boring icon indicating copy to clipboard operation
boring copied to clipboard

Published 20 hours ago verified publisher icon cloudflare

boring: Support validating certificates against CRLs

Open ravi-signal opened this issue 3 years ago • 1 comments
trafficstars

Adds CRL types and validation of certificates against CRLs with a X509Store/X509StoreContext. Also enables customizing verification flags on the X509Store, required to enable CRL checking.

Apologies for dropping such a large PR here without discussion first — please let me know if you'd prefer an alternate approach, I'm happy to rework this.

ravi-signal avatar Jul 20 '22 15:07 ravi-signal

Rebased on master. We have some follow-up work after this goes in to improve support for certificate extensions, but it depends what you want to do with this first.

jrose-signal avatar Oct 12 '23 23:10 jrose-signal