[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Help-gnutls] Re: Beginner's question
From: |
Simon Josefsson |
Subject: |
[Help-gnutls] Re: Beginner's question |
Date: |
Sun, 13 Apr 2008 12:16:45 +0200 |
User-agent: |
Gnus/5.110007 (No Gnus v0.7) Emacs/22.1 (gnu/linux) |
"Rainer Gerhards" <address@hidden> writes:
>> Thanks! Let us know if there is anything we could improve to help
>> explain something that you get stuck on. It is easy to go blind in a
>> project, so input from new users are very valuable.
>
> There is one thing, if I may hijack this thread. The CRL files. I know
> what certificate revocation is for, but I do not fully understand how
> the CRL functions are used. Most importantly, do I need to create that
> file and, if so, how? I know that's all pretty basic and I appreciate
> your help on those boring questions ;).
Good questions. I think people are generally better off forgetting
about CRLs. If you are designing something new, use an online checking
protocol like OCSP instead of CRLs. If you are stuck with a system that
uses CRLs, you naturally has to use it.
As far as I could see, there wasn't any documentation on how to
generate/verify CRLs in the manual, I've fixed this:
http://git.savannah.gnu.org/gitweb/?p=gnutls.git;a=commitdiff;h=3acf331ee7f3dc310a18b2b9b476a0d851e2bb32
We could probably discuss CRLs more in the manual, but I can't seem to
find a good place to do it or can think of anything concrete to say.
Thanks,
/Simon