• Registered: 2024-09-11
  • Posts: 16

Topic: The issue with the wolfSSL_CertManagerCheckCRL command in wolfSSL

Hello, developer. I am a beginner, and while using the wolfSSL_CertManagerCheckCRL function for revocation checking, I found that it does not check the CRL scope as specified in RFC 5280. For example, the Distribution Point Name in the CDP extension of the certificate does not match the Distribution Point Name in the IDP extension of the CRL. According to RFC 5280, this CRL should be rejected, but when performing the revocation check using wolfSSL_CertManagerCheckCRL, the CRL is not rejected.

Can you confirm whether wolfSSL_CertManagerCheckCRL follows the RFC 5280 guidelines for CRL revocation checking? If not, are there other functions in wolfSSL that perform CRL revocation checks according to RFC 5280?

Share

  • From: Mobile, AL
  • Registered: 2013-12-11
  • Posts: 357

Re: The issue with the wolfSSL_CertManagerCheckCRL command in wolfSSL

Hello Happy,

Do you have WOLFSSL_CRL_ALLOW_MISSING_CDP defined in the config, or are you using the callback to override the failure?

If you believe this to be a bug, please email support@wolfssl.com to create a ticket in our support system.

Thanks,
Eric - wolfSSL Support

embhorn's Website

Share

  • Registered: 2024-09-11
  • Posts: 16

Re: The issue with the wolfSSL_CertManagerCheckCRL command in wolfSSL

Hello, developer. What is the purpose of WOLFSSL_CRL_ALLOW_MISSING_CDP and how does it affect the CRL revocation checking?

Share