3

During a mutual client-server authentication with gRPC+protobuf, is there a CRL and/or OSCP Responder check of the status of the certificate?

I need to be sure that I can revoke the certificate on my PKI and that subsequent calls will be blocked even if the certificate is still valid.

Arkon
  • 2,648
  • 6
  • 26
  • 46
  • 2
    Based on [this](https://github.com/grpc/grpc/issues/11841) and [this](https://github.com/grpc/grpc/issues/16227) ticket it looks like that no revocation checks are done currently and that there is not even support for it. – Steffen Ullrich May 08 '19 at 04:39

1 Answers1

2

If we're considering grpc-go, as far as I know, TLS handshake is not implemented by GRPC, it's encapsulated into Go implementation HTTP2 server from the standard library which GRPC relies on. Perhaps it worth checking if OSCP may be enabled on the HTTP2 server side.

Vitaly Isaev
  • 5,392
  • 6
  • 45
  • 64