Home Comments

IceSSL: Certificate Revocation List check on SChannel/SecureTransport/OpenSSL

FabioMoreiraFabioMoreira Member Fábio MoreiraOrganization: HPProject: Remote Desktop solution

Hello.

I was checking the IceSSL property documentation when I noticed the "IceSSL.CheckCRL" property (https://doc.zeroc.com/ice/latest/property-reference/icessl#id-.IceSSL.*v3.7-IceSSL.CheckCRL)

Right next to it. there is the (.NET) annotation. This means this property only works with the .NET implementation, correct?

What about the SChannel, SecureTransport and OpenSSL implementations? Do they perform CRL checks by default? Is there any way to change (either enable or disable) their CRL check behavior?

Thanks for the help.

Fábio

Comments

  • xdmxdm La Coruña, SpainAdministrators, ZeroC Staff Jose Gutierrez de la ConchaOrganization: ZeroC, Inc.Project: Ice Developer ZeroC Staff

    Hi Fabio,

    This property is only supported with .NET, we are not doing CRL checks with any other IceSSL implementation, is just .NET at the moment.

    Cheers,
    Jose

  • FabioMoreiraFabioMoreira Member Fábio MoreiraOrganization: HPProject: Remote Desktop solution

    Hi Jose.

    Thanks for the fast response.

    Do you know if that is something that is in your roadmap for future releases? It is an important feature for us because we have customers that want to use their own certificates to secure their servers and their security requirements include CRL checks.

    If this is something that is not on your roadmap we will have to consider researching/implementing CRL checks ourselves.

    Thanks again,
    Fábio

  • xdmxdm La Coruña, SpainAdministrators, ZeroC Staff Jose Gutierrez de la ConchaOrganization: ZeroC, Inc.Project: Ice Developer ZeroC Staff

    Hi Fábio,

    Not sure how much work would be required to implement this, I created an issue for it in our Github repository https://github.com/zeroc-ice/ice/issues/1292, if it is not too complicated it can probably be implemented in the next patch release.

    Cheers,
    Jose

Sign In or Register to comment.