Opened 6 years ago

Closed 6 years ago

#10865 closed enhancement (duplicate)

Webpositive doesn't check for revoked certificates

Reported by: xray7224 Owned by: pulkomandy
Priority: normal Milestone:
Component: Applications/WebPositive Version: R1/Development
Keywords: tls, ssl, certificate, revocation Cc:
Blocked By: #6493 Blocking:
Has a Patch: no Platform: All

Description

Webpositive should check if a TLS/SSL certficate has been revoked. It would be good if there was a drop down option to select between "hard fail", "soft fail" and "disabled". Those being:

hard fail: if CRL/OCSP list is down it'll assmue it's revoked. soft fail: if the CLR/OSCP list is down then it'll trust it. disabled: No certificate revocation checking will occur.

I think that hard fail should be the default as it's the safest option and from my experiance the CRL/OSCP lists rarely are unavailable.

Change History (1)

comment:1 by pulkomandy, 6 years ago

Blocked By: 6493 added
Resolution: duplicate
Status: newclosed

This is already tracked in #6493, although the ticket summary there is out of date.

Note: See TracTickets for help on using tickets.