[Help-gnutls] How to check if a certificate is revoked

Martin Lambers marlam at marlam.de
Tue Jun 3 20:00:54 CEST 2008


On Mon, 02. Jun 2008, 22:09:54 +0300, Nikos Mavrogiannopoulos wrote:
> > how do I check if a certificate is revoked?
> > 
> > I created a test CA, signed a certificate, revoked it, and created a CRL
> > file with this information.
> Please include the CRL that you are talking about. The output of
> certtool --crl-info should be sufficient.
> > Then I use gnutls_certificate_set_x509_crl_file() in the client program 
> > to set the CRL file. The function returns 1, as expected.
> > After calling gnutls_certificate_verify_peers2(), I check if the status
> > contains GNUTLS_CERT_REVOKED, but this is not the case.
> Also include the output of -d 2 if you are using gnutls-cli and
> gnutls-serv. Otherwise increase the verbosity level to 2 and include the
> output.
> > Neither openssl s_client nor gnutls-cli seem to support CRL files, so I
> > was not able to double check that my test setup is correct.
> Use the --x509crlfile parameter to gnutls-cli and gnutls-serv.

Thanks for your help. Your hints helped me to find a bug in my test
application. Now everything works as expected.


More information about the Gnutls-help mailing list