Re: [Nmh-workers] TLS certificate validation

nmh-workers

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Nmh-workers] TLS certificate validation

From:	Ralph Corderoy
Subject:	Re: [Nmh-workers] TLS certificate validation
Date:	Sun, 25 Sep 2016 16:59:01 +0100

Hi Jeff,

> What would be good to find is a script that can do an audit of a
> system's ca-certificates and list any that have been revoked or have
> expired and run this on our build servers.

Go has a good set of crypto stuff in its standard library, done by
Google's Adam Langley who's one of their top TLS guys, so I thought I'd
find a command-line program that used that to do what you suggest, but
couldn't.

I did find

    
https://raymii.org/s/articles/OpenSSL_manually_verify_a_certificate_against_a_CRL.html
    
https://raymii.org/s/articles/OpenSSL_Manually_Verify_a_certificate_against_an_OCSP.html

that show how to use OpenSSL's command line.  Many *.pem here don't have
OCSP, and many don't give a CRL URI, which is a bit rum.

-- 
Cheers, Ralph.
https://plus.google.com/+RalphCorderoy

[Prev in Thread]

Current Thread

[Next in Thread]

Re: [Nmh-workers] TLS certificate validation, (continued)
- Re: [Nmh-workers] TLS certificate validation, David Levine, 2016/09/24
  - Re: [Nmh-workers] TLS certificate validation, Lyndon Nerenberg, 2016/09/26
- Re: [Nmh-workers] TLS certificate validation, Ralph Corderoy, 2016/09/24
  - Re: [Nmh-workers] TLS certificate validation, Ken Hornstein, 2016/09/24
- Re: [Nmh-workers] TLS certificate validation, Jeffrey Honig, 2016/09/24
  - Re: [Nmh-workers] TLS certificate validation, Ken Hornstein, 2016/09/24
    - Re: [Nmh-workers] TLS certificate validation, Jeffrey Honig, 2016/09/25
    - Re: [Nmh-workers] TLS certificate validation, Ralph Corderoy, 2016/09/25
    - Re: [Nmh-workers] TLS certificate validation, Jeffrey Honig, 2016/09/25
    - Re: [Nmh-workers] TLS certificate validation, Ralph Corderoy <=
    - Re: [Nmh-workers] TLS certificate validation, Ken Hornstein, 2016/09/25
    - Re: [Nmh-workers] TLS certificate validation, Jeffrey Honig, 2016/09/25
    - Re: [Nmh-workers] TLS certificate validation, Ken Hornstein, 2016/09/25
    - Re: [Nmh-workers] TLS certificate validation, Jeffrey Honig, 2016/09/25
  - Re: [Nmh-workers] TLS certificate validation, Valdis . Kletnieks, 2016/09/24
    - Re: [Nmh-workers] TLS certificate validation, Ken Hornstein, 2016/09/24
    - Re: [Nmh-workers] TLS certificate validation, Ralph Corderoy, 2016/09/25
  - Re: [Nmh-workers] TLS certificate validation, Lyndon Nerenberg, 2016/09/26

Prev by Date: Re: [Nmh-workers] TLS certificate validation
Next by Date: Re: [Nmh-workers] Starting the final call for features for 1.7
Previous by thread: Re: [Nmh-workers] TLS certificate validation
Next by thread: Re: [Nmh-workers] TLS certificate validation
Index(es):
- Date
- Thread