Rich Fought <[EMAIL PROTECTED]> writes: > Does the function > > gnutls_certificate_set_x509_crl_file > > do any sort of checking whatsoever on the CRL file?
It reads the file and DER decode the data. > The documentation implies that the CRL should be verified > beforehand, but I'm not sure what this means. I know for sure that > it does not check dates; does it check the CRL's signature against > the loaded root CA cert? No, I don't think so. You'll have to verify that beforehand. This should probably be fixed, patches welcome. > If not, does the API provide a way to extract the loaded CRL from the > credentials structure and do the checking? Hm, I can't find any API for that. Nikos? > Or is a separate deal? gnutls_certificate_verify_peers2 do check certificates against the CRL though. /Simon _______________________________________________ Help-gnutls mailing list [email protected] http://lists.gnu.org/mailman/listinfo/help-gnutls
