[gnutls-devel] GnuTLS | GnuTLS uses expired CRLs without warning (#1781)
Read-only notification of GnuTLS library development activities
gnutls-devel at lists.gnutls.org
Sat Jan 10 08:18:49 CET 2026
Joyanta Debnath created an issue: https://gitlab.com/gnutls/gnutls/-/issues/1781
## Description of problem:
GnuTLS does not explicitly check whether a CRL has expired at the time of validation. As a result, it continues to perform revocation checks using expired CRLs without raising any warnings or errors for the user.
https://github.com/gnutls/gnutls/blob/0b7e7690a5744a501b887dd3a53e74c384b82a3c/lib/x509/x509.c#L3239
## Version of gnutls used:
latest or older
## Distributor of gnutls (e.g., Ubuntu, Fedora, RHEL)
Ubuntu
## Actual results:
Accepts CRL for certificate validation
## Expected results:
Rejects CRL for certificate validation
--
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1781
You're receiving this email because of your account on gitlab.com.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20260110/6e6eb1c8/attachment.html>
More information about the Gnutls-devel
mailing list