You are not logged in. Please login or register.
Please post questions or comments you have about wolfSSL products here. It is helpful to be as descriptive as possible when asking your questions.
ReferenceswolfSSL - Embedded SSL Library → Posts by HAPPY
Pages 1
Hello, developer. What is the purpose of WOLFSSL_CRL_ALLOW_MISSING_CDP and how does it affect the CRL revocation checking?
Hello, developer. I am a beginner, and while using the wolfSSL_CertManagerCheckCRL function for revocation checking, I found that it does not check the CRL scope as specified in RFC 5280. For example, the Distribution Point Name in the CDP extension of the certificate does not match the Distribution Point Name in the IDP extension of the CRL. According to RFC 5280, this CRL should be rejected, but when performing the revocation check using wolfSSL_CertManagerCheckCRL, the CRL is not rejected.
Can you confirm whether wolfSSL_CertManagerCheckCRL follows the RFC 5280 guidelines for CRL revocation checking? If not, are there other functions in wolfSSL that perform CRL revocation checks according to RFC 5280?
Hello developer,
This is the result of wolfSSL_CertManagerCheckCRL after enabling debug logging. I used an unexpired certificate and CRL. Could you please help me understand what could be causing the verification to fail?
1
SSL handshake skipped. CRL checks will still be performed.
wolfSSL Entering wolfSSL_CertManagerCheckCRL
ParseCert failed
CRL verification failed: -140Hello Developer,
I am using the wolfSSL_CertManagerLoadCRLBuffer function, and as you mentioned, I have used the wolfSSL_CertManagerLoadCA function as well. However, wolfSSL_CertManagerLoadCRLBuffer is returning -179. Could you please tell me what might be the cause of this?
Hello Developer, I am using the wolfSSL_CertManagerLoadCRLBuffer function, and it returns a value of -190. Could you please let me know the reason for this?
Hello, developer. I now know that the wolfSSL_CTX_EnableCRL API can be used to enable CRL revocation checking. How can I obtain the results after the revocation check, such as whether it succeeded or failed, after calling wolfSSL_CTX_EnableCRL?
Hello developer, I used
long verify_result = wolfSSL_get_verify_result(ssl); from wolfSSL to check the certificate revocation status, and I have already included
#include <wolfssl/ssl.h>. Why do I still get the following error?
/usr/bin/ld: /tmp/ccjSsmqw.o: in function `main':
wolfssl_crl_test.c:(.text+0x55f): undefined reference to `wolfSSL_get_verify_result'
collect2: error: ld returned 1 exit statusHello, developer. Can you tell me if the command cmake .. -DENABLE_CRL=ON -DCMAKE can enable CRL?
Hello, developer. When I use the wolfSSL_CTX_LoadCRL and wolfSSL_CTX_EnableCRL functions from wolfSSL, I get the following error:
Severity: Error
Code: LNK2019
Description: Unresolved external symbol wolfSSL_CTX_EnableCRL referenced in function main.
I have already linked the package directory. What could be causing this issue, and how should I resolve it?
Hello, developer:
The default certificate revocation mechanism used by wolfSSL is what? Or does it default to not enabling any certificate revocation mechanism?
Hello developer, if wolfSSL is built without using the --enable-crl option to enable CRL, does wolfSSL default to using OCSP for certificate revocation?
Hello Developer,
I would like to inquire whether wolfSSL still uses CRLs to validate certificate validity, or if wolfSSL still has the capability to use CRLs for certificate validation.
Pages 1
wolfSSL - Embedded SSL Library → Posts by HAPPY
Powered by PunBB, supported by Informer Technologies, Inc.
Generated in 0.016 seconds (95% PHP - 5% DB) with 4 queries