Skip to content

Graceful crl reload #38

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 6 commits into
base: master
Choose a base branch
from
Open

Graceful crl reload #38

wants to merge 6 commits into from

Conversation

@yulgolem
Copy link
Contributor

@yulgolem yulgolem commented Jul 28, 2020
edited
Loading

Closes #1 and hopefully #30

To turn on/off CRL checking set value to crlfile_path variable at config/sys.config file. If not set, CRK checking will be disabled, otherwise that might point to directory where CRLs are stored. Please, take note that CRLs need to be rehashed by running c_rehash . in this directory.

To test:

  1. Set CRL checking off, check epp_proxy availability, proxy must be available.
  2. Set CRL checking on, then make sure the CRLs do not include current cert as revoked. Check epp_proxy availability, proxy must be available.
  3. Add new CRL with current cert revoked. Rehash CRLs with c_rehash .. Check epp_proxy availability with new connection, proxy must respond with received CLIENT ALERT: Fatal - Certificate Revoked message.

More on c_rehash . command here.

@yulgolem yulgolem force-pushed the 1-graceful-crl-reload branch 3 times, most recently from d326639 to cca169c Compare July 28, 2020 07:34
@yulgolem yulgolem force-pushed the 1-graceful-crl-reload branch from cca169c to 328536f Compare July 28, 2020 07:39
@yulgolem yulgolem requested a review from karlerikounapuu July 29, 2020 10:32
@yulgolem yulgolem marked this pull request as ready for review July 29, 2020 10:32
@yulgolem
Copy link
Contributor Author

yulgolem commented Jul 29, 2020

Ready to discuss the implementation.

@vohmar
Copy link
Contributor

vohmar commented Aug 10, 2020

how to configure this? is it possible to turn crl check/reload on and off?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

1 more reviewer

@karlerikounapuu karlerikounapuu karlerikounapuu approved these changes

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

Graceful CRL reload

4 participants

@yulgolem @vohmar @karlerikounapuu