Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Validation of CRL-related chains on clients that do not support CRL #126

Open
2 tasks
zacikpa opened this issue Nov 29, 2021 · 1 comment
Open
2 tasks

Validation of CRL-related chains on clients that do not support CRL #126

zacikpa opened this issue Nov 29, 2021 · 1 comment
Assignees
@zacikpa
Labels
bug Something isn't working enhancement New feature or request

Comments

@zacikpa
Copy link
Contributor

zacikpa commented Nov 29, 2021

Currently, all clients validate CRL-related chains, but only the OpenSSL one supports CRL checking. This results in false mappings (see e.g. erroneous certificates for Botan error VERIFIED.

The steps should be as follows:

  • Disable the validation of these certs on all clients except OpenSSL (in vconfig.yml)
  • Implement CRL checking in the remaining clients and only then enable the validation
@zacikpa zacikpa added bug Something isn't working enhancement New feature or request labels Nov 29, 2021
@zacikpa zacikpa self-assigned this Nov 29, 2021
@mukrop
Copy link
Member

mukrop commented Nov 29, 2021

I see the first point here as rather important.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@zacikpa zacikpa

Labels
bug Something isn't working enhancement New feature or request
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@mukrop @zacikpa