
if b.crls == nil {
if err := b.populateCRLs(ctx, req.Storage); err != nil {
return nil, err
}
}
var matched *ParsedCert var matched *ParsedCert
if verifyResp, resp, err := b.verifyCredentials(ctx, req, data); err != nil { if verifyResp, resp, err := b.verifyCredentials(ctx, req, data); err != nil {
return nil, err return nil, err

3
changelog/17138.txt Normal file
View File

@ -0,0 +1,3 @@
```release-note:bug
auth/cert: Vault does not initially load the CRLs in cert auth unless the read/write CRL endpoint is hit.
```