Skip to content

Add support for sslcrl option#1048

Open
Tasssadar wants to merge 1 commit intolib:masterfrom
avast:crl
Open

Add support for sslcrl option#1048
Tasssadar wants to merge 1 commit intolib:masterfrom
avast:crl

Conversation

@Tasssadar
Copy link
Copy Markdown

@Tasssadar Tasssadar commented Jun 16, 2021

Adds support for the certificate revocation mechanism via CRL. I have tried to mimic what libpq does when verifying CRL. Revocation logic in Go inspired by https://github.com/cloudflare/cfssl/blob/master/revoke/revoke.go#L139

I'm willing to write tests for this, but I need the private key of pq CA to generate the testing CRLs :/

@madelynnblue
Copy link
Copy Markdown
Collaborator

https://github.com/lib/pq/tree/master/certs might have that key

@Tasssadar
Copy link
Copy Markdown
Author

https://github.com/lib/pq/tree/master/certs might have that key

There are only the leaf cert private keys there, the CA private key (C=US, ST=Nevada, L=Las Vegas, O=github.com/lib/pq, CN=pq CA) is needed to generate CRL.

@otan
Copy link
Copy Markdown
Collaborator

otan commented Nov 7, 2021

You can recreate the keys if you want from scratch, just make sure you change them in CI as well.
See: #1054
Maybe we should commit the private keys this time :\

@arp242 arp242 added new-feature needs-test Needs a test before it can be merged labels Jan 1, 2026
@arp242
Copy link
Copy Markdown
Collaborator

arp242 commented Mar 17, 2026

I'm willing to write tests for this, but I need the private key of pq CA to generate the testing CRLs :/

It should be okay to just regenerate all the files with a new private key.

I looked a bit at this, but wasn't really able to generate CRLs for the tests – the openssl CLI can be such a pain.

I don't mind solving the conflicts etc. myself, but any help with that would be appreciated – if you're still interested in this after five years 😅

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

needs-test Needs a test before it can be merged new-feature

Projects

None yet

Development

Successfully merging this pull request may close these issues.

4 participants