In order to limit disk usage that is unchecked at the moment the following measures will be in place:
CSR timeout: if the private key of a CSR can not be paired with a certificate response within a certain configurable timeframe, the private key will be deleted. A monotonic clock will be used for independence of system time
Size (MB) limit for certificates (configurable, with a default of 100MB), if the size limit is exceeded no further certificates will be installed
Garbage collector function, that receives a 'correct' real time in order to check certificate validity and delete expired ones
In the future a configurable limit on individual certificates can be set, when used in pair with libocpp, that limits the certificate count.
In order to limit disk usage that is unchecked at the moment the following measures will be in place:
In the future a configurable limit on individual certificates can be set, when used in pair with libocpp, that limits the certificate count.