Add an index on serials to the revokedCertificates table#8427
Merged
aarongable merged 1 commit intomainfrom Oct 2, 2025
Merged
Add an index on serials to the revokedCertificates table#8427aarongable merged 1 commit intomainfrom
aarongable merged 1 commit intomainfrom
Conversation
Contributor
|
@aarongable, this PR appears to contain configuration and/or SQL schema changes. Please ensure that a corresponding deployment ticket has been filed with the new values. |
aarongable
force-pushed
the
revoked-serial-index
branch
from
80156d2 to
d8c5e81
Compare
jsha
approved these changes
Oct 2, 2025
| -- +migrate Up | ||
| -- SQL in section 'Up' is executed when this migration is applied | ||
|
|
||
| ALTER TABLE `revokedCertificates` ADD KEY `serial` (`serial`); |
Contributor
There was a problem hiding this comment.
Note: I'd expected to see ADD UNIQUE KEY. But, if I'm remembering correctly, with partitioning we can't use UNIQUE KEYs other than the primary one. So for instance certificateStatus has a KEY on serial but not a UNIQUE one.
For certificateStatus we deal with that by using an UPDATE. That code also protects revokedCertificates from having duplicates. As we switch to revokedCertificates we'll want to make sure that revocations open a transaction, do a SELECT to make sure the row doesn't yet exist, and then INSERT.
jprenken
approved these changes
Oct 2, 2025
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
3 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Give the
revokedCertificatestable a non-unique index on theserialcolumn. This exactly matches the existing index on thecertificateStatustable.We did not include this index initially because we were optimizing this table for the crl-updater's crawl-by-shard-and-expiration behavior, but this index is necessary to look up if a certificate has already been revoked when computing ARI windows and when processing revocation requests.
Part of #8322
IN-11835 tracks the corresponding production schema changes