[gnutls-devel] GnuTLS | Service Desk (from quentin.gouchet at gmail.com): GnuTLS does not ncheck for crlSign field (#564)

Development of GNU's TLS library gnutls-devel at lists.gnutls.org
Sun Sep 16 15:44:32 CEST 2018

Is the issue reported against `gnutls-cli`/tools explicitly or against the library? It seems that gnutls-cli will trust whichever CRL is provided to it, however the library itself provides functions to verify a CRL, such as `gnutls_x509_crl_verify()`.

For example if you use:
certtool --verify-crl --infile CA-0.crl --load-ca-certificate CA-0.crt

Verification output: Not verified.  The certificate is NOT trusted. The certificate chain violates the signer's constraints. 
if the CRLSign flag is not there. The defaults may be not what is expected, but that functionality is there.

Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/issues/564#note_101677987
You're receiving this email because of your account on gitlab.com.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20180916/bbc53a49/attachment.html>

More information about the Gnutls-devel mailing list