Open macb2625 opened 1 month ago
Provide an external api which can take a list of CRL and X509 certificate chain/s and does CRL validation as done in the following code flow: https://github.com/grpc/grpc-go/blob/master/security/advancedtls/advancedtls.go#L579 the pointer to CRLs can be part of x509 verify options as well which is used in certificate.Verify() call. https://pkg.go.dev/crypto/x509#Certificate.Verify https://pkg.go.dev/crypto/x509#VerifyOptions
CC @golang/security
Related Issues and Documentation
(Emoji vote if this was helpful or unhelpful; more detailed feedback welcome in this discussion.)
Proposal Details
Provide an external api which can take a list of CRL and X509 certificate chain/s and does CRL validation as done in the following code flow: https://github.com/grpc/grpc-go/blob/master/security/advancedtls/advancedtls.go#L579 the pointer to CRLs can be part of x509 verify options as well which is used in certificate.Verify() call. https://pkg.go.dev/crypto/x509#Certificate.Verify https://pkg.go.dev/crypto/x509#VerifyOptions