proposal: crypto/tls: support for checking certificate chains against CRL revocation

golang / go

The Go programming language

https://go.dev

BSD 3-Clause "New" or "Revised" License

122.85k stars 17.52k forks source link

Open macb2625 opened 1 month ago

macb2625 commented 1 month ago

Provide an external api which can take a list of CRL and X509 certificate chain/s and does CRL validation as done in the following code flow: https://github.com/grpc/grpc-go/blob/master/security/advancedtls/advancedtls.go#L579 the pointer to CRLs can be part of x509 verify options as well which is used in certificate.Verify() call. https://pkg.go.dev/crypto/x509#Certificate.Verify https://pkg.go.dev/crypto/x509#VerifyOptions

ianlancetaylor commented 1 month ago

CC @golang/security

gabyhelp commented 1 month ago

Related Issues and Documentation

_{(Emoji vote if this was helpful or unhelpful; more detailed feedback welcome in this discussion.)}