On Wed, 2010-06-16 at 18:39 +0200, Léon Keijser wrote: > On Wed, 2010-06-16 at 12:10 -0400, seth vidal wrote: > > The revocation-list functionality looks like it will have to be an > > interesting hack since, at this time, pyopenssl offers no way to setup > > ssl to access a crl. > > > > good times, huh? > > > It looks like it's merged now, but awaiting an official release: > > http://bazaar.launchpad.net/~exarkun/pyopenssl/trunk/revision/129 > > Which is to say: will never happen for the systems we all need to deal with. so I was thinking I would hack around this in the meantime. I might just have a url for the crl, grab it, parse it, and check that the incoming cert's serial is not listed in it. That should, at least, cover the normal use case. -sv _______________________________________________ Func-list mailing list Func-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/func-list