You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
seankhliao
changed the title
Add a external API under tls or advancedtls package which can do CRL checking based on a input verified chain and Revocation list
proposal: crypto/tls: support for checking certificate chains against CRL revocation
Jul 24, 2024
Proposal Details
Provide an external api which can take a list of CRL and X509 certificate chain/s and does CRL validation as done in the following code flow:
https://github.com/grpc/grpc-go/blob/master/security/advancedtls/advancedtls.go#L579
the pointer to CRLs can be part of x509 verify options as well which is used in certificate.Verify() call.
https://pkg.go.dev/crypto/x509#Certificate.Verify
https://pkg.go.dev/crypto/x509#VerifyOptions
The text was updated successfully, but these errors were encountered: