Archived

This forum has been archived. Please start a new discussion on GitHub.

IceSSL: Certificate Revocation List check on SChannel/SecureTransport/OpenSSL

FabioMoreira
FabioMoreira
in Comments

Hello.

I was checking the IceSSL property documentation when I noticed the "IceSSL.CheckCRL" property (https://doc.zeroc.com/ice/latest/property-reference/icessl#id-.IceSSL.*v3.7-IceSSL.CheckCRL)

Right next to it. there is the (.NET) annotation. This means this property only works with the .NET implementation, correct?

What about the SChannel, SecureTransport and OpenSSL implementations? Do they perform CRL checks by default? Is there any way to change (either enable or disable) their CRL check behavior?

Thanks for the help.

Fábio

Comments

  • xdm
    xdm La Coruña, Spain

    Hi Fabio,

    This property is only supported with .NET, we are not doing CRL checks with any other IceSSL implementation, is just .NET at the moment.

    Cheers,
    Jose

  • FabioMoreira
    FabioMoreira

    Hi Jose.

    Thanks for the fast response.

    Do you know if that is something that is in your roadmap for future releases? It is an important feature for us because we have customers that want to use their own certificates to secure their servers and their security requirements include CRL checks.

    If this is something that is not on your roadmap we will have to consider researching/implementing CRL checks ourselves.

    Thanks again,
    Fábio

  • xdm
    xdm La Coruña, Spain

    Hi Fábio,

    Not sure how much work would be required to implement this, I created an issue for it in our Github repository https://github.com/zeroc-ice/ice/issues/1292, if it is not too complicated it can probably be implemented in the next patch release.

    Cheers,
    Jose

Categories