Open zmstone opened 2 years ago
we had a few customers asked for client certificate revocation support.
there are a few options for us to support it:
Make use of the Erlang's builtin crl check and cache functionality https://www.erlang.org/doc/man/ssl.html#type-crl_check https://www.erlang.org/doc/man/ssl.html#type-crl_cache_opts
Like 1, but implement the cache callbacks by ourselves.
Provide custom verify callback in SSL options, and implement ourown check and cache https://www.erlang.org/doc/man/ssl.html#type-custom_verify return {revoked, _}, in case the cert is revoked.
{revoked, _}
No matter how it is implemented, we should have a configuration and an HTTP API to interface the users.
we had a few customers asked for client certificate revocation support.
there are a few options for us to support it:
Make use of the Erlang's builtin crl check and cache functionality https://www.erlang.org/doc/man/ssl.html#type-crl_check https://www.erlang.org/doc/man/ssl.html#type-crl_cache_opts
Like 1, but implement the cache callbacks by ourselves.
Provide custom verify callback in SSL options, and implement ourown check and cache https://www.erlang.org/doc/man/ssl.html#type-custom_verify return
{revoked, _}, in case the cert is revoked.No matter how it is implemented, we should have a configuration and an HTTP API to interface the users.