-
Notifications
You must be signed in to change notification settings - Fork 16
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Rename pki.Validate to pki.CheckCRL for clarity on its purpose #3586
Conversation
Go style would be |
https://go.dev/wiki/CodeReviewComments disagrees
the linter doesn't know it's an acronym though |
Just curious as I digged through this method to debug #3583, is CheckCRL really the only intended feature of this method? It does also check if the certificate is on a denylist (arguably some kind of CRL): Line 176 in 51cb949
And if the certificate is known in the truststore: Line 191 in 51cb949
To me it looks like it does more than just a certificate revocation check. |
Oh... I'm almost sure someone pointed that out to me, but I can't remember now 🤦 |
The denylist is a CRL under control of the user instead of the issuer. It should not be used but exists in case we need it in the future.
We need this certificate to validate the signature on the CRL. So it is more a lookup of a trusted key than confirming the issuer is in the truststore. The trustchain is verified outside of this module and that is one of the reasons I wanted to change the name. |
No description provided.