Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

proposal: crypto/tls: support for checking certificate chains against CRL revocation #68573

Open
macb2625 opened this issue Jul 24, 2024 · 2 comments
Labels
Proposal Proposal-Crypto Proposal related to crypto packages or other security issues
Milestone

Comments

@macb2625
Copy link

macb2625 commented Jul 24, 2024

Proposal Details

Provide an external api which can take a list of CRL and X509 certificate chain/s and does CRL validation as done in the following code flow:
https://github.com/grpc/grpc-go/blob/master/security/advancedtls/advancedtls.go#L579
the pointer to CRLs can be part of x509 verify options as well which is used in certificate.Verify() call.
https://pkg.go.dev/crypto/x509#Certificate.Verify
https://pkg.go.dev/crypto/x509#VerifyOptions

@ianlancetaylor ianlancetaylor added the Proposal-Crypto Proposal related to crypto packages or other security issues label Jul 24, 2024
@ianlancetaylor
Copy link
Contributor

CC @golang/security

@seankhliao seankhliao changed the title Add a external API under tls or advancedtls package which can do CRL checking based on a input verified chain and Revocation list proposal: crypto/tls: support for checking certificate chains against CRL revocation Jul 24, 2024
@gopherbot gopherbot added this to the Proposal milestone Jul 24, 2024
@gabyhelp
Copy link

Related Issues and Documentation

(Emoji vote if this was helpful or unhelpful; more detailed feedback welcome in this discussion.)

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
Proposal Proposal-Crypto Proposal related to crypto packages or other security issues
Projects
Status: Incoming
Development

No branches or pull requests

4 participants