Remove AIA OCSP URL from end-entity certificates #8059
Comments
This was referenced Mar 26, 2025
aarongable
added a commit
that referenced
this issue
Mar 26, 2025
Remove the backwards-compatible profile hashing code. It is no longer necessary, since all deployed profile configs now set IncludeCRLDistributionPoints to true and set the UnsplitIssuance flag to true. Catch up the CA and crl-updater configs to match config-next and what is actively deployed in prod. Part of #8039 Part of #8059
aarongable
added a commit
that referenced
this issue
Mar 28, 2025
Delete several python revocation integration tests whose functionality is already replicated by the go revocation integration tests. Add support for revoking via admin-revoker to TestRevocation, and use that to replace several more python tests. The go versions of these tests use CRLs, rather than OCSP, to confirm the revocation status of the certs in question. This is fine because the purpose of these tests is to ensure that we handle revocation requests correctly in general, not specifically via OCSP. Part of #8059
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Likely in the form of a new profile field
omitAIAOCSP, and some logic within the issuance package that errors out if the profile is going to omit both the OCSP URI and the CRLDP URI.The text was updated successfully, but these errors were encountered: