From 8891d5f4565d2dcd81cc784bc0e3a0c92e6b8c00 Mon Sep 17 00:00:00 2001 From: shankar0123 Date: Thu, 30 Apr 2026 05:22:10 +0000 Subject: [PATCH] fix(cert-export): satisfy staticcheck ST1022 on PKCS12CipherModernAES256 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Production hardening II Phase 11 verification — golangci-lint v2.11.4 flagged the const PKCS12CipherModernAES256 doc comment with ST1022 (comments on exported identifiers should start with the identifier name). Reformatted to lead with the const name; same content. Reproduced clean: 0 issues across handler/, service/, connector/issuer/local/, api/router/, ratelimit/. --- internal/service/export_audit_actions.go | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/internal/service/export_audit_actions.go b/internal/service/export_audit_actions.go index 017a1d9..2a2ec33 100644 --- a/internal/service/export_audit_actions.go +++ b/internal/service/export_audit_actions.go @@ -50,11 +50,11 @@ const ( AuditActionCertExportFailed = "cert_export_failed" ) -// Cipher identifier emitted in the PKCS#12 export audit detail. -// Pinned here so a future dependency upgrade that silently changes -// the underlying go-pkcs12 default is caught by the audit drift -// review (operator notices the value diverging from what's -// advertised in docs/security.md). +// PKCS12CipherModernAES256 is the cipher identifier emitted in the +// PKCS#12 export audit detail. Pinned here so a future dependency +// upgrade that silently changes the underlying go-pkcs12 default is +// caught by the audit drift review (operator notices the value +// diverging from what's advertised in docs/crl-ocsp.md). // // pkcs12.Modern (the SSLMate library) produces AES-256-CBC PBE2 // with SHA-256 KDF. Documented in github.com/SSLMate/go-pkcs12 v0.7+.