Greetings, I’m currently engaged in a project aiming to implement a certificate revocation function using Certificate Revocation Lists (CRLs). I’m seeking guidance on two key aspects(using mbedtls):
- Initiating an Empty CRL: I’m interested in understanding how to craft an initial CRL that doesn’t contain any entries for revoked certificates.
- Managing CRL Updates: Additionally, I’d appreciate insights into the procedure for updating the CRL to include entries for revoked certificates. This involves learning how to append an entry when a certificate needs to be revoked.
Furthermore, I’m curious about the mechanism for recognizing a revoked certificate. Once a certificate has been revoked and this information is included in the CRL, how can we identify that a specific certificate is indeed revoked? This knowledge is vital to ensure that when the certificate is obtained from the server, it is not mistakenly used.