trafficserver-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Susan Hinrichs <>
Subject Re: Revocation checks on client certificate
Date Tue, 03 Dec 2019 16:31:28 GMT
No, ATS does not support revocation checks on the client certificate.  By
default it checks that the certificate is signed by a trusted root and is
not expired.  Adding revocation logic is an interesting idea.

There is a hook (TS_EVENT_SSL_VERIFY_CLIENT) where you can you can have
your plugin attach additional logic to verify the client-provided

Looks like this is another place that could use some more documentation.
However, there is a test plugin that exercises the hook

On Tue, Dec 3, 2019 at 5:35 AM supraja sridhar <>

> Hello,
> Does ATS perform revocation check on client certificate? Does it support
> CRL and OSCP?
> Thanks,
> Supraja

View raw message