-
Notifications
You must be signed in to change notification settings - Fork 29
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[revocation] Implement CRL support #125
Milestone
Comments
This was referenced Feb 28, 2023
@priteshbandi Do you have any plan on implementing CRL checks? |
This issue is stale because it has been opened for 60 days with no activity. Remove stale label or comment. Otherwise, it will be closed in 30 days. |
As we discussed in notaryproject/notation-go#425. We will include the following CRL features for notation v1.3.0:
|
Merged
JeyJeyGao
added a commit
that referenced
this issue
Sep 18, 2024
Feat: - CRL support, including CRL downloading, validation, and revocation list checks. - OCSP fallback to CRL when OCSP is unavailable or encounters an unknown issue. Refactor: - move OCSP to internal package to export `ocsp.CertCheckStatus` and `ocsp.Supported` function for `revocation` package The PR implements a subset of RFC 5280: - It only supports X.509 v2 CRL, as the Golang CRL parser only supports v2. - It only verifies that the CRL issuer is the certificate's CA with the same key. - Delta CRL and indirect CRL are not supported. > NOTE: CRL cache is not included. Resolves part 1 of #125 Signed-off-by: Junjie Gao <[email protected]> --------- Signed-off-by: Junjie Gao <[email protected]>
CRL and CRL Cache have been merged. We can close this issue now. |
github-project-automation
bot
moved this from In Progress
to Done
in Notary Project Planning Board
Oct 16, 2024
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Spec: https://github.com/notaryproject/notaryproject/blob/main/specs/trust-store-trust-policy.md#crls
Note: For start we can Indirect CRL and can be implemented as step 2.
The text was updated successfully, but these errors were encountered: