Skip to content

Remove support for temporally-sharded CRLs #8400

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
aarongable merged 1 commit into from
Sep 23, 2025
Merged

Remove support for temporally-sharded CRLs #8400

aarongable merged 1 commit into from
Sep 23, 2025

Conversation

@aarongable
Copy link
Contributor

@aarongable aarongable commented Sep 11, 2025
edited
Loading

In crl-updater, delete the code which computes the set of temporal chunks that belong to a shard, which queries the database for revoked certs falling into those chunks, and which combines and deduplicates those results against the revoked certs from explicit shards.

In the SA, make the ShardIdx argument to RevokeCertificate and UpdateRevokedCertificate fully mandatory, and make updating the revokedCertificates table unconditional.

This paves the way for deleting the sa.GetMaxExpiration and sa.GetRevokedCerts methods, which were only called from code deleted by this change.

IN-11747 tracks the corresponding config change in prod.

Part of #8399
Part of #8322

@aarongable aarongable marked this pull request as ready for review September 11, 2025 23:51
@aarongable aarongable requested a review from a team as a code owner September 11, 2025 23:51
This was referenced Sep 11, 2025
Merged
Open
Merged
@aarongable aarongable requested a review from jprenken September 22, 2025 23:17
@aarongable aarongable merged commit b999183 into main Sep 23, 2025
15 checks passed
@aarongable aarongable deleted the all-explicit-sharding branch September 23, 2025 16:38
@jsha jsha mentioned this pull request Oct 20, 2025
Draft
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@jsha jsha jsha approved these changes

@jprenken jprenken jprenken approved these changes

@beautifulentropy beautifulentropy Awaiting requested review from beautifulentropy beautifulentropy is a code owner automatically assigned from letsencrypt/boulder-developers

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@aarongable @jsha @jprenken