a4e86141f1
RFC5280 does not state that the `revocationDate` should be checked. In addition, when no time source is available (i.e., when MBEDTLS_HAVE_TIME_DATE is not defined), `mbedtls_x509_time_is_past` always returns 0. This results in the CRL not being checked at all. https://tools.ietf.org/html/rfc5280 Signed-off-by: Raoul Strackx <raoul.strackx@fortanix.com>
18 lines
540 B
Text
18 lines
540 B
Text
[ ca ]
|
|
default_ca = test-ca
|
|
|
|
[ test-ca ]
|
|
certificate = test-ca.crt
|
|
private_key = test-ca.key
|
|
serial = test-ca.server1.serial
|
|
default_md = sha1
|
|
default_startdate = 110212144406Z
|
|
default_enddate = 210212144406Z
|
|
new_certs_dir = ./
|
|
database = ./test-ca.server1.future-crl.db
|
|
policy = policy_match
|
|
|
|
[policy_match]
|
|
countryName = supplied
|
|
organizationName = supplied
|
|
commonName = supplied
|