[gnutls-devel] GnuTLS | Service Desk (from quentin.gouchet at gmail.com): GnuTLS does not ncheck for crlSign field (#564)
Development of GNU's TLS library
gnutls-devel at lists.gnutls.org
Sun Sep 16 15:44:32 CEST 2018
Is the issue reported against `gnutls-cli`/tools explicitly or against the library? It seems that gnutls-cli will trust whichever CRL is provided to it, however the library itself provides functions to verify a CRL, such as `gnutls_x509_crl_verify()`.
For example if you use:
```
certtool --verify-crl --infile CA-0.crl --load-ca-certificate CA-0.crt
...
Verification output: Not verified. The certificate is NOT trusted. The certificate chain violates the signer's constraints.
```
if the CRLSign flag is not there. The defaults may be not what is expected, but that functionality is there.
--
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/issues/564#note_101677987
You're receiving this email because of your account on gitlab.com.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20180916/bbc53a49/attachment.html>
More information about the Gnutls-devel
mailing list