[Help-gnutls] Re: Beginner's question
Simon Josefsson
simon at josefsson.org
Sun Apr 13 12:16:45 CEST 2008
"Rainer Gerhards" <rgerhards at gmail.com> writes:
>> Thanks! Let us know if there is anything we could improve to help
>> explain something that you get stuck on. It is easy to go blind in a
>> project, so input from new users are very valuable.
>
> There is one thing, if I may hijack this thread. The CRL files. I know
> what certificate revocation is for, but I do not fully understand how
> the CRL functions are used. Most importantly, do I need to create that
> file and, if so, how? I know that's all pretty basic and I appreciate
> your help on those boring questions ;).
Good questions. I think people are generally better off forgetting
about CRLs. If you are designing something new, use an online checking
protocol like OCSP instead of CRLs. If you are stuck with a system that
uses CRLs, you naturally has to use it.
As far as I could see, there wasn't any documentation on how to
generate/verify CRLs in the manual, I've fixed this:
http://git.savannah.gnu.org/gitweb/?p=gnutls.git;a=commitdiff;h=3acf331ee7f3dc310a18b2b9b476a0d851e2bb32
We could probably discuss CRLs more in the manual, but I can't seem to
find a good place to do it or can think of anything concrete to say.
Thanks,
/Simon
More information about the Gnutls-help
mailing list