mirror of
https://github.com/hashicorp/vault.git
synced 2025-08-22 23:21:08 +02:00
2fe676e75b
* Validate OCSP response is signed by expected issuer and serial number matches request
- There was a bug in the OCSP response signature logic, it properly
verified but kept around the ocspRes object around so we ignored
the errors found and passed the response object back up the stack.
- Now extract the verification logic into a dedicated function, if
it returns an error, blank the ocspRes response as we can't trust it.
- Address an issue that the OCSP requests from multiple servers were
clobbering each others responses as the index loop variable was not
properly captured.
- Add a missing validation that the response was for the serial number
we requested
* Add cl
Vault SDK libs
This package provides the sdk package which contains code useful for
developing Vault plugins.
Although we try not to break functionality, we reserve the right to reorganize
the code at will and may occasionally cause breaks if they are warranted. As
such we expect the tag of this module will stay less than v1.0.0.
For any major changes we will try to give advance notice in the CHANGES section of Vault's CHANGELOG.md.