luxolus
/
open-vault
2
0
Fork 0
Code Issues 1 Pull Requests Releases Activity

Ensure unified_crl requires auto_rebuild (#18819) 

Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>

Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>
This commit is contained in:
Alexander Scheel 2023-01-24 10:30:50 -05:00 committed by GitHub
parent 524536a6bc
commit 7850f0e05e
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 4 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
builtin/logical/pki/path_config_crl.go
View File

@ -257,6 +257,10 @@ func (b *backend) pathCRLWrite(ctx context.Context, req *logical.Request, d *fra
return logical.ErrorResponse("unified_crl cannot be enabled on local mounts."), nil
}
if !config.AutoRebuild && config.UnifiedCRL {
return logical.ErrorResponse("unified_crl=true requires auto_rebuild=true, as unified CRLs cannot be rebuilt on every revocation."), nil
}
entry, err := logical.StorageEntryJSON("config/crl", config)
if err != nil {
return nil, err