Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

check_crls: false in receiver config - investigate if this should be true #276

Open
tofu-rocketry opened this issue Oct 6, 2023 · 1 comment
Open

check_crls: false in receiver config - investigate if this should be true #276

tofu-rocketry opened this issue Oct 6, 2023 · 1 comment
Labels
question

Comments

@tofu-rocketry
Copy link
Member

tofu-rocketry commented Oct 6, 2023
edited
Loading

It sets crl_check_all as an argument for openssl. Does this end up checking every cert in the chain?

Needs testing.
@tofu-rocketry tofu-rocketry mentioned this issue Oct 6, 2023
Open
6 tasks
@RedProkofiev
Copy link
Contributor

RedProkofiev commented Oct 9, 2023
edited
Loading

-crl_check_all
Checks the validity of all certificates in the chain by attempting to look up valid CRLs.

Yes, it does. We can add/replace it with the option of just -crl_check to only check the first certificate.
Sourced from https://www.openssl.org[/docs/man1.0.2/man1/openssl-verify.html](https://www.openssl.org/docs/man1.0.2/man1/openssl-verify.html)

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
question
Milestone
No milestone
Development

No branches or pull requests
2 participants
@tofu-rocketry @RedProkofiev