On Wed, Nov 05, 2014 at 01:54:20PM +0100, Noël Köthe wrote: > Am Mittwoch, den 05.11.2014, 12:48 +0100 schrieb Tim Ruehsen: > > BTW, does Debian meanwhile has a CRL infrastructure (something like > > /etc/ssl/certs/) or is planning something like it ? > > I'm not aware of an infrastructure but asked the people who might know > this (CC: to this list). > > > Also, OCSP certificate status checking might be interesting for Wget. > > :) ACK. > Checking certificate validity is damn difficult (partial CRLs, CRL expiration, CRL or OSCP server unavailability, caching).
There is dirmngr daemon that can do most of the things (it did not support partial CRLs last time I checked). Unfortunatelly it has its own configuration because it's from GnuPG project. -- Petr
Description: PGP signature