def is_revoked(self, crl_list):
"""
Given a list of trusted CRL (their signature has already been
verified with trusted anchors), this function returns True if
the certificate is marked as revoked by one of those CRL.
Note that if the Certificate was on hold in a previous CRL and
is now valid again in a new CRL and bot are in the list, it
will be considered revoked: this is because _all_ CRLs are
checked (not only the freshest) and revocation status is not
handled.
Also note that the check on the issuer is performed on the
Authority Key Identifier if available in _both_ the CRL and the
Cert. Otherwise, the issuers are simply compared.
"""
for c in crl_list:
if (self.authorityKeyID is not None and
c.authorityKeyID is not None and
self.authorityKeyID == c.authorityKeyID):
return self.serial in map(lambda x: x[0], c.revoked_cert_serials)
elif (self.issuer == c.issuer):
return self.serial in map(lambda x: x[0], c.revoked_cert_serials)
return False
评论列表
文章目录
