From 28bef6356923677fd414ffaed059342ad5e002be Mon Sep 17 00:00:00 2001
From: shankar0123 <skreddy040@gmail.com>
Date: Sun, 22 Mar 2026 19:06:37 -0400
Subject: [PATCH] fix: handle 'not found' errors as 404 in CRL/OCSP handlers

The error routing only checked for "issuer not found" but not
"certificate not found", causing cert-not-found errors to fall
through to a generic 500. Broadened the check to match any
"not found" error string for both CRL and OCSP handlers.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
---
 internal/api/handler/certificates.go | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/internal/api/handler/certificates.go b/internal/api/handler/certificates.go
index 0dae812..4411366 100644
--- a/internal/api/handler/certificates.go
+++ b/internal/api/handler/certificates.go
@@ -464,7 +464,7 @@ func (h CertificateHandler) GetDERCRL(w http.ResponseWriter, r *http.Request) {
 	derBytes, err := h.svc.GenerateDERCRL(issuerID)
 	if err != nil {
 		errMsg := err.Error()
-		if strings.Contains(errMsg, "issuer not found") {
+		if strings.Contains(errMsg, "not found") {
 			Error(w, http.StatusNotFound, errMsg)
 			return
 		}
@@ -504,7 +504,7 @@ func (h CertificateHandler) HandleOCSP(w http.ResponseWriter, r *http.Request) {
 	derBytes, err := h.svc.GetOCSPResponse(issuerID, serialHex)
 	if err != nil {
 		errMsg := err.Error()
-		if strings.Contains(errMsg, "issuer not found") {
+		if strings.Contains(errMsg, "not found") {
 			Error(w, http.StatusNotFound, errMsg)
 			return
 		}