Aaron Gable
Aaron Gable
Regarding "lacking the means to detect logging failures": maybe this is the moment to return to the idea of making our audit log events not actual "logs", and instead writing...
A step towards this direction is contained in #5160: creating a new `ChainID` type which is a truncated (int64) hash over just the Subject or Issuer Info raw bytes.
Repurposing this bug to be: let's use `issuance.IssuerNameID` in the `certStatus` table and the `capb.GenerateOCSPRequest` proto message.
Returning to this. Two main approaches that I see: 1) Add a new issuerNameID column to the certificateStatus table, update the CA to write to both issuerID and issuerNameID, update...
Noting here that the last pieces of this are: 1) Triple check that every component is happy receiving either an IssuerID or an IssuerNameID, and handles both with equal aplomb...
Since I'm looking at some of this code right now, an update for posterity: the CA has been storing the IssuerNameID instead of the IssuerID in the certificateStatus table for...
(Update: wastedassign still does not support generics. You can track golangci-lint's progress on fixing various sub-linters here: https://github.com/golangci/golangci-lint/issues/2649)
Without any additional details in this report, it seems unlikely that we'll be able to reproduce or root-cause it. Regardless, I do not believe this is an issue any more...
Preemptively closing as work that will not be completed because we are instead removing ocsp-updater entirely: https://github.com/letsencrypt/boulder/issues/6285
(It should be noted that we believe these changes will essentially be no-ops: the actual caching behavior of our CDN is not controlled by the `Cache-Control` header; the header is...