Permalink
Find file
Fetching contributors…
Cannot retrieve contributors at this time
28 lines (15 sloc) 803 Bytes

CRL Set Tools

crlset is a utility program for downloading and dumping the current Chrome CRLSet. It can be built with Go1. See http://golang.org/doc/install.html, but don't pass "-u release" when fetching the repository.

One you have Go installed, run:

% go build crlset.go

First you need to download the current CRL set:

% ./crlset fetch > crl-set
Downloading CRLSet version 59

Then you can dump the contents of the CRL set:

% ./crlset dump crl-set

Revocations are grouped by the SHA-256 hash of the issuing certificate's SubjectPublicKeyInfo and listed as serial numbers.

To also show SPKIs that have been blocked:

% ./crlset dumpSPKIs crl-set

You can also list only the serials issued under a given certificate:

% ./crlset dump crl-set my-ca-cert.pem