Tuesday, November 22, 2016

New certificate validation and CRL support

In V0.2.1 Fossa Guard has changed certificate validation procedure by new crypto lib integration.

New certificate validation mechanism checks full certificate chain up to the Root certificate (which should be definitely in the list of trusted) with respect to corresponding Certificate Revocation Lists (CRLs).

Thus a CRL management mechanism was introduced to let new certificate validation performs full-functional validity check.

On each certificate validation, Fossa Guard checks actuality of all CRLs mentioned in CRL distribution points in the certificate and in trusted certificates.

CRLs with expired dates are downloaded using Fetch API and are stored in the local storage.

Then corresponding stored CRLs are routed to certificate validation routine inside the crypto lib.

Please note that from V0.2.1 due to CRL support Fossa Guard requires permission to download files from all the sites.

No comments:

Post a Comment