Openssl - How to check if a certificate is revoked or not

Question

With OpenSSL library, how do I check if the peer certificate is revoked or not. From what I googled:

1. x509 cerfiticate contains set of crl distribution points, ie set of urls
2. download the crl from these urls
3. crl contains serial numbers of certificates that are revoked
4. if the peer certificate serial number is there in the crl list, then it is revoked

What OpenSSL APIs do I use to accomplish this? Also, is this the right way of checking if the certificate is revoked or not?

Answer 1

Unfortunately the CRL verification API in OpenSSL isn't very high-level, so you have code do many operations yourself.

For a brief overview of what is needed:

• Retrieve CRL URL from certificate to validate from CRL Distribution Points extension. OpenSSL provides certificate parsing functions but no simple accessor to CRL distribution points
• Download CRL from URL. OpenSSL doesn't implement this, nor any form of caching.
• Verify CRL (signature, issuer DN, validity period, subject key identifier, etc...). OpenSSL provides the different low-level functions.
• Verify if the serial number of the certificate to check is in the CRL.

Of course this should be done after checking that the certificate itself is "valid" in the sense that it is issued by a trusted (or trustworthy) CA, it has the right usage extensions, and that it (along with its trust chain) is within it's validity period. OpenSSL has some low- and mid-level functions to help with that.

Some additional details that might complicate things for a completely generic implementation:

• Some certificates might use OCSP instead of CRLs.
• Some certificates have LDAP DNs or URLs as distribution points.
• Some CRLs are signed by delegated CRL signer.
• Delta-CRLs or partitioned CRLs might complicate implementation (especially w.r.t. caching).
• etc.

The RFC 5280 describes the complete PKIX validation algorithm. You don't have to implement everything, but it's a good reference to check that you don't forget something important. You should look at the mod_ssl (contained in the Apache httpd server) module for an implementation that checks for CRL locally and implements OCSP checking.

If you know in advance which CAs you trust (from a security point of view it's better), then you could have a cron job downloading and updating the CRLs. This would save you from implementing the part about locating/downloading/caching CRLs inside your program.

Answer 2

Check this thread:

Does OpenSSL automatically handle CRLs (Certificate Revocation Lists) now?

The X509_STORE supports CRL handling. You can extract the CRL from the X509 cert with PEM_read_bio_X509_CRL command wich is not explained in the link.