remove incorrect check on revoked certificate dates, add mutex lock for generating CRLs,

2 years ago · 40baf73dff
parent 4e19aa4c52
commit 40baf73dff
3 changed files with 5 additions and 1 deletions
--- a/authority/authority.go
+++ b/authority/authority.go
@ -71,6 +71,7 @@ type Authority struct {

 	// CRL vars
 	crlTicker *time.Ticker
+	crlMutex  sync.Mutex

 	// Do not re-initialize
 	initOnce  bool
--- a/authority/tls.go
+++ b/authority/tls.go
@ -637,6 +637,9 @@ func (a *Authority) GenerateCertificateRevocationList() error {
 		return errors.Errorf("CA does not support CRL Generation")
 	}

+	a.crlMutex.Lock() // use a mutex to ensure only one CRL is generated at a time to avoid concurrency issues
+	defer a.crlMutex.Unlock()
+
 	crlInfo, err := crlDB.GetCRL()
 	if err != nil {
 		return errors.Wrap(err, "could not retrieve CRL from database")
--- a/db/db.go
+++ b/db/db.go
@ -255,7 +255,7 @@ func (db *DB) GetRevokedCertificates() (*[]RevokedCertificateInfo, error) {
 			return nil, err
 		}

-		if !data.RevokedAt.IsZero() && data.RevokedAt.After(now) {
+		if !data.RevokedAt.IsZero() {
 			revokedCerts = append(revokedCerts, data)
 		} else if data.RevokedAt.IsZero() {
 			cert, err := db.GetCertificate(data.Serial)