[gnutls-devel] GnuTLS | Service Desk (from debian.axhn at manchmal.in-ulm.de): gnutls: Missing authority check in the certificate revocation check routines (#861)

Development of GNU's TLS library gnutls-devel at lists.gnutls.org
Sat Nov 23 21:20:29 CET 2019




Nikos Mavrogiannopoulos commented:


Hi,
 Verifying the CRL is optional in gnutls. I remember that my original view on that was that you download the CRL verify it, and then use it as stored locally. There is no need to verify it, each and every time. You can verify a CRL once using `certtool --verify-crl`, and then keep using it.  There is a specific flag for applications `GNUTLS_CERTIFICATE_VERIFY_CRLS` which they can set to verify the CRL explicitly. Does this answer your concern?

-- 
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/issues/861#note_249442494
You're receiving this email because of your account on gitlab.com.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20191123/801e3025/attachment.html>


More information about the Gnutls-devel mailing list