Checking for certificate revocation

• Subject: Checking for certificate revocation
• From: Paul Nelson <email@hidden>
• Date: Thu, 11 May 2006 13:23:45 -0500
• Delivered-to: email@hidden
• Delivered-to: email@hidden
• Thread-index: AcZ1KAnJSHMRbuEbEdqTgAAWy4i6sA==
• Thread-topic: Checking for certificate revocation
• User-agent: Microsoft-Entourage/11.2.3.060209

I need to determine that a certificate is valid and has not been revoked.

No matter what settings I make in the Keychain preferences, I never see any
attempt by the Mac to verify that the certificate has not been revoked.  I
am tracing network activity, and expect the Mac to use OCSP or CRL to check
the certificate.

In my own software, I am using SecTrustEvaluate to check the certificate.
This function always succeeds with kSecTrustResultProceed.

Is a CRL cached?  Is there a way to remove the cached CRL to force the Mac
to retrieve one?

Paul Nelson
Thursby Software Systems, Inc.


 _______________________________________________
Do not post admin requests to the list. They will be ignored.
Apple-cdsa mailing list      (email@hidden)
Help/Unsubscribe/Update your Subscription:
http://lists.apple.com/mailman/options/apple-cdsa/email@hidden

This email sent to email@hidden

• Follow-Ups:
  • Re: Checking for certificate revocation
    • From: Perry The Cynic <email@hidden>
  • Re: Checking for certificate revocation
    • From: Doug Mitchell <email@hidden>

• Prev by Date: Re: digital signatures
• Next by Date: Re: digital signatures
• Previous by thread: Re: digital signatures
• Next by thread: Re: Checking for certificate revocation
• Index(es):
  • Date
  • Thread