Skip to content

OCSP stapling support #1820

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 13 commits into from
Dec 26, 2021
Merged

OCSP stapling support #1820

merged 13 commits into from
Dec 26, 2021

Conversation

chayim
Copy link
Contributor

@chayim chayim commented Dec 20, 2021
edited
Loading

Pull Request check-list

Please make sure to review and check all of these items:

  • Does $ tox pass with this change (including linting)?
  • Do the CI tests pass with this change (enable it first in your forked repo and wait for the github action build to finish)?
  • Is the new or changed code fully tested?
  • Is a documentation update included (if this change modifies existing APIs, or introduces new ones)?
  • Is there an example added to the examples folder (if applicable)?

NOTE: these things are not required to open a PR and can be done
afterwards / while the PR is open.

Description of change

Support for OCSP verification

@chayim chayim added feature New feature 4.1.0 labels Dec 20, 2021
@codecov-commenter
Copy link

codecov-commenter commented Dec 21, 2021
edited
Loading

Codecov Report

Merging #1820 (2794782) into master (4831034) will decrease coverage by 0.78%.
The diff coverage is 27.32%.

Impacted file tree graph

@@            Coverage Diff             @@
##           master    #1820      +/-   ##
==========================================
- Coverage   94.32%   93.53%   -0.79%     
==========================================
  Files          75       76       +1     
  Lines       15783    15962     +179     
==========================================
+ Hits        14887    14930      +43     
- Misses        896     1032     +136
Impacted Files Coverage Δ
redis/client.py 89.96% <ø> (ø)
redis/ocsp.py 0.00% <0.00%> (ø)
setup.py 0.00% <ø> (ø)
tests/test_ssl.py 54.12% <36.48%> (-37.54%) ⬇️
redis/connection.py 88.21% <58.33%> (-0.50%) ⬇️
redis/utils.py 88.88% <80.00%> (-1.44%) ⬇️
tests/conftest.py 91.62% <83.33%> (+0.49%) ⬆️
redis/exceptions.py 98.50% <100.00%> (+0.04%) ⬆️
tests/test_cluster.py 98.48% <0.00%> (-0.32%) ⬇️
tests/test_graph.py 89.88% <0.00%> (-0.04%) ⬇️
... and 1 more

Continue to review full report at Codecov.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update 4831034...2794782. Read the comment docs.

@chayim chayim marked this pull request as ready for review December 21, 2021 14:50
@chayim chayim requested a review from dvora-h December 21, 2021 14:50
@chayim chayim merged commit b426d0d into redis:master Dec 26, 2021
@chayim chayim deleted the ck-ocsp branch December 26, 2021 13:02
@yossigo
Copy link
Member

yossigo commented Dec 28, 2021

@chayim Am I reading this wrong, or is this PR about OCSP validation support rather than OCSP stapling? I don't see anywhere the Certificate Status TLS extension here, which is what OCSP stapling is all about.

@chayim
Copy link
Contributor Author

chayim commented Dec 28, 2021

This support OCSP validation within the tunnel. The client doesn't currently handle direct stapling. That's a next step.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@dvora-h dvora-h Awaiting requested review from dvora-h

Assignees
No one assigned
Labels
feature New feature
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@chayim @codecov-commenter @yossigo