Taral <[email protected]> noted..
>
> On Tue, Feb 7, 2012 at 7:25 AM, Alexandre Dulaunoy <[email protected]> wrote:
>> $ ./crlset dump crl-set | wc -l
>> 1656
>>
>> Maybe they use a bloomfilter-like format or something like that. But
>> it seems that their current bundle is
>> not matching the numbers of the revoked certificate especially the
>> ones with a reason.
>>
>> Information about the Google CRLSet format is welcome.
>
> A glance at the code says the dump is of the form:
>
> spki hash
> serial
> serial
> serial
>
> And it looks like it's been updated:
>
> % ./crlset dump crlset | grep '^ ' | wc -l
> 3809
note that one needs to do this sequence to get similar results as above (i.e.
Taral's results)...
$ ./crlset fetch > foo
$ ./crlset dump foo | grep '^ ' | wc -l
3809
I.e. you need to actually fetch the latest update, then dump it. Otherwise
you'll be stuck with your previous numbers, assuming you request dumping of the
same file you've previously fetched to.
HTH,
=JeffH
_______________________________________________
cryptography mailing list
[email protected]
http://lists.randombit.net/mailman/listinfo/cryptography
