Skip to content

Add AlreadyRevoked handling to revokedCertificates table inserts #8408

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Draft
wants to merge 6 commits into
base: main
Choose a base branch
from
Draft

Add AlreadyRevoked handling to revokedCertificates table inserts #8408

wants to merge 6 commits into from

Conversation

@aarongable
Copy link
Contributor

@aarongable aarongable commented Sep 24, 2025
edited
Loading

Within sa.addRevokedCertificate, detect if the insert failed due to a duplicate primary key, and return berrors.AlreadyRevoked in that case. This matches the behavior of sa.RevokeCertificate when an update to the certificateStatus table modifies no rows.

This change has no immediate impact, because addRevokedCertificate is only called after RevokeCertificate's update to the certificateStatus table has succeeded: if the first operation returns AlreadyRevoked, this code is never reached. However, we plan to remove the certificateStatus table in the future, so this code will need to return AlreadyRevoked when appropriate.

Part of #8322

Warning

Do not merge before #8427
Do not merge before IN-11835 is complete

@aarongable aarongable marked this pull request as ready for review September 24, 2025 22:25
@aarongable aarongable requested a review from a team as a code owner September 24, 2025 22:25
@aarongable aarongable requested a review from jprenken September 24, 2025 22:25
jprenken
jprenken previously approved these changes Sep 24, 2025
View reviewed changes
@jprenken jprenken requested review from a team and jsha and removed request for a team September 24, 2025 23:02
jsha
jsha requested changes Sep 25, 2025
View reviewed changes
@aarongable aarongable mentioned this pull request Oct 2, 2025
Merged
@aarongable aarongable marked this pull request as draft October 2, 2025 23:37
@aarongable aarongable requested review from jprenken and jsha October 3, 2025 22:18
jprenken
jprenken previously approved these changes Oct 3, 2025
View reviewed changes
@aarongable aarongable marked this pull request as ready for review October 7, 2025 21:44
jsha
jsha requested changes Oct 20, 2025
View reviewed changes
Copy link
Contributor

@jsha jsha left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Sorry for the delay. I had a pending comment in here I thought I'd already sent.

@aarongable aarongable requested review from jprenken and jsha October 20, 2025 20:13
jprenken
jprenken previously approved these changes Oct 20, 2025
View reviewed changes
@jsha jsha mentioned this pull request Oct 21, 2025
Open
@aarongable aarongable marked this pull request as draft October 22, 2025 00:31
@aarongable aarongable marked this pull request as ready for review October 22, 2025 01:06
@aarongable
Copy link
Contributor Author

aarongable commented Oct 22, 2025
edited
Loading

I've updated this PR to make the serials index unique, and then rely on detecting duplicate inserts, like the first draft. I've updated IN-11835 to indicate that the new index should be unique. I think that including the index update in this PR, rather than as a predecessor PR that must be deployed first, is fine because the inserts into this table are still actually protected by the updates to the certificateStatus table. PTAnotherL?

jprenken
jprenken previously approved these changes Oct 22, 2025
View reviewed changes
@aarongable aarongable marked this pull request as draft October 28, 2025 22:13
jsha
jsha requested changes Oct 28, 2025
View reviewed changes
@aarongable aarongable requested review from jprenken and jsha October 28, 2025 23:22
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@jsha jsha jsha approved these changes

@jprenken jprenken jprenken approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@aarongable @jsha @jprenken