Bump cfssl to 56268a6

vendor/github.com/cloudflare/cfssl/api/BUILD

@@ -29,6 +29,7 @@ filegroup(
         "//vendor/github.com/cloudflare/cfssl/api/crl:all-srcs",
         "//vendor/github.com/cloudflare/cfssl/api/gencrl:all-srcs",
         "//vendor/github.com/cloudflare/cfssl/api/generator:all-srcs",
+        "//vendor/github.com/cloudflare/cfssl/api/health:all-srcs",
         "//vendor/github.com/cloudflare/cfssl/api/info:all-srcs",
         "//vendor/github.com/cloudflare/cfssl/api/initca:all-srcs",
         "//vendor/github.com/cloudflare/cfssl/api/ocsp:all-srcs",

vendor/github.com/cloudflare/cfssl/api/client/client.go

@@ -105,14 +105,28 @@ func (srv *server) getURL(endpoint string) string {
 	return fmt.Sprintf("%s/api/v1/cfssl/%s", srv.URL, endpoint)
 }
 
-func (srv *server) createTransport() (transport *http.Transport) {
-	transport = new(http.Transport)
+func (srv *server) createTransport() *http.Transport {
+	// Start with defaults from http.DefaultTransport
+	transport := &http.Transport{
+		Proxy: http.ProxyFromEnvironment,
+		DialContext: (&net.Dialer{
+			Timeout:   30 * time.Second,
+			KeepAlive: 30 * time.Second,
+			DualStack: true,
+		}).DialContext,
+		MaxIdleConns:          100,
+		IdleConnTimeout:       90 * time.Second,
+		TLSHandshakeTimeout:   10 * time.Second,
+		ExpectContinueTimeout: 1 * time.Second,
+	}
 	// Setup HTTPS client
 	tlsConfig := srv.TLSConfig
 	tlsConfig.BuildNameToCertificate()
 	transport.TLSClientConfig = tlsConfig
 	// Setup Proxy
-	transport.Proxy = srv.proxy
+	if srv.proxy != nil {
+		transport.Proxy = srv.proxy
+	}
 	return transport
 }
 

vendor/github.com/cloudflare/cfssl/api/health/BUILD

@@ -0,0 +1,24 @@
+load("@io_bazel_rules_go//go:def.bzl", "go_library")
+
+go_library(
+    name = "go_default_library",
+    srcs = ["health.go"],
+    importmap = "k8s.io/kubernetes/vendor/github.com/cloudflare/cfssl/api/health",
+    importpath = "github.com/cloudflare/cfssl/api/health",
+    visibility = ["//visibility:public"],
+    deps = ["//vendor/github.com/cloudflare/cfssl/api:go_default_library"],
+)
+
+filegroup(
+    name = "package-srcs",
+    srcs = glob(["**"]),
+    tags = ["automanaged"],
+    visibility = ["//visibility:private"],
+)
+
+filegroup(
+    name = "all-srcs",
+    srcs = [":package-srcs"],
+    tags = ["automanaged"],
+    visibility = ["//visibility:public"],
+)

vendor/github.com/cloudflare/cfssl/api/health/health.go

@@ -0,0 +1,26 @@
+package health
+
+import (
+	"encoding/json"
+	"net/http"
+
+	"github.com/cloudflare/cfssl/api"
+)
+
+// Response contains the response to the /health API
+type Response struct {
+	Healthy bool `json:"healthy"`
+}
+
+func healthHandler(w http.ResponseWriter, r *http.Request) error {
+	response := api.NewSuccessResponse(&Response{Healthy: true})
+	return json.NewEncoder(w).Encode(response)
+}
+
+// NewHealthCheck creates a new handler to serve health checks.
+func NewHealthCheck() http.Handler {
+	return api.HTTPHandler{
+		Handler: api.HandlerFunc(healthHandler),
+		Methods: []string{"GET"},
+	}
+}

vendor/github.com/cloudflare/cfssl/api/revoke/revoke.go

@@ -113,7 +113,7 @@ func (h *Handler) Handle(w http.ResponseWriter, r *http.Request) error {
 			return err
 		}
 
-		// We parse the OCSP repsonse in order to get the next
+		// We parse the OCSP response in order to get the next
 		// update time/expiry time
 		ocspParsed, err := stdocsp.ParseResponse(ocspResponse, nil)
 		if err != nil {