client cert black list

Question

client cert black list

Opened this issue 4 years ago · 4 comments

Hi,
I know hitch added client certificate authentication in 1.6, it is a very cool function, thanks first.
I want to know if it supports client cert black list function, or is there a way to let hitch know a client cert is revoked ?

Thanks

Answer 1 · 2021-01-29T23:12:10.000Z

This is probably going to be a dumb proposition, but why not just reload hitch without that specific certificate?

Answer 2 · 2021-01-30T04:31:39.000Z

This is probably going to be a dumb proposition, but why not just reload hitch without that specific certificate?

for example, I create a server certificate to sign 100 client cert for my employee, and then one employee leaves, I want to revoke his client cert or add it into black list, do you know my mean?
that's why nginx has a ssl_crl options
http://nginx.org/en/docs/http/ngx_http_ssl_module.html#ssl_crl

Answer 3 · 2021-01-30T04:33:57.000Z

what I am talking is client authentication

Answer 4 · 2021-02-05T10:57:58.000Z

Hi @pianoboysai

Absolutely. This is a feature we would like to see added.

I can't give you a time frame right now, but we will come back to this at a later point.