Remove requirement for IncludeCRLDistributionPoints config (#8462)

The IncludeCRLDistributionPoints config item is ignored -- we include a
CRLDP no matter what. Therefore the stanza requiring that one be set in
the config is redundant and useless, and prevents us from cleaning up
that config item.

It is likely that, if and when we address
#7673 to drop the CRLDP
from short-lived certs, we will use a new "OmitRevocation" config field.

Author: aarongable

issuance/cert.go

@@ -102,14 +102,6 @@ func NewProfile(profileConfig ProfileConfig) (*Profile, error) {
 		return nil, fmt.Errorf("validity period %q is too large", profileConfig.MaxValidityPeriod.Duration)
 	}
 
-	// Although the Baseline Requirements say that revocation information may be
-	// omitted entirely *for short-lived certs*, the Microsoft root program still
-	// requires that at least one revocation mechanism be included in all certs.
-	// TODO(#7673): Remove this restriction.
-	if !profileConfig.IncludeCRLDistributionPoints {
-		return nil, fmt.Errorf("at least one revocation mechanism must be included")
-	}
-
 	lints, err := linter.NewRegistry(profileConfig.IgnoredLints)
 	cmd.FailOnError(err, "Failed to create zlint registry")
 	if profileConfig.LintConfig != "" {

issuance/cert_test.go

@@ -941,15 +941,6 @@ func TestNewProfile(t *testing.T) {
 			},
 			wantErr: "validity period \"9528h0m0s\" is too large",
 		},
-		{
-			name: "no revocation info",
-			config: ProfileConfig{
-				MaxValidityBackdate:          config.Duration{Duration: 1 * time.Hour},
-				MaxValidityPeriod:            config.Duration{Duration: 90 * 24 * time.Hour},
-				IncludeCRLDistributionPoints: false,
-			},
-			wantErr: "revocation mechanism must be included",
-		},
 	} {
 		t.Run(tc.name, func(t *testing.T) {
 			gotProfile, gotErr := NewProfile(tc.config)