Skip to content

Move //revocation/reasons.go into the post-OCSP world #8355

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 2 commits into from
Sep 11, 2025
Merged

Move //revocation/reasons.go into the post-OCSP world #8355

merged 2 commits into from
Sep 11, 2025

Conversation

aarongable
Copy link
Contributor

@aarongable aarongable commented Aug 15, 2025
edited
Loading

Define the acceptable revocation reason codes directly in our revocation package. Make the int-to-string and string-to-int conversion capabilities into immutable functions, rather than ad-hoc dictionary lookups. Do the same for the user- or admin-allowed reasons. These changes make the revocation package wholly standalone, with no dependencies (except fmt).

Update all of our logic and tests to use revocation.Reasons instead of constants from the /x/crypto/ocsp package. This removes all reliance on the /x/crypto/ocsp package for revocation reasons, which felt awkward in a CRLs-only world.

Finally, take advantage of the improvements above to give the ceremony CRL tool the ability to take revocation reasons as strings, rather than integers. This behavior matches the capabilities already present in the admin revoke-cert tool

Fixes #8328

Warning

Do not merge before #8351

@aarongable aarongable marked this pull request as ready for review September 10, 2025 23:24
@aarongable aarongable requested a review from a team as a code owner September 10, 2025 23:24
@aarongable aarongable requested review from jprenken and removed request for a team September 10, 2025 23:24
jprenken
jprenken previously approved these changes Sep 11, 2025
View reviewed changes
@jprenken jprenken requested review from a team and jsha and removed request for a team September 11, 2025 01:20
Base automatically changed from rm-akamai-purger to main September 11, 2025 15:23
@aarongable aarongable dismissed jprenken’s stale review September 11, 2025 15:23

The base branch was changed.

@aarongable aarongable requested a review from jprenken September 11, 2025 15:23
@aarongable aarongable merged commit 3b0e57e into main Sep 11, 2025
12 checks passed
@aarongable aarongable deleted the admin-reason-string branch September 11, 2025 22:59
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@jsha jsha jsha approved these changes

@jprenken jprenken jprenken approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Use revocation.ReasonToString in ceremony for generating CRLs
3 participants
@aarongable @jsha @jprenken