-
Notifications
You must be signed in to change notification settings - Fork 242
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We鈥檒l occasionally send you account related emails.
Already on GitHub? Sign in to your account
Support querying OCSP and CRL in step certificate validate
command
#845
Comments
Hey @itspngu 馃憢 . Thanks for opening the issue! We think this is a great idea and we've added it to our next milestone. Unfortunately, we don't have a ton of time to devote to open source feature work at the moment, but we do plan on getting this in when we've got some spare cycles. In the mean time, if someone from the community is interested in picking this one up, we'd be very glad to accept a PR. |
Add args and functionality to certificate verify to check a CRL and OCSP for a certificate based on the extensions. Users can pass flags to enable verification of each (CRL, OCSP). The command will try and get the CRL and OCSP server from the certifiacate and verify the certificate against each. Implements smallstep#845
Add args and functionality to certificate verify to check a CRL and OCSP for a certificate based on the extensions. Users can pass flags to enable verification of each (CRL, OCSP). The command will try and get the CRL and OCSP server from the certifiacate and verify the certificate against each. I also moved functions from the crl command into internal/crlutil package so they can be re-used with the certificate verify command. Implements smallstep#845
Add args and functionality to certificate verify to check a CRL and OCSP for a certificate based on the extensions. Users can pass flags to enable verification of each (CRL, OCSP). The command will try and get the CRL and OCSP server from the certifiacate and verify the certificate against each. I also moved functions from the crl command into internal/crlutil package so they can be re-used with the certificate verify command. Implements smallstep#845
Add args and functionality to certificate verify to check a CRL and OCSP for a certificate based on the extensions. Users can pass flags to enable verification of each (CRL, OCSP). The command will try and get the CRL and OCSP server from the certifiacate and verify the certificate against each. I also moved functions from the crl command into internal/crlutil package so they can be re-used with the certificate verify command. Implements smallstep#845
Add args and functionality to certificate verify to check a CRL and OCSP for a certificate based on the extensions. Users can pass flags to enable verification of each (CRL, OCSP). The command will try and get the CRL and OCSP server from the certifiacate and verify the certificate against each. I also moved functions from the crl command into internal/crlutil package so they can be re-used with the certificate verify command. Implements smallstep#845
Add args and functionality to certificate verify to check a CRL and OCSP for a certificate based on the extensions. Users can pass flags to enable verification of each (CRL, OCSP). The command will try and get the CRL and OCSP server from the certifiacate and verify the certificate against each. I also moved functions from the crl command into internal/crlutil package so they can be re-used with the certificate verify command. Implements smallstep#845
Add args and functionality to certificate verify to check a CRL and OCSP for a certificate based on the extensions. Users can pass flags to enable verification of each (CRL, OCSP). The command will try and get the CRL and OCSP server from the certifiacate and verify the certificate against each. I also moved functions from the crl command into internal/crlutil package so they can be re-used with the certificate verify command. Implements smallstep#845
Add args and functionality to certificate verify to check a CRL and OCSP for a certificate based on the extensions. Users can pass flags to enable verification of each (CRL, OCSP). The command will try and get the CRL and OCSP server from the certifiacate and verify the certificate against each. I also moved functions from the crl command into internal/crlutil package so they can be re-used with the certificate verify command. Implements smallstep#845
Add args and functionality to certificate verify to check a CRL and OCSP for a certificate based on the extensions. Users can pass flags to enable verification of each (CRL, OCSP). The command will try and get the CRL and OCSP server from the certifiacate and verify the certificate against each. I also moved functions from the crl command into internal/crlutil package so they can be re-used with the certificate verify command. Implements smallstep#845
Add args and functionality to certificate verify to check a CRL and OCSP for a certificate based on the extensions. Users can pass flags to enable verification of each (CRL, OCSP). The command will try and get the CRL and OCSP server from the certifiacate and verify the certificate against each. I also moved functions from the crl command into internal/crlutil package so they can be re-used with the certificate verify command. Implements smallstep#845
Add args and functionality to certificate verify to check a CRL and OCSP for a certificate based on the extensions. Users can pass flags to enable verification of each (CRL, OCSP). The command will try and get the CRL and OCSP server from the certifiacate and verify the certificate against each. I also moved functions from the crl command into internal/crlutil package so they can be re-used with the certificate verify command. Implements smallstep#845
Add args and functionality to certificate verify to check a CRL and OCSP for a certificate based on the extensions. Users can pass flags to enable verification of each (CRL, OCSP). The command will try and get the CRL and OCSP server from the certifiacate and verify the certificate against each. I also moved functions from the crl command into internal/crlutil package so they can be re-used with the certificate verify command. Implements smallstep#845
Add args and functionality to certificate verify to check a CRL and OCSP for a certificate based on the extensions. Users can pass flags to enable verification of each (CRL, OCSP). The command will try and get the CRL and OCSP server from the certifiacate and verify the certificate against each. I also moved functions from the crl command into internal/crlutil package so they can be re-used with the certificate verify command. Implements smallstep#845
Add args and functionality to certificate verify to check a CRL and OCSP for a certificate based on the extensions. Users can pass flags to enable verification of each (CRL, OCSP). The command will try and get the CRL and OCSP server from the certifiacate and verify the certificate against each. I also moved functions from the crl command into internal/crlutil package so they can be re-used with the certificate verify command. Implements smallstep#845
Add args and functionality to certificate verify to check a CRL and OCSP for a certificate based on the extensions. Users can pass flags to enable verification of each (CRL, OCSP). The command will try and get the CRL and OCSP server from the certifiacate and verify the certificate against each. I also moved functions from the crl command into internal/crlutil package so they can be re-used with the certificate verify command. Implements smallstep#845
Add args and functionality to certificate verify to check a CRL and OCSP for a certificate based on the extensions. Users can pass flags to enable verification of each (CRL, OCSP). The command will try and get the CRL and OCSP server from the certifiacate and verify the certificate against each. I also moved functions from the crl command into internal/crlutil package so they can be re-used with the certificate verify command. Implements smallstep#845
Add args and functionality to certificate verify to check a CRL and OCSP for a certificate based on the extensions. Users can pass flags to enable verification of each (CRL, OCSP). The command will try and get the CRL and OCSP server from the certifiacate and verify the certificate against each. I also moved functions from the crl command into internal/crlutil package so they can be re-used with the certificate verify command. Implements smallstep#845
Add args and functionality to certificate verify to check a CRL and OCSP for a certificate based on the extensions. Users can pass flags to enable verification of each (CRL, OCSP). The command will try and get the CRL and OCSP server from the certifiacate and verify the certificate against each. I also moved functions from the crl command into internal/crlutil package so they can be re-used with the certificate verify command. Implements #845
Hello!
Issue details
It'd be useful if the step CLI offered a simple means of (optionally via flags, or by default) querying any CRL and OCSP endpoints listed in validated certificates' AIA fields. Additionally, warnings or errors should be issued if these endpoints are unreachable or behave in incompatible ways, to highlight potential misconfigurations - I'm not sure what kind of behaviour the according specifications mandate in these cases.
Why is this needed?
Doing this with openssl and curl is cumbersome. Having this functionality as part of the step cli would suit its mission statement of being a swiss army knife for cryptographic operations very well.
The text was updated successfully, but these errors were encountered: