Hi Jeff,
What would be good to find is a script that can do an audit of a
system's ca-certificates and list any that have been revoked or have
expired and run this on our build servers.
Go has a good set of crypto stuff in its standard library, done by
Google's Adam Langley who's one of their top TLS guys, so I thought I'd
find a command-line program that used that to do what you suggest, but
couldn't.
I did find
https://raymii.org/s/articles/OpenSSL_manually_verify_a_certificate_against_a_CRL.html
https://raymii.org/s/articles/OpenSSL_Manually_Verify_a_certificate_against_an_OCSP.html
that show how to use OpenSSL's command line. Many *.pem here don't have
OCSP, and many don't give a CRL URI, which is a bit rum.
--
Cheers, Ralph.
https://plus.google.com/+RalphCorderoy
_______________________________________________
Nmh-workers mailing list
Nmh-workers(_at_)nongnu(_dot_)org
https://lists.nongnu.org/mailman/listinfo/nmh-workers