SNOW-3215001 defaultCrlDownloadMaxSize of 20MB instead of 200 (snowflakedb#1735)

### Description

* Reduced the default `CrlDownloadMaxSize` from 200MB to 20MB, as the
previous value was set too high and could cause out-of-memory issues.
* Fixed related documentation and comments.

### Checklist
- [x] Added proper logging (if possible)
- [x] Created tests which fail without the change (if possible)
- [x] Extended the README / documentation, if necessary

Author: sfc-gh-rsavenok

CHANGELOG.md

@@ -2,6 +2,10 @@
 
 ## Upcoming Release
 
+Bug fixes:
+
+- Fixed default `CrlDownloadMaxSize` to be 20MB instead of 200MB, as the previous value was set too high and could cause out-of-memory issues (snowflakedb/gosnowflake#1735)
+
 Internal changes:
 
 - Moved configuration to a dedicated internal package (snowflakedb/gosnowflake#1720).
@@ -12,7 +16,7 @@ Breaking changes:
 
 - Removed `RaisePutGetError` from `SnowflakeFileTransferOptions` - current behaviour is aligned to always raise errors for PUT/GET operations (snowflakedb/gosnowflake#1690).
 - Removed `GetFileToStream` from `SnowflakeFileTransferOptions` - using `WithFileGetStream` automatically enables file streaming for GETs (snowflakedb/gosnowflake#1690).
-- Renamed `WithFileStream` to `WithFilePutStream` for consistency (snowflakedb/gosnowflake#1690). 
+- Renamed `WithFileStream` to `WithFilePutStream` for consistency (snowflakedb/gosnowflake#1690).
 - `Array` function now returns error for unsupported types (snowflakedb/gosnowflake#1693).
 - `WithMultiStatement` does not return error anymore (snowflakedb/gosnowflake#1693).
 - `WithOriginalTimestamp` is removed, use `WithArrowBatchesTimestampOption(UseOriginalTimestamp)` instead (snowflakedb/gosnowflake#1693).

crl.go

@@ -156,7 +156,7 @@ const (
 	defaultCrlHTTPClientTimeout       = 10 * time.Second
 	defaultCrlCacheValidityTime       = 24 * time.Hour
 	defaultCrlOnDiskCacheRemovalDelay = 7 * time.Hour
-	defaultCrlDownloadMaxSize         = 200 * 1024 * 1024 // 200 MB
+	defaultCrlDownloadMaxSize         = 20 * 1024 * 1024 // 20 MB
 )
 
 func (cv *crlValidator) verifyPeerCertificates(rawCerts [][]byte, verifiedChains [][]*x509.Certificate) error {

doc.go

@@ -143,7 +143,7 @@ The following connection parameters are supported:
 
   - crlOnDiskCacheDisabled: set to disable on-disk caching of CRLs (on-disk cache may help with cold starts).
 
-  - crlDownloadMaxSize: maximum size (in bytes) of a CRL to download. Default is 200MB.
+  - crlDownloadMaxSize: maximum size (in bytes) of a CRL to download. Default is 20MB.
 
   - SNOWFLAKE_CRL_ON_DISK_CACHE_DIR (environment variable): set to customize the directory for on-disk caching of CRLs.
 

internal/config/config.go

@@ -107,7 +107,7 @@ type Config struct {
 	CrlAllowCertificatesWithoutCrlURL Bool                    // Allow certificates (not short-lived) without CRL DP included to be treated as correct ones
 	CrlInMemoryCacheDisabled          bool                    // Should the in-memory cache be disabled
 	CrlOnDiskCacheDisabled            bool                    // Should the on-disk cache be disabled
-	CrlDownloadMaxSize                int                     // Max size in bytes of CRL to download. 0 means no limit. Default is 0.
+	CrlDownloadMaxSize                int                     // Max size in bytes of CRL to download. 0 means use default (20MB).
 	CrlHTTPClientTimeout              time.Duration           // Timeout for HTTP client used to download CRL
 
 	ConnectionDiagnosticsEnabled       bool   // Indicates whether connection diagnostics should be enabled