Skip to content

Reload roots and/or automatically fetch them from CCADB #40

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
FiloSottile merged 2 commits into from
Jul 4, 2025
Merged

Reload roots and/or automatically fetch them from CCADB #40

FiloSottile merged 2 commits into from
Jul 4, 2025

Conversation

@FiloSottile
Copy link
Owner

@FiloSottile FiloSottile commented Jul 4, 2025

No description provided.

@FiloSottile FiloSottile requested a review from Copilot July 4, 2025 14:52
Copilot AI reviewed Jul 4, 2025
View reviewed changes
Copy link

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull Request Overview

This PR adds persistence, dynamic reloading, and CCADB-based updating of trusted root certificates for the CT log.

  • Persist initial empty roots in object storage (_roots.pem) during log creation
  • Introduce thread-safe in-memory root pool with SetRootsFromPEM and rootPool
  • Add SIGHUP reload and periodic CCADB/ExtraRoots fetching in the CLI

Reviewed Changes

Copilot reviewed 7 out of 7 changed files in this pull request and generated 4 comments.

Show a summary per file
File Description
internal/ctlog/testlog_test.go Update tests to initialize roots via SetRootsFromPEM
internal/ctlog/http.go Switch chain validation and root endpoint to use rootPool()
internal/ctlog/ctlog_test.go Adjust sequence upload path tests to include _roots.pem
internal/ctlog/ctlog.go Add _roots.pem upload/fetch, in-memory root pool, and reloads
cmd/sunlight/sunlight.go Implement SIGHUP root reload logic and CCADBRoots/ExtraRoots flags
cmd/sunlight/roots.go Implement CCADB/ExtraRoots fetching and merging into pool
cmd/sunlight/roots_test.go Add tests for CCADBRoots

@FiloSottile FiloSottile merged commit 11a172f into main Jul 4, 2025
2 checks passed
@FiloSottile FiloSottile deleted the push-xwxmlorlotnv branch November 8, 2025 13:07
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@FiloSottile