NAME

Crypt::NSS::X509::CRL - NSS CRL

SYNOPSIS

use 5.10.1;
use Perl6::Slurp;

use Crypt::NSS::X509;

my $crl = Crypt::NSS::X509::Certificate->new(slurp('derfile'));
my $cert = Crypt::NSS::X509::Certificate->new_from_der(slurp('derfile'));

my $crlvalid = $crl->verify($cert);   
my @revokedserials = map { $_->serial } $crl->entries;

ABSTRACT

Perl interface for the certificate revocation list parts of the NSS API.

DESCRIPTION

This class gives access to some of the CRL handling functions of NSS. Note that this code is more unstable than the other classes and probably will change.

FUNCTIONS

CONSTRUCTORS

new_from_der ( DERSTRING )

Creates a new NSS::CRL object from the provided der-encoded certificate string.

ACCESSORS & VERIFICATION FUNCTIONS

issuer

Returns the CRL issuer as a string.

version

Returns the CRL version

find_issuer ( [ time ] )

Returns the NSS::Certificate object, where the subject matches the CRL issuer. Certificate has to be in NSS database, otherwise it will not be found.

verify ( cert, [time] )

Check the signature of the CRL against the NSS::Certificate cert. Returns true on success, false otherwise.

entries

Returns the CRL entries as an array of hash-references.

AUTHOR

Bernhard Amann, <bernhard@icsi.berkeley.edu>

COPYRIGHT AND LICENSE

Copyright 2012 by Bernhard Amann

This Library Form is subject to the terms of the Mozilla Public License, v. 2.0. If a copy of the MPL was not distributed with this file, You can obtain one at http://mozilla.org/MPL/2.0/.

The library contains source code of the Mozilla Network Security Services; for NSS license information please see http://www.mozilla.org/projects/security/pki/ nss/.