Re: [Help-gnutls] How to check if a certificate is revoked

help-gnutls

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Help-gnutls] How to check if a certificate is revoked

From:	Nikos Mavrogiannopoulos
Subject:	Re: [Help-gnutls] How to check if a certificate is revoked
Date:	Mon, 02 Jun 2008 22:09:54 +0300
User-agent:	Thunderbird 2.0.0.14 (X11/20080505)

Martin Lambers wrote:
> Hi all,
> 
> how do I check if a certificate is revoked?
> 
> I created a test CA, signed a certificate, revoked it, and created a CRL
> file with this information.

Please include the CRL that you are talking about. The output of
certtool --crl-info should be sufficient.

> Then I use gnutls_certificate_set_x509_crl_file() in the client program 
> to set the CRL file. The function returns 1, as expected.
> After calling gnutls_certificate_verify_peers2(), I check if the status
> contains GNUTLS_CERT_REVOKED, but this is not the case.

Also include the output of -d 2 if you are using gnutls-cli and
gnutls-serv. Otherwise increase the verbosity level to 2 and include the
output.

> Neither openssl s_client nor gnutls-cli seem to support CRL files, so I
> was not able to double check that my test setup is correct.

Use the --x509crlfile parameter to gnutls-cli and gnutls-serv.

regards,
Nikos

[Prev in Thread]

Current Thread

[Next in Thread]

Re: [Help-gnutls] How to check if a certificate is revoked, Nikos Mavrogiannopoulos <=
- Re: [Help-gnutls] How to check if a certificate is revoked, Martin Lambers, 2008/06/03

Next by Date: Re: [Help-gnutls] How to check if a certificate is revoked
Next by thread: Re: [Help-gnutls] How to check if a certificate is revoked
Index(es):
- Date
- Thread