UNPKG

harperdb

Version:

HarperDB is a distributed database, caching service, streaming broker, and application development platform focused on performance and ease of use.

www.harperdb.io

32 lines (31 loc) 1.45 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
/** * Certificate verification for mTLS authentication * * This module provides certificate revocation checking for client certificates * in mutual TLS (mTLS) connections. Supports both OCSP (Online Certificate * Status Protocol) and CRL (Certificate Revocation List) verification methods * with automatic method selection. * * Features: * - OCSP verification with caching * - CRL verification with caching * - CRL-first with OCSP fallback for optimal performance * - Background CRL refresh with exponential backoff * - Graceful degradation during network outages * - Ed25519/Ed448 certificate support * * Default behavior: * - Certificate verification: disabled (must be explicitly enabled) * - Verification approach: CRL-first (with OCSP fallback) * - CRL timeout: 10 seconds, cache TTL: 24 hours * - OCSP timeout: 5 seconds, cache TTL: 1 hour * - Failure mode: fail-closed (rejects connections if verification fails) */ import type { PeerCertificate, CertificateVerificationResult } from './types.ts'; /** * Verify certificate revocation status using OCSP and/or CRL * @param peerCertificate - Peer certificate object from TLS connection * @param mtlsConfig - The mTLS configuration from the request * @returns Promise resolving to verification result */ export declare function verifyCertificate(peerCertificate: PeerCertificate, mtlsConfig?: boolean | Record<string, any> | null): Promise<CertificateVerificationResult>;