You are not logged in. Please login or register.
Please post questions or comments you have about wolfSSL products here. It is helpful to be as descriptive as possible when asking your questions.
ReferenceswolfSSL - Embedded SSL Library → wolfSSL → The usage of wolfSSL_CTX_EnableCRL
Hello, developer. I now know that the wolfSSL_CTX_EnableCRL API can be used to enable CRL revocation checking. How can I obtain the results after the revocation check, such as whether it succeeded or failed, after calling wolfSSL_CTX_EnableCRL?
Hello Happy,
After enabling CRL checking, wolfSSL will automatically check your CRL as part of the connection.
If you want to manually perform this check, you can set up a cert manager, enable CRL checking on it with wolfSSL_CertManagerEnableCRL, load your CRL with wolfSSL_CertManagerLoadCRL/wolfSSL_CertManagerLoadCRLBuffer then call wolfSSL_CertManagerCheckCRL to check the CRL: https://www.wolfssl.com/documentation/m … ercheckcrl
Thanks,
Kareem
Hello Developer, I am using the wolfSSL_CertManagerLoadCRLBuffer function, and it returns a value of -190. Could you please let me know the reason for this?
Hello Happy,
-190 is ASN_CRL_NO_SIGNER_E, this means the CRL's CA cert is not registered with wolfSSL. You will need to register your CA cert with wolfSSL_CertManagerLoadCA before calling wolfSSL_CertManagerLoadCRLBuffer.
Thanks,
Kareem
Hello Developer,
I am using the wolfSSL_CertManagerLoadCRLBuffer function, and as you mentioned, I have used the wolfSSL_CertManagerLoadCA function as well. However, wolfSSL_CertManagerLoadCRLBuffer is returning -179. Could you please tell me what might be the cause of this?
Hello Happy,
-179 is CRL_CERT_DATE_ERR, this means the CRL's date is not valid when compared to the current time.
You may find our debug logging helpful, you can enable it by building with --enable-debug and running wolfSSL_Debugging_ON() at the start of your program.
Thanks,
Kareem
Hello developer,
This is the result of wolfSSL_CertManagerCheckCRL after enabling debug logging. I used an unexpired certificate and CRL. Could you please help me understand what could be causing the verification to fail?
1
SSL handshake skipped. CRL checks will still be performed.
wolfSSL Entering wolfSSL_CertManagerCheckCRL
ParseCert failed
CRL verification failed: -140Hello Happy,
-140/ASN_PARSE_E is a general error thrown when the cert/CRL passed in is invalid in some way. For more information on where this error is coming from, please rebuild with --enable-debug --enable-debug-trace-errcodes.
Thanks,
Kareem
wolfSSL - Embedded SSL Library → wolfSSL → The usage of wolfSSL_CTX_EnableCRL
Powered by PunBB, supported by Informer Technologies, Inc.
Generated in 0.022 seconds (90% PHP - 10% DB) with 10 queries