On Mon, Aug 29, 2011 at 08:32:40PM -0500, Raphael Geissert wrote: > On Monday 29 August 2011 20:19:11 Josh Triplett wrote: > > Does OpenSSL not have any facility for a system-wide revocation list? > > No, I already checked that back when the Comodo hack occurred. > Every application needs to manually load the revocation lists, just like they > need to manually check the trust chain and all the other this-should-all-be- > done-in-just-one-place things.
I understand that they'd have to manually load the lists, but perhaps it would make sense to standardize a location from which they should load them? Does OpenSSL or GnuTLS have any concept of a "revocation store" format, similar to a "certificate store", or would this need some special-purpose custom format? - Josh Triplett -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
