Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

system: trust: OCSP support for integrated services using certificates, e.g. OpenVPN #7114

Closed
2 tasks done
fichtner opened this issue Jan 3, 2024 · 0 comments
Closed
2 tasks done

system: trust: OCSP support for integrated services using certificates, e.g. OpenVPN #7114

fichtner opened this issue Jan 3, 2024 · 0 comments
Assignees
@AdSchellevis
Labels
feature Adding new functionality roadmap Major roadmap item
Milestone
24.1

Comments

@fichtner
Copy link
Member

fichtner commented Jan 3, 2024

Important notices

Before you add a new report, we ask you kindly to acknowledge the following:

Is your feature request related to a problem? Please describe.

OCSP can help verify integrity of certificates, for details see a POC for OpenVPN #7082

Describe the solution you like

Add a simple validator function ocsp_validate() and implement an optional check for the OpenVPN TLS verification script.

Describe alternatives you considered

N/A

Additional context

N/A
@fichtner fichtner added feature Adding new functionality roadmap Major roadmap item labels Jan 3, 2024
@fichtner fichtner added this to the 24.1 milestone Jan 3, 2024
@fichtner fichtner linked a pull request Jan 3, 2024 that will close this issue
f/u to #6838 : implement ocsp check in tls_verify.php #7082
Closed
AdSchellevis added a commit that referenced this issue Jan 3, 2024
@AdSchellevis
VPN: OpenVPN: Instances - add (optional) ocsp check (#7082, #7114)
318a1ae 
* initial implementation, needs some testing.
AdSchellevis added a commit that referenced this issue Jan 4, 2024
@AdSchellevis
System: Trust: Revocation - add ocsp index.txt file download, needed …
da5b772 
…for demonstration purposes (#7114)
AdSchellevis added a commit that referenced this issue Jan 4, 2024
@AdSchellevis
VPN: OpenVPN: Instances - (optional) ocsp check, make sure to flush o…
043a3dd 
…ur CA when ocsp is enabled and improve logging (#7082, #7114)
AdSchellevis added a commit that referenced this issue Jan 4, 2024
@AdSchellevis
System: Trust: Revocation - add ocsp index.txt file download, needed …
c643f94 
…for demonstration purposes (#7114), minor bugfix in previous
AdSchellevis added a commit that referenced this issue Jan 4, 2024
@AdSchellevis
System: Trust: Revocation - add ocsp index.txt file download, needed …
57f0175 
…for demonstration purposes (#7114), minor bugfix in previous
AdSchellevis added a commit that referenced this issue Jan 4, 2024
@AdSchellevis
VPN: OpenVPN: Instances - (optional) ocsp check, fix "pass" criteria,…
c912a26 
… result should be good and verified. (#7082, #7114)
AdSchellevis added a commit that referenced this issue Jan 4, 2024
@AdSchellevis
VPN: OpenVPN: Instances - (optional) ocsp check, fix "pass" criteria,…
272532c 
… result should be good and verified. (#7082, #7114)
AdSchellevis added a commit that referenced this issue Jan 4, 2024
@AdSchellevis
VPN: OpenVPN: Instances - (optional) ocsp check, fix "pass" criteria,…
43a1743 
… result should be good and verified. (#7082, #7114)
fichtner pushed a commit that referenced this issue Mar 12, 2024
@AdSchellevis @fichtner
VPN: OpenVPN: Instances - add (optional) ocsp check (#7082, #7114)
20d198f 
* initial implementation, needs some testing.
fichtner pushed a commit that referenced this issue Mar 12, 2024
@AdSchellevis @fichtner
System: Trust: Revocation - add ocsp index.txt file download, needed …
3c5c765 
…for demonstration purposes (#7114)
fichtner pushed a commit that referenced this issue Mar 12, 2024
@AdSchellevis @fichtner
VPN: OpenVPN: Instances - (optional) ocsp check, make sure to flush o…
e85d253 
…ur CA when ocsp is enabled and improve logging (#7082, #7114)
fichtner pushed a commit that referenced this issue Mar 12, 2024
@AdSchellevis @fichtner
System: Trust: Revocation - add ocsp index.txt file download, needed …
ed31096 
…for demonstration purposes (#7114), minor bugfix in previous
fichtner pushed a commit that referenced this issue Mar 12, 2024
@AdSchellevis @fichtner
VPN: OpenVPN: Instances - (optional) ocsp check, fix "pass" criteria,…
8265ca6 
… result should be good and verified. (#7082, #7114)
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@AdSchellevis AdSchellevis

Labels
feature Adding new functionality roadmap Major roadmap item
Milestone
24.1
Development

Successfully merging a pull request may close this issue.

f/u to #6838 : implement ocsp check in tls_verify.php zerwes/opnsense-core
2 participants
@fichtner @AdSchellevis