Hi! On Mon, 02. Jun 2008, 22:09:54 +0300, Nikos Mavrogiannopoulos wrote: > > how do I check if a certificate is revoked? > > > > I created a test CA, signed a certificate, revoked it, and created a CRL > > file with this information. > > Please include the CRL that you are talking about. The output of > certtool --crl-info should be sufficient. > > > Then I use gnutls_certificate_set_x509_crl_file() in the client program > > to set the CRL file. The function returns 1, as expected. > > After calling gnutls_certificate_verify_peers2(), I check if the status > > contains GNUTLS_CERT_REVOKED, but this is not the case. > > Also include the output of -d 2 if you are using gnutls-cli and > gnutls-serv. Otherwise increase the verbosity level to 2 and include the > output. > > > Neither openssl s_client nor gnutls-cli seem to support CRL files, so I > > was not able to double check that my test setup is correct. > > Use the --x509crlfile parameter to gnutls-cli and gnutls-serv.
Thanks for your help. Your hints helped me to find a bug in my test application. Now everything works as expected. Thanks! Martin _______________________________________________ Help-gnutls mailing list [email protected] http://lists.gnu.org/mailman/listinfo/help-gnutls
