yagna icon indicating copy to clipboard operation
yagna copied to clipboard
verified publisher icon golemfactory

Certificate revocation handling through CRL or OCSP

Open jalas167 opened this issue 3 years ago • 1 comments

OpenSSL can handle certificates revocation through calling hosted CRL file or OCSP service. We will most likely need to host CRL file or expose OCSP service and access one of them from ya-provider.

jalas167 avatar Jul 20 '22 08:07 jalas167

Missing feature allowing to read CRL from file waits to be merged to rust openssl lib https://github.com/sfackler/rust-openssl/pull/1123 The problem is CRLs usually have short expiration date, so providers should be able to handle certificate property named crlDistributionPoints https://jamielinux.com/docs/openssl-certificate-authority/certificate-revocation-lists.html#prepare-the-configuration-file

pwalski avatar Aug 03 '22 10:08 pwalski

Not relevant anymore. Closing in favor of #2156

evik42 avatar Mar 01 '23 10:03 evik42