[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Bug-wget] certificate revocation lists (CRLs) #43501

From: Petr Pisar
Subject: Re: [Bug-wget] certificate revocation lists (CRLs) #43501
Date: Wed, 5 Nov 2014 15:43:56 +0100
User-agent: Mutt/1.5.23 (2014-03-12)

On Wed, Nov 05, 2014 at 01:54:20PM +0100, Noël Köthe wrote:
> Am Mittwoch, den 05.11.2014, 12:48 +0100 schrieb Tim Ruehsen:
> > BTW, does Debian meanwhile has a CRL infrastructure (something like 
> > /etc/ssl/certs/) or is planning something like it ?
> I'm not aware of an infrastructure but asked the people who might know
> this (CC: to this list).
> > Also, OCSP certificate status checking might be interesting for Wget.
> :) ACK.
Checking certificate validity is damn difficult (partial CRLs, CRL expiration,
CRL or OSCP server unavailability, caching).

There is dirmngr daemon that can do most of the things (it did not support
partial CRLs last time I checked). Unfortunatelly it has its own configuration
because it's from GnuPG project.

-- Petr

Attachment: pgpY6LgGhdlqo.pgp
Description: PGP signature

reply via email to

[Prev in Thread] Current Thread [Next in Thread]