About revoked certificates

[JuanGarcia1177]

The readme mentions keeping a database of revoked certificates. Would you instead be interested in a pull request that uses crlDistributionPoints CRL and / or authorityInfoAccess OCSP to determine if a certificate is revoked? These are available as an array of X509::Certificate.extensions and as far as I am aware any issued certificate by a CA will include these extensions on their certificates and could be used to validate a certificate by performing CRL / OCSP request at the time of validation. Some CRLs can get large 10MB+ so OCSP should probably be preferred when the certificate provides authorityInfoAccess.

[jarthod]

When I mean database I mean caching the results from the CRL as it's huge. I'm totally interested in a MR adding OCSP (I had a look at https://github.com/r509/r509 but didn't go much further yet) but for CRL as a fallback I'm not sure as it's super ineffective or requires caching which would mean much more complicated side effects and integrations.
If you're interested in adding both, please add them as options:

• CRL disabled by default
• OCSP enabled by default

https://serverfault.com/questions/590504/how-do-i-check-if-my-ssl-certificates-have-been-revoked/732525#732525

https://stackoverflow.com/questions/16244084/how-to-programmatically-check-if-a-certificate-has-been-revoked

[jarthod]

Merged #3 and released 1.3.0