Tools for dealing with Chrome's CRLSets
Switch branches/tags
Nothing to show
Clone or download
Fetching latest commit…
Cannot retrieve the latest commit at this time.
Failed to load latest commit information.
README.markdown Add the ability to dump blocked SPKIs Sep 1, 2016
crlset.go Split |dump| and |dumpSPKIs|. Oct 6, 2016


CRL Set Tools

crlset is a utility program for downloading and dumping the current Chrome CRLSet. It can be built with Go1. See, but don't pass "-u release" when fetching the repository.

One you have Go installed, run:

% go build crlset.go

First you need to download the current CRL set:

% ./crlset fetch > crl-set
Downloading CRLSet version 59

Then you can dump the contents of the CRL set:

% ./crlset dump crl-set

Revocations are grouped by the SHA-256 hash of the issuing certificate's SubjectPublicKeyInfo and listed as serial numbers.

To also show SPKIs that have been blocked:

% ./crlset dumpSPKIs crl-set

You can also list only the serials issued under a given certificate:

% ./crlset dump crl-set my-ca-cert.pem