| Age | Commit message (Collapse) | Author |
|---|
|
|
|
|
|
In retrospect a primary key that has no relation to the certificate is preferred to using the certificate KeyID. The KeyID is also very large for a primary index.
This is a moderately tricky migration, especially for SQLite which has no means of altering the table in this fashion - it involves creating the new table and copying the data.
Order of commands also matters - index names are global in SQLite, so the `idx_expires_at` index needs to be created at the correct stages.
For MySQL migration the necessary steps are run as a single alter statement to minimise the risk of leaving the migration in an incomplete state if anything aborts.
When tested on a table with 250,000 rows (MySQL 5.7) the migration took 3 seconds to complete. As certificates will be requested infrequently the risk of prolonged locking is minimal.
|
|
|
|
Return an error if the store isn't known, instead of defaulting to a mem store
|
|
|
|
|
|
|
|
|
|
Resolves #40
|
|
|
|
|
|
The 'datastore' string option is deprecated and will be removed in a
future version. The new 'database' map option is preferred.
|
|
Vault is supported for the following:
As a well-known filesystem for TLS cert, TLS key and SSH signing key.
For configuration secrets for cookie_secret, csrf_secret, oauth_client_id and oauth_client_secret options.
|
|
|
|
Add a template for revocation
Use DATETIME type to store created/expires times
Require auth for the /admin and /revoke endpoints
|
|
|
