boulder icon indicating copy to clipboard operation
boulder copied to clipboard
verified publisher icon letsencrypt

Reland "Use GetRevocationStatus instead of GetCertificateStatus"

Open aarongable opened this issue 6 months ago • 0 comments

This is a reland of https://github.com/letsencrypt/boulder/pull/8402 This is a revert of https://github.com/letsencrypt/boulder/pull/8426

In the SA, change the implementation of GetRevocationStatus to read from the revokedCertificates table instead of reading from the certificateStatus table.

In the WFE, switch to calling GetRevocationStatus when computing ARI windows. Similarly, in the RA, make the same switch when checking if a to-be-revoked certificate is already revoked.

Across all three locations, use new core constants to represent "good" and "revoked", to avoid references to OCSP and unwieldy string/int conversions.

This paves the way for removing sa.GetCertificateStatus, which now has only one remaining caller which is not quite so easily changed.

Part of https://github.com/letsencrypt/boulder/issues/8322 IN-11835 tracks the corresponding production config changes

[!WARNING] ~~Do not merge before https://github.com/letsencrypt/boulder/pull/8427~~ Do not merge before IN-11835 is complete

aarongable avatar Oct 02 '25 22:10 aarongable