boulder icon indicating copy to clipboard operation
boulder copied to clipboard
verified publisher icon letsencrypt

Clean up issuance-time OCSP code

Open aarongable opened this issue 10 months ago • 0 comments

We've configured all of our production profiles to exclude the AIA OCSP URI from our certificates. We can now remove the code which supported:

  • including AIA OCSP URIs in certs
  • including the MustStaple extension in certs
  • configuring profiles to include or not include them
  • conditioning MustStaple inclusion on an allow-list

We should continue rejecting any finalize requests which include the MustStaple extension in their CSR.

The two sub-issues track the removal of the critical code and the deprecation of the corresponding config items; this issue will track the final removal of those config items after they have been removed from all deployed configs.

aarongable avatar May 12 '25 22:05 aarongable