[
https://issues.apache.org/jira/browse/KAFKA-3700?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15280035#comment-15280035
]
Ismael Juma commented on KAFKA-3700:
------------------------------------
Thanks for filing the JIRA. Certificate revocation is an area that needs work.
Would be interested in proposing a KIP? See the following for details:
https://cwiki.apache.org/confluence/display/KAFKA/Kafka+Improvement+Proposals
> CRL support
> -----------
>
> Key: KAFKA-3700
> URL: https://issues.apache.org/jira/browse/KAFKA-3700
> Project: Kafka
> Issue Type: Bug
> Components: security
> Affects Versions: 0.9.0.1
> Reporter: Vincent Bernat
>
> Hey!
> Currently, there is no way to specify a CRL to be checked when a client
> presents its TLS certificate. Therefore, a revoked certificate is accepted. A
> CRL can either be provided as an URL in a certificate but with a private
> authority, it is more common to have one as a separate file. A
> `ssl.crl.location` would come handy to specify a CRL.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
