[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Help-gnutls] How to check if a certificate is revoked
From: |
Nikos Mavrogiannopoulos |
Subject: |
Re: [Help-gnutls] How to check if a certificate is revoked |
Date: |
Mon, 02 Jun 2008 22:09:54 +0300 |
User-agent: |
Thunderbird 2.0.0.14 (X11/20080505) |
Martin Lambers wrote:
> Hi all,
>
> how do I check if a certificate is revoked?
>
> I created a test CA, signed a certificate, revoked it, and created a CRL
> file with this information.
Please include the CRL that you are talking about. The output of
certtool --crl-info should be sufficient.
> Then I use gnutls_certificate_set_x509_crl_file() in the client program
> to set the CRL file. The function returns 1, as expected.
> After calling gnutls_certificate_verify_peers2(), I check if the status
> contains GNUTLS_CERT_REVOKED, but this is not the case.
Also include the output of -d 2 if you are using gnutls-cli and
gnutls-serv. Otherwise increase the verbosity level to 2 and include the
output.
> Neither openssl s_client nor gnutls-cli seem to support CRL files, so I
> was not able to double check that my test setup is correct.
Use the --x509crlfile parameter to gnutls-cli and gnutls-serv.
regards,
Nikos
- Re: [Help-gnutls] How to check if a certificate is revoked,
Nikos Mavrogiannopoulos <=