* Support OCSP responses without a NextUpdate value set
- Validate that the ThisUpdate value is
properly prior to our current time and
if NextUpdate is set that, ThisUpdate is
before NextUpdate.
- If we don't have a value for NextUpdate just compare against ThisUpdate.
* Add ocsp_this_update_max_ttl support to cert auth
- Allow configuring a maximum TTL of the OCSP response based on the
ThisUpdate time like OpenSSL does
- Add test to validate that we don't cache OCSP responses with no NextUpdate
* Add cl
* Add missing ` in docs
* Rename ocsp_this_update_max_ttl to ocsp_this_update_max_age
* Missed a few TTL references
* Fix error message
* Cache trusted cert values, invalidating when anything changes
* rename to something more indicative
* defer
* changelog
* Use an LRU cache rather than a static map so we can't use too much memory. Add docs, unit tests
* Don't add to cache if disabled. But this races if just a bool, so make the disabled an atomic
* Update cert.mdx
Adding the missing parameter `url` for CRL create endpoint.
* Update website/content/api-docs/auth/cert.mdx
Co-authored-by: Steven Clark <steven.clark@hashicorp.com>
* Update cert.mdx
Corrected the duplicate `crl` line.
---------
Co-authored-by: Steven Clark <steven.clark@hashicorp.com>
* Add crl list capabilities to cert auth
Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>
* Add docs on cert auth CRL listing
Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>
* Add changelog
Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>
* Add test for cert auth listing
Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>
Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>
