To detect revoked certificates, you have to either have a current CRL for the CA that issued the cert, or use OSCP. This doesn't appear to be easy to do in Go yet, but https://godoc.org/golang.org/x/crypto/ocsp may help.
On Sat, Jul 8, 2017 at 1:06 AM gwhelbig via golang-nuts < golang-nuts@googlegroups.com> wrote: > Shawn, > > I'm a little confused. > > Your program prints 'Certificate for "revoked.badssl.com" from "DigiCert > Inc" expires 2019-09-11 12:00:00 +0000 UTC (795 days).' for the revoked > certificate. > > How do I tell that it has been revoked? > > Gary. > > Cr@p. I just realized that I titled the post "expired" when my issue is > with revoked... > > > On Friday, July 7, 2017 at 8:13:02 AM UTC-7, Shawn Milochik wrote: >> >> Happy Friday. >> >> https://play.golang.org/p/gU-wTqYqlv - private >> <https://play.golang.org/p/gU-wTqYqlv> >> >> >> -- > You received this message because you are subscribed to the Google Groups > "golang-nuts" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to golang-nuts+unsubscr...@googlegroups.com. > For more options, visit https://groups.google.com/d/optout. > -- You received this message because you are subscribed to the Google Groups "golang-nuts" group. To unsubscribe from this group and stop receiving emails from it, send an email to golang-nuts+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
