Verify revoked certificate in CT

219 views
Skip to first unread message

Pranay Raut

unread,
Jul 9, 2020, 8:13:43 AM7/9/20
to certificate-transparency
Hi,

I'm trying to incorporate a CT into one of my Android project.

I'm having trouble verifying Revoked Certificate in CT Log. I tried verifying https://revoked.badssl.com url. but it gives the status code 200.

I had only came across articles which suggests Android doesn't provide status check for revoked certificate.

Any pointers or references will be helpful.

Thanks,
Pranay R.

Ben Laurie

unread,
Jul 9, 2020, 8:28:43 AM7/9/20
to certificate-...@googlegroups.com
200 means "OK". :-)

--
You received this message because you are subscribed to the Google Groups "certificate-transparency" group.
To unsubscribe from this group and stop receiving emails from it, send an email to certificate-transp...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/certificate-transparency/4f21504a-6597-4e59-a587-b68bc39b9515n%40googlegroups.com.

Pranay Raut

unread,
Jul 9, 2020, 8:39:52 AM7/9/20
to certificate-transparency
Hi Ben,

Thanks for prompt response.

However, Doesn't any request with a revoked certificate should fail with ERR_CERT_REVOKED error ?

Kurt Roeckx

unread,
Jul 9, 2020, 8:45:54 AM7/9/20
to certificate-...@googlegroups.com
CT does not deal with certificates being revoked or not. You
need to so something like an OCSP or CRL check to see if it's
still valid.


Kurt

Pranay Raut

unread,
Jul 9, 2020, 8:58:54 AM7/9/20
to certificate-transparency
Understood.
I do have one more query. I'm not sure if that will be relevant for this thread.

Does Android implements OCSP or CRL by default like iOS?
Reply all
Reply to author
Forward
0 new messages