[gnutls-devel] Revoked certificate count in CRL is capped at 34
nmav at gnutls.org
Wed Aug 12 23:02:42 CEST 2015
On Wed, 2015-08-12 at 16:32 +0000, Zsolt Horvath wrote:
> Dear Team,
> I am working on a small project where I’m planning to do periodic CRL
> generation with GNUTLS from concatenated to-be-revoked-certificates.
> The CRL is generated as per the guide:
> certtool --generate-crl --load-ca-privkey $CAPRIVKEY \
> --load-ca-certificate $CACERT \
> --load-certificate syssec-int.pem \
> --template infosec-vpn-int.cfg \
> --d 900
Thanks for bringing that up. It seems that certain commands of
certtool are limited in the amount of buffers they may use. In
particular the buffers are correctly adjusted only for the options that
use the --infile option.
Even in that case it seems that some options are have also other
arbitrary maximum limits. Maybe it is time to remove those limits
completely. I don't know how helpful it would be for you, but I'll have
a patch for 3.4.x soon.
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Gnutls-devel