crlVerification

command module
v0.0.0-...-bc9761b Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Apr 28, 2026 License: MPL-2.0 Imports: 13 Imported by: 0

README

crlVerification

Use Cases

Checks that the revoked certificate’s entry for a given CRL is as expected. That is:

  • It’s there (I.E. there is an entry in the given CRL whose serial matches the given serial),
  • Its revocation date matches that which is given to this tool.
  • Its revocation reason matches that which is given to this tool.

This tool is used by “Verify Revocation” in CCADB.

Deployment

Locally

When running crlVerification locally:

    $ go build .
    $ PORT=8080 ./crlVerification
Using Docker

Alternatively, one may use the provided Dockerfile and Makefile:

    $ make clean build run

Usage

The following is the expected (pseudo-code) JSON input

struct Input {
  "crl": Optional<String>,
  "serial": String(Hex),
  "revocationDate": String(YYYY/MM/DD),
  "revocationReason": Optional<ReasonCode>
}

ReasonCode enum {
  "(0) unspecified"
  "(1) keyCompromise"
  "(2) cACompromise"
  "(3) affiliationChanged"
  "(4) superseded"
  "(5) cessationOfOperation"
  "(6) certificateHold"
  "(8) removeFromCRL"
  "(9) privilegeWithdrawn"
  "(10) aACompromise"
}

An example call is the following cURL invocation. This application serves only one endpoint, so no resource is necessary in the URL.

$ curl -d '{"crl": "http://crl.ws.symantec.com/pca1-g3.crl","serial": "fc788d52d4441678243b9882cb15b4","revocationDate": "2019/05/07"}' http://crlVerification.example.org

The following are a series of example inputs alonside their results.

// PASS case
input = {
  "crl": "http://crl.ws.symantec.com/pca1-g3.crl",
  "serial": "fc788d52d4441678243b9882cb15b4",
  "revocationDate": "2019/05/07"
}

// Note that "Errors" is an array of strings, as multiple errors may be detected.
output = {
  "Errors": [],
  "Result": "PASS"
}

// Wrong date and/or revocation reason. If both are wrong, then both will be provided.
input = {
  "crl": "http://crl.ws.symantec.com/pca1-g3.crl",
  "serial": "fc788d52d4441678243b9882cb15b4",
  "revocationDate": "2019/12/13",
  "revocationReason": "(10) aACompromise"
}

output = {
  "Errors": [
    "Revocation dates did not match. We wanted 2019/12/13, but got 2019/05/07",
    "Revocation reasons did not match. We wanted (10) aACompromise, but got no reason given"
  ],
  "Result": "FAIL"
}

// Missing CRL URL
input = {
  "serial": "fc788d52d4441678243b9882cb15b4",
  "revocationDate": "2019/12/13",
  "revocationReason": "(10) aACompromise"
}

output = 
  "Errors": [
    "No CRL URL was provided"
  ],
  "Result": "FAIL"
}

// Serial number not found in CRL
input = {
  "crl": "http://crl.ws.symantec.com/pca1-g3.crl",
  "serial": "1",
  "revocationDate": "2019/12/13",
  "revocationReason": "(10) aACompromise"
}

output = {
  "Errors": [
    "\"01\" was not found in the given CRL"
  ],
  "Result": "FAIL"
}

Documentation

The Go Gopher

There is no documentation for this package.

Source Files

View all Source files

Directories

Path Synopsis

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.