cfssl revoke: certIsRevokedCRL does not verify CRL signature if AIA extension is not used

revoke: certIsRevokedCRL does not verify CRL signature if AIA extension is not used

Open jukeks opened this issue 5 years ago • 0 comments

certIsRevokedCRL fetches issuer certificate from AIA extension defined URLs. If none are defined or fetching fails, CRL is used without signature checks even if HardFail is true.

Jan 09 '20 12:01 jukeks

cfssl cfssl copied to clipboard

revoke: certIsRevokedCRL does not verify CRL signature if AIA extension is not used

cfssl
cfssl copied to clipboard