Do not delete certificates when user is deleted; set them to be

revoked so that the CRL generation will add them to the CRL. They will be pruned by the nightly dbcheck.

Do not delete certificates when user is deleted; set them to be
revoked so that the CRL generation will add them to the CRL. They will be pruned by the nightly dbcheck.
5061c6e5 · Leigh B. Stoller · e1e60cfc · 5061c6e5
Commit 5061c6e5 authored Nov 17, 2008 by Leigh B. Stoller
--- a/db/User.pm.in
+++ b/db/User.pm.in
@@ -583,7 +583,14 @@ sub Purge($)
 	or return -1;
    DBQueryWarn("delete from user_sfskeys  where uid_idx='$uid_idx'")
 	or return -1;
-    DBQueryWarn("delete from user_sslcerts where uid_idx='$uid_idx'")
+
+    #
+    # Do not delete certs; we need them around so we can generte the CRLS.
+    # Just set the revoked flag for them. At some point we need to prune
+    # the table.
+    #
+    DBQueryWarn("update user_sslcerts set revoked=now() ".
+		"where uid_idx='$uid_idx' and revoked is null")
 	or return -1;

    #