The first patch normalizes the PEM encoding of certificates in enrolled.json. If we made this change alone there would be some 600 unnecessary attachment replacements in intermediates. The third patch changes how we decide when to upload a new attachment so that we will not make these replacements.
The second patch will cause us to set all of the crlite_enrolled flags to false in intermediates. This will have a one-time cost of causing clients to re-download the affected ~800 records (but not their attachments). There are many intermediates that get enrolled and then unenrolled from CRLite every few weeks due to the availability of their CRLs. So long term this change should reduce the load on intermediates.
The first patch normalizes the PEM encoding of certificates in
enrolled.json. If we made this change alone there would be some 600 unnecessary attachment replacements inintermediates. The third patch changes how we decide when to upload a new attachment so that we will not make these replacements.The second patch will cause us to set all of the
crlite_enrolledflags to false inintermediates. This will have a one-time cost of causing clients to re-download the affected ~800 records (but not their attachments). There are many intermediates that get enrolled and then unenrolled from CRLite every few weeks due to the availability of their CRLs. So long term this change should reduce the load onintermediates.Resolves #272 Resolves #273