7f38b0440e
* Fetch CRLs from a user defined CDP (PoC) * Handle no param sent * Move CRL fetch to a periodFunc. Use configured CA certs + system root as trusted certs for CRL fetch * comments * changelog * Just use root trust * cdp->url in api * Store CRL and populate it initially in cdlWrite * Update docs * Update builtin/credential/cert/path_crls.go Co-authored-by: Steven Clark <steven.clark@hashicorp.com> * Handle pre-verification of a CRL url better * just in case * Fix crl write locking * Add a CRL fetch unit test * Remove unnecessary validity clear * Better func name * Don't exit early updating CRLs * lock in updateCRLs * gofumpt * err- Co-authored-by: Steven Clark <steven.clark@hashicorp.com>
5 lines
235 B
Plaintext
5 lines
235 B
Plaintext
```release-note:improvement
|
|
auth/cert: Operators can now specify a CRL distribution point URL, in which
|
|
case the cert auth engine will fetch and use the CRL from that location
|
|
rather than needing to push CRLs directly to auth/cert.
|
|
``` |