Skip to content
This repository has been archived by the owner on Jun 9, 2024. It is now read-only.

Commit

Permalink
CRL issue fix
Browse files Browse the repository at this point in the history 
* A certificate being revoked could could an infinite loop of revokation
* This adds a check for already revoked
  • Loading branch information
@lspgn
lspgn committed Apr 17, 2019
1 parent afe4b60 commit adece78
Showing 1 changed file with 7 additions and 0 deletions.
7 changes: 7 additions & 0 deletions validator/pki/pki.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -300,6 +300,7 @@ func (v *Validator) AddResource(pkifile *PKIFile, data []byte) (bool, []*PKIFile
}

func (v *Validator) InvalidateObject(keyid []byte) {
invalidated := make(map[string]bool)
invalidateList := make([][]byte, 1)
invalidateList[0] = keyid

Expand All @@ -308,10 +309,16 @@ func (v *Validator) InvalidateObject(keyid []byte) {
invalidateList = invalidateList[1:]

ski := string(currentKeyId)

if _, ok := invalidated[ski]; ok {
continue
}

res, hasCert := v.Objects[ski]
delete(v.ValidObjects, ski)
delete(v.ValidROA, ski)
delete(v.ValidCRL, ski)
invalidated[ski] = true

if hasCert {
for _, child := range res.Childs {
Expand Down

0 comments on commit adece78

Please sign in to comment.