-
Make the members of the major X.509 structures private, replacing struct member accesses with getters and setters.
This will allow flexibility in the implementation of certificate parsing. For exam…
-
I usually block OCSP responders as they are a security and privacy nightmare, however I recently noticed the Badblock Whitelist is whitelisting all of the endpoints Scott Helme's blacklist is supposed…
-
This bug is an umbrella/tracking bug, acting as a one-stop-shop to see progress on the multiple sub-tasks necessary to achieve this large-scale project.
OCSP carries with it two large disadvantages…
-
**Is your feature request related to a problem? Please describe.**
TLS uses certificate revocation lists (CRL) to identify and reject revoked certificates. If there is no possibility to specify a CRL…
-
**Description**
In a Bring your Own PKI scenario, a user may want to specify a CRL file ( in addition to a fullchain file ) that can be used to check if the certificate embedded in a signature arti…
-
### Proposal Details
Provide an external api which can take a list of CRL and X509 certificate chain/s and does CRL validation as done in the following code flow:
https://github.com/grpc/grpc-go/b…
-
Are Let's Encrypt CRLs enrolled in CRLite?
Does FF perform CRLite revocation, or is it still used for telemetry, or is it used but falling back to OCSP still? Is OSCP fallback going to be removed?
…
-
Since we introduced crl cache in Notation v1.3.0-rc.1 release, we should add back `NOTATION_CACHE` to our directory doc.
-
### What happened?
In my crowdsec setup, I'm using mTLS authentication with machine-specific certificates generated by a private CA (step-ca). My CA uses an intermediate certificate.
This CA confi…
-
Hello,
This question is about how OpenSSL verifies certificates in a PKI that uses CRLs, and in particular the verification of the root certificate. Consider the following structure (in brackets ar…
bruot updated
3 months ago