You are not logged in. Please login or register.
Please post questions or comments you have about wolfSSL products here. It is helpful to be as descriptive as possible when asking your questions.
ReferenceswolfSSL - Embedded SSL Library → wolfSSL → Can wolfCLU parse CRL files with CRL extensions?
Hello Developer,
While using wolfCLU to parse CRL files, I found that wolfCLU can only parse CRL files without CRL extensions, including extensions like Authority Key Identifier (AKI), Issuer Directory Prefix (IDP), and Freshest CRL (FDP), etc. Could this be an issue with wolfCLU, or is it possible that I missed selecting some options when building wolfCLU?
Hi HAPPY.
Can you send over an example CRL with these extensions?
Warm regards, Anthony.
Thank you for noticing this. Can I ask you if you need support for extensions? If so, you can register a feature request by sending a message to support@wolfssl.com .
Warm regards, Anthony
Hello,
I did the following:
cd wolfssl
./autogen.sh
./configure --enable-wolfclu --enable-crl
make all
sudo make install
sudo ldconfig
cd ..
cd wolfCLU
./autogen.sh
./configure
make all
./wolfssl crl -in /path/to/wolfssl/certs/crl/ca-int.pem -text -nooutHere is the output from the last command:
Certificate Revocation List (CRL):
Version 2 (0x1)
Signature Algorithm: sha256WithRSAEncryption
Issuer: C = US, ST = Washington, L = Seattle, O = wolfSSL, OU = Development, CN = wolfSSL Intermediate CA, emailAddress = info@wolfssl.com
Last Update: Sep 27 12:10:09 2023 GMT
Next Update: Jun 23 12:10:09 2026 GMT
CRL extensions:
X509v3 Authority Key Identifier:
EF:69:E0:F7:D5:1D:E6:99:EC:DC:6D:D0:F7:E2:B9:5C:64:71:83:35
X509v3 CRL Number:
8192
No Revoked Certificates.
Signature Algorithm: sha256WithRSAEncryption
Signature Value:
4b:7f:45:20:16:f5:77:18:35:70:b5:d3:fe:d8:3f:1b:90:0e:
f7:aa:dc:39:85:b3:df:52:a8:65:e7:b5:01:34:c3:9a:01:bf:
59:f9:79:79:9c:b3:a8:8a:e3:eb:23:41:af:48:ad:ab:01:0a:
e2:b7:09:47:3e:42:19:13:c2:6b:cd:4c:dd:54:5c:42:77:23:
f7:4f:1b:a0:4b:95:b1:a8:96:ce:86:d6:63:3d:53:61:31:54:
be:79:50:a5:13:b7:67:5d:b8:fa:60:6e:71:9f:95:c6:20:a5:
66:a7:02:7d:1f:f4:23:cb:49:14:c6:03:96:dc:16:b5:aa:7c:
55:87:88:57:aa:a1:a8:ac:3b:11:64:cf:87:01:be:99:ed:7c:
8f:28:5c:94:f6:aa:ea:c1:e2:50:16:a7:79:c4:0e:0f:3a:e5:
5e:c2:c6:80:2e:b8:13:d8:74:cd:b1:5c:ef:14:17:ae:72:d6:
46:ea:df:b8:b0:38:bd:8d:b1:a3:2c:a3:c7:04:dc:75:22:c3:
2f:8a:e5:a8:0d:9d:54:4c:7f:16:b6:c0:d5:20:63:81:4a:c9:
cb:85:c9:b6:1b:05:22:ee:0c:d9:f8:98:f3:57:16:29:09:84:
0b:fd:aa:ee:a3:ca:36:b1:86:f1:bd:b8:12:43:ef:15:77:a9:
52:d9:5e:25As you can see, the AKI is parsed and output properly.
Warm regards, Anthony
wolfSSL - Embedded SSL Library → wolfSSL → Can wolfCLU parse CRL files with CRL extensions?
Powered by PunBB, supported by Informer Technologies, Inc.
Generated in 0.020 seconds (91% PHP - 9% DB) with 11 queries