You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Here are the steps to implement the revocation checks with OCSP:
Check if certificate validation can be intercepted to add revocation checks (Yes. TLSClientConfig including verifyPeerCertificate can be injected in Client)
Extract OCSP URL from the certificate
Make sure OCSP Request can be composed.
Make sure a simple roundtrip with OCSP server returns OCSP Response and can be decoded.
Make sure OCSP Response can include enough information to validate the revocation status.
Implement concurrent OCSP round trips for chained certificates.
Implement caching the results in a cache directory
Issue description
TLS connection must be validated with OCSP/CRL (unless Go's library does)
The text was updated successfully, but these errors were encountered: