Uploaded image for project: 'Apache Ozone'
  1. Apache Ozone
  2. HDDS-7333 Implement support for certificate revocation
  3. HDDS-7385

Create a CRL endpoint in SCM

    XMLWordPrintableJSON

Details

    • Sub-task
    • Status: Open
    • Major
    • Resolution: Unresolved
    • None
    • None
    • Security

    Description

      As discussed in RFC-5280, certificates can contain a cRLDistributionPoint definition, with which it is possible to direct the SSL clients to a web endpoint where the CRL is published.
      In order to let all clients be notified the standard way about certificate revocation, SCM(s) should publish the actual CRL via their web interface, so that revocation checks can happen as discussed in the RFC from every client.

      The aim here to provide the CRL as is based on the available information, the correctness and consistency of the information will be ensured by HDDS-7387

      Attachments

        Issue Links

          is related to

          Sub-task - The sub-task of the issue HDDS-7387 Re-organize existing certificate revocation logic in the current codebase

          • Major - Major loss of function.
          • Open

          Activity

            People

              pifta István Fajth
              pifta István Fajth
              Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

              Dates

                Created:
                Updated: