support for OCSP

[max-deliso-zocdoc]

Hi.

I was doing some testing with bazel-remote, specifically around the issuance and revocation of mTLS client and server certs, and I noticed that even after revoking certs with my CA (which has OCSP enabled), secure connections still established locally. Looking through the implementation, in particular around here

bazel-remote/server/grpc.go

Line 215 in ee98006

func checkGRPCClientCert(ctx context.Context) error {

, I don't see any reference to OCSP, and I think it requires some additional implementation outside of checking the length of State.VerifiedChains regardless. Happy to share more details about my testing if it's relevant.

Could you confirm/deny whether OCSP is currently supported in any way by bazel-remote, and, if not, whether you'd be interested in an implementation of it?

Thanks.

[mostynb]

Hi, I don't think OCSP is currently supported. I will have to do some reading to be sure, but I think such a feature would be welcome if you would like to try implementing it.