Skip to content

certificate verification #188

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 1 commit into
base: main
Choose a base branch
from
Open

certificate verification #188

wants to merge 1 commit into from
+107 −19

Conversation

heskew
Copy link
Contributor

@heskew heskew commented Jun 28, 2025

No description provided.

@heskew heskew marked this pull request as draft June 28, 2025 03:23
@heskew heskew force-pushed the CORE-2623/ocsp branch 4 times, most recently from f0c9003 to 9a3c719 Compare July 20, 2025 23:21
@heskew heskew marked this pull request as ready for review July 20, 2025 23:22
@heskew heskew requested a review from Copilot July 21, 2025 18:28
Copilot
Copilot AI reviewed Jul 21, 2025
View reviewed changes
Copy link

@Copilot Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull Request Overview

This PR adds comprehensive certificate revocation checking functionality using OCSP (Online Certificate Status Protocol) to Harper's mTLS authentication system. The enhancement ensures that revoked certificates cannot be used for authentication across HTTP, MQTT, and replication connections.

  • Introduces automatic OCSP verification for all mTLS-enabled connections with configurable timeout, caching, and failure handling modes
  • Documents the new certificate verification features across security, clustering, and real-time communication sections
  • Adds detailed configuration options for customizing certificate verification behavior

Reviewed Changes

Copilot reviewed 6 out of 6 changed files in this pull request and generated 2 comments.

Show a summary per file
File Description
docs/developers/security/mtls-auth.md Adds comprehensive documentation for OCSP-based certificate verification
docs/developers/security/README.md Updates authentication methods overview and adds certificate management section
docs/developers/replication/README.md Documents OCSP verification for replication connections
docs/developers/real-time.md Explains certificate verification for MQTT connections
docs/developers/clustering/certificate-management.md Adds section on certificate revocation checking for cluster connections
docs/deployments/configuration.md Adds detailed certificateVerification configuration options and fixes typo

@heskew heskew force-pushed the CORE-2623/ocsp branch 2 times, most recently from f241f44 to 4336b33 Compare July 24, 2025 14:16
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

Copilot code review Copilot Copilot left review comments

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
1 participant
@heskew