[jira] [Commented] (KAFKA-3700) CRL support

Antony Stubbs (JIRA) Tue, 19 Sep 2017 03:08:34 -0700

    [ 
https://issues.apache.org/jira/browse/KAFKA-3700?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16171453#comment-16171453
 ]


Antony Stubbs commented on KAFKA-3700:
--------------------------------------

Another option would be to implement OCSP 
https://en.wikipedia.org/wiki/Online_Certificate_Status_Protocol instead of 
CRL's.

> CRL support
> -----------
>
>                 Key: KAFKA-3700
>                 URL: https://issues.apache.org/jira/browse/KAFKA-3700
>             Project: Kafka
>          Issue Type: Bug
>          Components: security
>    Affects Versions: 0.9.0.1
>            Reporter: Vincent Bernat
>
> Hey!
> Currently, there is no way to specify a CRL to be checked when a client 
> presents its TLS certificate. Therefore, a revoked certificate is accepted. A 
> CRL can either be provided as an URL in a certificate but with a private 
> authority, it is more common to have one as a separate file. A 
> `ssl.crl.location` would come handy to specify a CRL.



--
This message was sent by Atlassian JIRA
(v6.4.14#64029)

[jira] [Commented] (KAFKA-3700) CRL support

Reply via email to