Support querying OCSP and CRL in step certificate validate command
#845
Labels
Milestone
Comments
itspngu
added
enhancement
needs triage
|
Hey @itspngu 馃憢 . Thanks for opening the issue! We think this is a great idea and we've added it to our next milestone. Unfortunately, we don't have a ton of time to devote to open source feature work at the moment, but we do plan on getting this in when we've got some spare cycles. In the mean time, if someone from the community is interested in picking this one up, we'd be very glad to accept a PR. |
redrac
added a commit
to redrac/smallstep-cli
that referenced
this issue
Apr 23, 2024
Add args and functionality to certificate verify to check a CRL and OCSP for a certificate based on the extensions. Users can pass flags to enable verification of each (CRL, OCSP). The command will try and get the CRL and OCSP server from the certifiacate and verify the certificate against each. Implements smallstep#845
redrac
added a commit
to redrac/smallstep-cli
that referenced
this issue
Apr 28, 2024
Add args and functionality to certificate verify to check a CRL and OCSP for a certificate based on the extensions. Users can pass flags to enable verification of each (CRL, OCSP). The command will try and get the CRL and OCSP server from the certifiacate and verify the certificate against each. I also moved functions from the crl command into internal/crlutil package so they can be re-used with the certificate verify command. Implements smallstep#845
redrac
added a commit
to redrac/smallstep-cli
that referenced
this issue
Apr 28, 2024
Add args and functionality to certificate verify to check a CRL and OCSP for a certificate based on the extensions. Users can pass flags to enable verification of each (CRL, OCSP). The command will try and get the CRL and OCSP server from the certifiacate and verify the certificate against each. I also moved functions from the crl command into internal/crlutil package so they can be re-used with the certificate verify command. Implements smallstep#845
redrac
added a commit
to redrac/smallstep-cli
that referenced
this issue
Apr 28, 2024
Add args and functionality to certificate verify to check a CRL and OCSP for a certificate based on the extensions. Users can pass flags to enable verification of each (CRL, OCSP). The command will try and get the CRL and OCSP server from the certifiacate and verify the certificate against each. I also moved functions from the crl command into internal/crlutil package so they can be re-used with the certificate verify command. Implements smallstep#845
redrac
added a commit
to redrac/smallstep-cli
that referenced
this issue
Apr 28, 2024
Add args and functionality to certificate verify to check a CRL and OCSP for a certificate based on the extensions. Users can pass flags to enable verification of each (CRL, OCSP). The command will try and get the CRL and OCSP server from the certifiacate and verify the certificate against each. I also moved functions from the crl command into internal/crlutil package so they can be re-used with the certificate verify command. Implements smallstep#845
redrac
added a commit
to redrac/smallstep-cli
that referenced
this issue
Apr 28, 2024
Add args and functionality to certificate verify to check a CRL and OCSP for a certificate based on the extensions. Users can pass flags to enable verification of each (CRL, OCSP). The command will try and get the CRL and OCSP server from the certifiacate and verify the certificate against each. I also moved functions from the crl command into internal/crlutil package so they can be re-used with the certificate verify command. Implements smallstep#845
redrac
added a commit
to redrac/smallstep-cli
that referenced
this issue
Apr 28, 2024
Add args and functionality to certificate verify to check a CRL and OCSP for a certificate based on the extensions. Users can pass flags to enable verification of each (CRL, OCSP). The command will try and get the CRL and OCSP server from the certifiacate and verify the certificate against each. I also moved functions from the crl command into internal/crlutil package so they can be re-used with the certificate verify command. Implements smallstep#845
redrac
added a commit
to redrac/smallstep-cli
that referenced
this issue
Apr 28, 2024
Add args and functionality to certificate verify to check a CRL and OCSP for a certificate based on the extensions. Users can pass flags to enable verification of each (CRL, OCSP). The command will try and get the CRL and OCSP server from the certifiacate and verify the certificate against each. I also moved functions from the crl command into internal/crlutil package so they can be re-used with the certificate verify command. Implements smallstep#845
redrac
added a commit
to redrac/smallstep-cli
that referenced
this issue
Apr 28, 2024
Add args and functionality to certificate verify to check a CRL and OCSP for a certificate based on the extensions. Users can pass flags to enable verification of each (CRL, OCSP). The command will try and get the CRL and OCSP server from the certifiacate and verify the certificate against each. I also moved functions from the crl command into internal/crlutil package so they can be re-used with the certificate verify command. Implements smallstep#845
redrac
added a commit
to redrac/smallstep-cli
that referenced
this issue
May 8, 2024
Add args and functionality to certificate verify to check a CRL and OCSP for a certificate based on the extensions. Users can pass flags to enable verification of each (CRL, OCSP). The command will try and get the CRL and OCSP server from the certifiacate and verify the certificate against each. I also moved functions from the crl command into internal/crlutil package so they can be re-used with the certificate verify command. Implements smallstep#845
redrac
added a commit
to redrac/smallstep-cli
that referenced
this issue
May 11, 2024
Add args and functionality to certificate verify to check a CRL and OCSP for a certificate based on the extensions. Users can pass flags to enable verification of each (CRL, OCSP). The command will try and get the CRL and OCSP server from the certifiacate and verify the certificate against each. I also moved functions from the crl command into internal/crlutil package so they can be re-used with the certificate verify command. Implements smallstep#845
redrac
added a commit
to redrac/smallstep-cli
that referenced
this issue
May 11, 2024
Add args and functionality to certificate verify to check a CRL and OCSP for a certificate based on the extensions. Users can pass flags to enable verification of each (CRL, OCSP). The command will try and get the CRL and OCSP server from the certifiacate and verify the certificate against each. I also moved functions from the crl command into internal/crlutil package so they can be re-used with the certificate verify command. Implements smallstep#845
redrac
added a commit
to redrac/smallstep-cli
that referenced
this issue
May 11, 2024
Add args and functionality to certificate verify to check a CRL and OCSP for a certificate based on the extensions. Users can pass flags to enable verification of each (CRL, OCSP). The command will try and get the CRL and OCSP server from the certifiacate and verify the certificate against each. I also moved functions from the crl command into internal/crlutil package so they can be re-used with the certificate verify command. Implements smallstep#845
redrac
added a commit
to redrac/smallstep-cli
that referenced
this issue
May 11, 2024
Add args and functionality to certificate verify to check a CRL and OCSP for a certificate based on the extensions. Users can pass flags to enable verification of each (CRL, OCSP). The command will try and get the CRL and OCSP server from the certifiacate and verify the certificate against each. I also moved functions from the crl command into internal/crlutil package so they can be re-used with the certificate verify command. Implements smallstep#845
redrac
added a commit
to redrac/smallstep-cli
that referenced
this issue
May 11, 2024
Add args and functionality to certificate verify to check a CRL and OCSP for a certificate based on the extensions. Users can pass flags to enable verification of each (CRL, OCSP). The command will try and get the CRL and OCSP server from the certifiacate and verify the certificate against each. I also moved functions from the crl command into internal/crlutil package so they can be re-used with the certificate verify command. Implements smallstep#845
redrac
added a commit
to redrac/smallstep-cli
that referenced
this issue
May 11, 2024
Add args and functionality to certificate verify to check a CRL and OCSP for a certificate based on the extensions. Users can pass flags to enable verification of each (CRL, OCSP). The command will try and get the CRL and OCSP server from the certifiacate and verify the certificate against each. I also moved functions from the crl command into internal/crlutil package so they can be re-used with the certificate verify command. Implements smallstep#845
redrac
added a commit
to redrac/smallstep-cli
that referenced
this issue
May 14, 2024
Add args and functionality to certificate verify to check a CRL and OCSP for a certificate based on the extensions. Users can pass flags to enable verification of each (CRL, OCSP). The command will try and get the CRL and OCSP server from the certifiacate and verify the certificate against each. I also moved functions from the crl command into internal/crlutil package so they can be re-used with the certificate verify command. Implements smallstep#845
maraino
pushed a commit
that referenced
this issue
May 14, 2024
Add args and functionality to certificate verify to check a CRL and OCSP for a certificate based on the extensions. Users can pass flags to enable verification of each (CRL, OCSP). The command will try and get the CRL and OCSP server from the certifiacate and verify the certificate against each. I also moved functions from the crl command into internal/crlutil package so they can be re-used with the certificate verify command. Implements #845
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Hello!
Issue details
It'd be useful if the step CLI offered a simple means of (optionally via flags, or by default) querying any CRL and OCSP endpoints listed in validated certificates' AIA fields. Additionally, warnings or errors should be issued if these endpoints are unreachable or behave in incompatible ways, to highlight potential misconfigurations - I'm not sure what kind of behaviour the according specifications mandate in these cases.
Why is this needed?
Doing this with openssl and curl is cumbersome. Having this functionality as part of the step cli would suit its mission statement of being a swiss army knife for cryptographic operations very well.
The text was updated successfully, but these errors were encountered: