Martin Lambers wrote: > Hi all, > > how do I check if a certificate is revoked? > > I created a test CA, signed a certificate, revoked it, and created a CRL > file with this information.
Please include the CRL that you are talking about. The output of certtool --crl-info should be sufficient. > Then I use gnutls_certificate_set_x509_crl_file() in the client program > to set the CRL file. The function returns 1, as expected. > After calling gnutls_certificate_verify_peers2(), I check if the status > contains GNUTLS_CERT_REVOKED, but this is not the case. Also include the output of -d 2 if you are using gnutls-cli and gnutls-serv. Otherwise increase the verbosity level to 2 and include the output. > Neither openssl s_client nor gnutls-cli seem to support CRL files, so I > was not able to double check that my test setup is correct. Use the --x509crlfile parameter to gnutls-cli and gnutls-serv. regards, Nikos _______________________________________________ Help-gnutls mailing list [email protected] http://lists.gnu.org/mailman/listinfo/help-gnutls
