I was doing some testing with bazel-remote, specifically around the issuance and revocation of mTLS client and server certs, and I noticed that even after revoking certs with my CA (which has OCSP enabled), secure connections still established locally. Looking through the implementation, in particular around here https://github.com/buchgr/bazel-remote/blob/ee98006e9f26746eca48ceb376283d9af35347e4/server/grpc.go#L215, I don't see any reference to OCSP, and I think it requires some additional implementation outside of checking the length of State.VerifiedChains regardless. Happy to share more details about my testing if it's relevant.
Could you confirm/deny whether OCSP is currently supported in any way by bazel-remote, and, if not, whether you'd be interested in an implementation of it?
Hi, I don't think OCSP is currently supported. I will have to do some reading to be sure, but I think such a feature would be welcome if you would like to try implementing it.
Hi.
I was doing some testing with bazel-remote, specifically around the issuance and revocation of mTLS client and server certs, and I noticed that even after revoking certs with my CA (which has OCSP enabled), secure connections still established locally. Looking through the implementation, in particular around here https://github.com/buchgr/bazel-remote/blob/ee98006e9f26746eca48ceb376283d9af35347e4/server/grpc.go#L215, I don't see any reference to OCSP, and I think it requires some additional implementation outside of checking the length of
State.VerifiedChains
regardless. Happy to share more details about my testing if it's relevant.Could you confirm/deny whether OCSP is currently supported in any way by bazel-remote, and, if not, whether you'd be interested in an implementation of it?
Thanks.