[HDDS-10889] Remove certificate revocation related code. - ASF JIRA

XML

Word

Printable

JSON

Details

Type: Sub-task
Status: Resolved
Priority: Major
Resolution: Fixed
Affects Version/s: None
Fix Version/s: 2.0.0
Component/s: None
Labels:
- pull-request-available

Target Version/s:

2.0.0

Description

Certificate revocation code was never in use, and should not be solved this way, as discussed in the design for HDDS-7331, this approach we currently have is not feasible, as clients other than ours (where we can ensure a mechanism to distribute the CRL internally) will not be able to determine if a certificate is revoked or not.
Also it is error prone to distribute the CRL this way, especially because the general SSL protocol defines the way how it should be done.

This JIRA is to remove the related code from our codebase.

Note: this is beneficial for the crypto compliance related work also, as it helps to get rid of some bouncycastle dependencies in the easier way instead of maintaining this piece of unused and to be deleted code.

Attachments

Issue Links

blocks

HDDS-10888 Restrict X509CertificateHolder usage to the bare minimum required.

Resolved

HDDS-10743 Turn the direct dependency on BouncyCastle to an optional one

Open

is related to

HDDS-7333 Implement support for certificate revocation

Open

links to

GitHub Pull Request #6725

Activity

People

Assignee:: István Fajth

Reporter:: István Fajth

Votes:: 0 Vote for this issue

Watchers:: 1 Start watching this issue

Dates

Created:: 21/May/24 09:56

Updated:: 11/Jun/24 07:18

Resolved:: 11/Jun/24 07:18