open-vault/builtin/logical/pki
Steven Clark 34ff0154e8
Add ocsp_expiry configuration field to PKI crl config (#16888)
* Add ocsp_expiry configuration field to PKI crl config

 - Add a new configurable duration field to the crl configuration to
   allow operator control of how long an OCSP response can be cached
   for.
 - This is useful for how long a server like NGINX/Apache is
   allowed to cache the response for OCSP stapling.
 - A value of 0 means no one should cache the response.
 - Address an issue discovered that we did not upgrade existing crl
   configurations properly

* PR feedback
2022-08-25 16:01:39 -04:00
..
cmd/pki Update to api 1.0.1 and sdk 0.1.8 2019-04-15 14:10:07 -04:00
backend.go Finish refactor to remove global crlLifetime (#16835) 2022-08-23 15:19:11 -04:00
backend_test.go Don't allow crl-signing issuer usage without CRLSign KeyUsage (#16865) 2022-08-24 07:45:54 -07:00
ca_test.go Make PKI tests run in parallel (#16514) 2022-08-01 16:43:38 -04:00
ca_util.go Add PSS support to PKI Secrets Engine (#16519) 2022-08-03 12:42:24 -04:00
cert_util.go Add an OCSP responder to Vault's PKI plugin (#16723) 2022-08-22 14:06:15 -04:00
cert_util_test.go Make PKI tests run in parallel (#16514) 2022-08-01 16:43:38 -04:00
chain_test.go Cleanup changes around issuer revocation (#16874) 2022-08-25 11:36:37 -04:00
chain_util.go Refactor PKI storage calls to take a shared struct (#16019) 2022-06-29 12:00:44 -04:00
config_util.go Refactor PKI storage calls to take a shared struct (#16019) 2022-06-29 12:00:44 -04:00
crl_test.go Add ocsp_expiry configuration field to PKI crl config (#16888) 2022-08-25 16:01:39 -04:00
crl_util.go Cleanup changes around issuer revocation (#16874) 2022-08-25 11:36:37 -04:00
fields.go Add PSS support to PKI Secrets Engine (#16519) 2022-08-03 12:42:24 -04:00
integation_test.go Make PKI tests run in parallel (#16514) 2022-08-01 16:43:38 -04:00
key_util.go Refactor PKI storage calls to take a shared struct (#16019) 2022-06-29 12:00:44 -04:00
managed_key_util.go secret/pki: Return correct algorithm type from key fetch API for managed keys (#15468) 2022-05-17 11:36:14 -04:00
ocsp.go Add ocsp_expiry configuration field to PKI crl config (#16888) 2022-08-25 16:01:39 -04:00
ocsp_test.go Add ocsp_expiry configuration field to PKI crl config (#16888) 2022-08-25 16:01:39 -04:00
path_config_ca.go Refactor PKI storage calls to take a shared struct (#16019) 2022-06-29 12:00:44 -04:00
path_config_crl.go Add ocsp_expiry configuration field to PKI crl config (#16888) 2022-08-25 16:01:39 -04:00
path_config_urls.go Add per-issuer AIA URI information to PKI secrets engine (#16563) 2022-08-19 11:43:44 -04:00
path_fetch.go Refactor PKI storage calls to take a shared struct (#16019) 2022-06-29 12:00:44 -04:00
path_fetch_issuers.go Don't allow crl-signing issuer usage without CRLSign KeyUsage (#16865) 2022-08-24 07:45:54 -07:00
path_fetch_keys.go Refactor PKI storage calls to take a shared struct (#16019) 2022-06-29 12:00:44 -04:00
path_intermediate.go Add per-issuer AIA URI information to PKI secrets engine (#16563) 2022-08-19 11:43:44 -04:00
path_issue_sign.go Add PSS support to PKI Secrets Engine (#16519) 2022-08-03 12:42:24 -04:00
path_manage_issuers.go Add per-issuer AIA URI information to PKI secrets engine (#16563) 2022-08-19 11:43:44 -04:00
path_manage_keys.go Refactor PKI storage calls to take a shared struct (#16019) 2022-06-29 12:00:44 -04:00
path_manage_keys_test.go Make PKI tests run in parallel (#16514) 2022-08-01 16:43:38 -04:00
path_revoke.go Add proof possession revocation for PKI secrets engine (#16566) 2022-08-16 14:01:26 -04:00
path_roles.go Add warning when generate_lease=true (#16398) 2022-08-08 13:26:10 -04:00
path_roles_test.go Make PKI tests run in parallel (#16514) 2022-08-01 16:43:38 -04:00
path_root.go Add per-issuer AIA URI information to PKI secrets engine (#16563) 2022-08-19 11:43:44 -04:00
path_sign_issuers.go Add PSS support to PKI Secrets Engine (#16519) 2022-08-03 12:42:24 -04:00
path_tidy.go Enable periodic, automatic rebuilding of CRLs (#16762) 2022-08-23 13:27:15 -04:00
secret_certs.go Allow Multiple Issuers in PKI Secret Engine Mounts - PKI Pod (#15277) 2022-05-11 12:42:28 -04:00
storage.go Add ocsp_expiry configuration field to PKI crl config (#16888) 2022-08-25 16:01:39 -04:00
storage_migrations.go Add an OCSP responder to Vault's PKI plugin (#16723) 2022-08-22 14:06:15 -04:00
storage_migrations_test.go Migrate existing PKI mounts that only contains a key (#16813) 2022-08-22 10:11:21 -07:00
storage_test.go Add an OCSP responder to Vault's PKI plugin (#16723) 2022-08-22 14:06:15 -04:00
test_helpers.go Add an OCSP responder to Vault's PKI plugin (#16723) 2022-08-22 14:06:15 -04:00
util.go Add an OCSP responder to Vault's PKI plugin (#16723) 2022-08-22 14:06:15 -04:00